Thread: [pgadmin-hackers] Some questions about configuration and the pgadmin4-v1-web package

pgAdmin team, Devrim:

If I install the pgadmin4-v1-web package from Yum, it's a bit unclear on
what actual configuration needs to be done after that. Things I know
need to be done:

* running setup.py
* copying the httpd/conf.d/pgadmin4-web.conf.example file to a .conf file

Things I don't know if they need to be done:

1. creating data and log directories and assigning permissions on them
2. changing the permissions on the sqlite db
3. creating a config_local.py file and setting the five settings in it

Can you clarify?  I'm working on a container, and I'll also be happy to
contribute a doc if you can clarify via email.  Thanks.

--
Josh Berkus
Containers & Databases Oh My!

Hi Josh,

On Thu, 2017-04-20 at 13:50 -0700, Josh Berkus wrote:
> If I install the pgadmin4-v1-web package from Yum, it's a bit unclear on
> what actual configuration needs to be done after that. Things I know
> need to be done:
>
> * running setup.py
> * copying the httpd/conf.d/pgadmin4-web.conf.example file to a .conf file
>
> Things I don't know if they need to be done:
>
> 1. creating data and log directories and assigning permissions on them
> 2. changing the permissions on the sqlite db
> 3. creating a config_local.py file and setting the five settings in it
>
> Can you clarify?  

On RHEL 7 / Fedora 25:

* systemctl enable pgadmin4-v1.service; systemctl start pgadmin4-v1.service
* cp /etc/httpd/conf.d/pgadmin4-v1.conf.sample /etc/httpd/conf.d/pgadmin4-
v1.conf
* systemctl start httpd.service

should be enough, at least this is what I just tested on my Fedora 25 box.

Regards,

--
Devrim Gündüz
EnterpriseDB: http://www.enterprisedb.com
PostgreSQL Danışmanı/Consultant, Red Hat Certified Engineer
Twitter: @DevrimGunduz , @DevrimGunduzTR

On 04/21/2017 01:57 AM, Devrim Gündüz wrote:
>
> Hi Josh,
>
> On Thu, 2017-04-20 at 13:50 -0700, Josh Berkus wrote:
>> If I install the pgadmin4-v1-web package from Yum, it's a bit unclear on
>> what actual configuration needs to be done after that. Things I know
>> need to be done:
>>
>> * running setup.py
>> * copying the httpd/conf.d/pgadmin4-web.conf.example file to a .conf file
>>
>> Things I don't know if they need to be done:
>>
>> 1. creating data and log directories and assigning permissions on them
>> 2. changing the permissions on the sqlite db
>> 3. creating a config_local.py file and setting the five settings in it
>>
>> Can you clarify?
>
> On RHEL 7 / Fedora 25:
>
> * systemctl enable pgadmin4-v1.service; systemctl start pgadmin4-v1.service
> * cp /etc/httpd/conf.d/pgadmin4-v1.conf.sample /etc/httpd/conf.d/pgadmin4-
> v1.conf
> * systemctl start httpd.service
>
> should be enough, at least this is what I just tested on my Fedora 25 box.

OK, Thanks!

Now I just have to decide if I want to ship a systemd container.
Probably not, because that will restrict folks using it.

--
Josh Berkus
Containers & Databases Oh My!

Devrim,

> * cp /etc/httpd/conf.d/pgadmin4-v1.conf.sample /etc/httpd/conf.d/pgadmin4-
> v1.conf

One more question: the sample .conf doesn't have the
threads-and-1-process configuration recommended in the pgadmin docs.  Is
there a reason it doesn't need it?


--
Josh Berkus
Containers & Databases Oh My!

On 04/21/2017 02:14 PM, Josh Berkus wrote:
> On 04/21/2017 01:57 AM, Devrim Gündüz wrote:
>> On RHEL 7 / Fedora 25:
>>
>> * systemctl enable pgadmin4-v1.service; systemctl start pgadmin4-v1.service
>> * cp /etc/httpd/conf.d/pgadmin4-v1.conf.sample /etc/httpd/conf.d/pgadmin4-
>> v1.conf
>> * systemctl start httpd.service
>>
>> should be enough, at least this is what I just tested on my Fedora 25 box.
>
> So I just tried this, and it doesn't do any of the setup.
>
> There's no config_local, and as far as I can tell the database isn't
> created.  It's hard to know for sure, though, because without a
> config_local I'm not sure where it would be located.
>
> Error: [Fri Apr 21 21:02:32.080337 2017] [wsgi:error] [pid 26] [remote
> 76.115.138.49:35628] FileNotFoundError: [Errno 2] No such file or
> directory: '/usr/share/httpd/.pgadmin/pgadmin4.log'
>
> ... certainly there is no /usr/share/httpd/.pgadmin directory
>

Aha, here's the problem.  Setup is getting run as root, not as the user
httpd.  This means it's dropping .pgadmin into /root/, which the web
server can't access; it's "home" directory is /usr/share/httpd.
However, that directory isn't writable by the apache user, either.

There isn't an easy fix for this; on a default Fedora or CentOS system,
the only directory the apache user has read/write to is /tmp, as far as
I know.

Ideas?

--
Josh Berkus
Containers & Databases Oh My!

On 04/24/2017 01:23 AM, Dave Page wrote:
>     There isn't an easy fix for this; on a default Fedora or CentOS system,
>     the only directory the apache user has read/write to is /tmp, as far as
>     I know.
>
>     Ideas?
>
>
> This is covered in the docs:
> https://www.pgadmin.org/docs4/1.x/server_deployment.html
>
> Create a directory, setup the config to use it as required, then chown
> the database after running setup (which is probably easier than trying
> to run it as the apache user directly).
>

I know how to fix my personal install (and container image).  But I want
to fix the RPM package so that it's fixed for most users.  Right now,
install from RPM is kind of broken.

Here's the changes that need to happen on the RPM:

1. Remove the QT dependencies for pgadmin4-v1-web

2. Have the RPM create /usr/share/httpd/.pgadmin, owned by apache user.
   (is this the best location?  If not, what is?)

3. Fix the systemd unit file so that the pgadmin4 unit is owned by apache.

4. (optional) set up files according to FDL standards, putting configs
for pgadmin4 in /etc/pgadmin and the db in /var/run/pgadmin (or similar).

Devrim, where is the source for this rpm build?

--
Josh Berkus
Containers & Databases Oh My!

On 04/25/2017 08:24 AM, Josh Berkus wrote:
> On 04/24/2017 01:23 AM, Dave Page wrote:
>>     There isn't an easy fix for this; on a default Fedora or CentOS system,
>>     the only directory the apache user has read/write to is /tmp, as far as
>>     I know.
>>
>>     Ideas?
>>
>>
>> This is covered in the docs:
>> https://www.pgadmin.org/docs4/1.x/server_deployment.html
>>
>> Create a directory, setup the config to use it as required, then chown
>> the database after running setup (which is probably easier than trying
>> to run it as the apache user directly).
>>
>
> I know how to fix my personal install (and container image).  But I want
> to fix the RPM package so that it's fixed for most users.  Right now,
> install from RPM is kind of broken.
>
> Here's the changes that need to happen on the RPM:
>
> 1. Remove the QT dependencies for pgadmin4-v1-web
>
> 2. Have the RPM create /usr/share/httpd/.pgadmin, owned by apache user.
>    (is this the best location?  If not, what is?)
>
> 3. Fix the systemd unit file so that the pgadmin4 unit is owned by apache.
>
> 4. (optional) set up files according to FDL standards, putting configs
> for pgadmin4 in /etc/pgadmin and the db in /var/run/pgadmin (or similar).
>
> Devrim, where is the source for this rpm build?
>

Devrim?

--
Josh Berkus
Containers & Databases Oh My!

Hi Josh,

Sorry for the late response, I have 10K unread emails as of now:

On Tue, 2017-04-25 at 08:24 -0700, Josh Berkus wrote:

> I know how to fix my personal install (and container image).  But I want
> to fix the RPM package so that it's fixed for most users.  Right now,
> install from RPM is kind of broken.
>
> Here's the changes that need to happen on the RPM:
>
> 1. Remove the QT dependencies for pgadmin4-v1-web

Why? I thought we need them to run pgadmin4?

> 2. Have the RPM create /usr/share/httpd/.pgadmin, owned by apache user.
>    (is this the best location?  If not, what is?)

Good question. I think that location is good.


> 3. Fix the systemd unit file so that the pgadmin4 unit is owned by apache.

Why? I did not read all the emails in this thread (yet), but all of the unit
files are owned by root, and I see no exception on my system.

> 4. (optional) set up files according to FDL standards, putting configs
> for pgadmin4 in /etc/pgadmin and the db in /var/run/pgadmin (or similar).

Red Hat does not care about that that much, does it? Especially for /etc part.

> Devrim, where is the source for this rpm build?

https://yum.postgresql.org/srpms/testing/10/redhat/rhel-7-x86_64/repoview/pgadmin4-v1.html

Regards,
--
Devrim Gündüz
EnterpriseDB: http://www.enterprisedb.com
PostgreSQL Danışmanı/Consultant, Red Hat Certified Engineer
Twitter: @DevrimGunduz , @DevrimGunduzTR

On 05/08/2017 03:57 AM, Devrim Gündüz wrote:
>
> Hi Josh,
>
> Sorry for the late response, I have 10K unread emails as of now:
>
> On Tue, 2017-04-25 at 08:24 -0700, Josh Berkus wrote:
>
>> I know how to fix my personal install (and container image).  But I want
>> to fix the RPM package so that it's fixed for most users.  Right now,
>> install from RPM is kind of broken.
>>
>> Here's the changes that need to happen on the RPM:
>>
>> 1. Remove the QT dependencies for pgadmin4-v1-web
>
> Why? I thought we need them to run pgadmin4?

Not for pgadmin-web, see upthread.  Just for the desktop version.

And pulling in QT on RH/Fedora means pulling in all of Xorg, some 200MB
of additional packages.

>> 2. Have the RPM create /usr/share/httpd/.pgadmin, owned by apache user.
>>    (is this the best location?  If not, what is?)
>
> Good question. I think that location is good.

Going to go back on this, because I looked at Freedesktop standards.  It
should go in /var/lib/pgadmin or /var/run/pgadmin. This will mean
creating a config_local.py file to support this.

>> 3. Fix the systemd unit file so that the pgadmin4 unit is owned by apache.
>
> Why? I did not read all the emails in this thread (yet), but all of the unit
> files are owned by root, and I see no exception on my system.

Not the file itself, the *process*.  Right how you have the process
starting as root, which means that the permissions on the pgadmin
database are set wrong.

>> 4. (optional) set up files according to FDL standards, putting configs
>> for pgadmin4 in /etc/pgadmin and the db in /var/run/pgadmin (or similar).
>
> Red Hat does not care about that that much, does it? Especially for /etc part.

True about the /etc/ part.  However, I can tell you that RH is pushing
security standards where nothing can write to /usr/ or /opt/ at runtime,
so I don't want to put the db in either of those master directories.

>
>> Devrim, where is the source for this rpm build?
>
> https://yum.postgresql.org/srpms/testing/10/redhat/rhel-7-x86_64/repoview/pgadmin4-v1.html

No, I mean the rpm template files, not the source of the software.


--
Josh Berkus
Containers & Databases Oh My!

Hi,

On Mon, 2017-05-08 at 10:20 -0700, Josh Berkus wrote:
> >
> > > Devrim, where is the source for this rpm build?
> >
> > https://yum.postgresql.org/srpms/testing/10/redhat/rhel-7-x86_64/repoview/p
> > gadmin4-v1.html
>
> No, I mean the rpm template files, not the source of the software.

They are in git repo:


https://git.postgresql.org/gitweb/?p=pgrpms.git;a=tree;f=rpm/redhat/10/pgadmin4-v1/F-25;h=38dd5c1ad761688b3e8c9602fb1b2b48ccbda983;hb=HEAD

Regards,
--
Devrim Gündüz
EnterpriseDB: http://www.enterprisedb.com
PostgreSQL Danışmanı/Consultant, Red Hat Certified Engineer
Twitter: @DevrimGunduz , @DevrimGunduzTR

On 05/10/2017 02:32 AM, Devrim Gündüz wrote:
>
> Hi,
>
> On Mon, 2017-05-08 at 10:20 -0700, Josh Berkus wrote:
>>>
>>>> Devrim, where is the source for this rpm build?
>>>
>>> https://yum.postgresql.org/srpms/testing/10/redhat/rhel-7-x86_64/repoview/p
>>> gadmin4-v1.html
>>
>> No, I mean the rpm template files, not the source of the software.
>
> They are in git repo:
>
>
https://git.postgresql.org/gitweb/?p=pgrpms.git;a=tree;f=rpm/redhat/10/pgadmin4-v1/F-25;h=38dd5c1ad761688b3e8c9602fb1b2b48ccbda983;hb=HEAD
>
> Regards,
>

Why am I not seeing a pgadmin-v1-web package here?  There is one in the
Yum repo.

--
Josh Berkus
Containers & Databases Oh My!

On 05/10/2017 09:39 AM, Josh Berkus wrote:
> On 05/10/2017 02:32 AM, Devrim Gündüz wrote:
>>
>> Hi,
>>
>> On Mon, 2017-05-08 at 10:20 -0700, Josh Berkus wrote:
>>>>
>>>>> Devrim, where is the source for this rpm build?
>>>>
>>>> https://yum.postgresql.org/srpms/testing/10/redhat/rhel-7-x86_64/repoview/p
>>>> gadmin4-v1.html
>>>
>>> No, I mean the rpm template files, not the source of the software.
>>
>> They are in git repo:
>>
>>
https://git.postgresql.org/gitweb/?p=pgrpms.git;a=tree;f=rpm/redhat/10/pgadmin4-v1/F-25;h=38dd5c1ad761688b3e8c9602fb1b2b48ccbda983;hb=HEAD
>>
>> Regards,
>>
>
> Why am I not seeing a pgadmin-v1-web package here?  There is one in the
> Yum repo.
>

Oh, I see.  -web is defined as a variant package with additional
requirements.

So to make this work, pgadmin-v1-web needs to be a completely separate
package, no?

--
Josh Berkus
Containers & Databases Oh My!

Hi,

On Wed, 2017-05-10 at 10:02 -0700, Josh Berkus wrote:
> So to make this work, pgadmin-v1-web needs to be a completely separate
> package, no?

I don't think so, we can define Requires: part separately.

Give me some time please, let me push today's releases out first, then next
week I can work on this while pushing 1.5 RPMs.

Can you please do me a favor, and create a ticket?

https://redmine.postgresql.org/projects/pgrpms/issues/new

You will be asked for your community user/pass.

Thanks!

Regards,
--
Devrim Gündüz
EnterpriseDB: http://www.enterprisedb.com
PostgreSQL Danışmanı/Consultant, Red Hat Certified Engineer
Twitter: @DevrimGunduz , @DevrimGunduzTR

On 05/11/2017 12:54 AM, Devrim Gündüz wrote:
>
> Hi,
>
> On Wed, 2017-05-10 at 10:02 -0700, Josh Berkus wrote:
>> So to make this work, pgadmin-v1-web needs to be a completely separate
>> package, no?
>
> I don't think so, we can define Requires: part separately.
>
> Give me some time please, let me push today's releases out first, then next
> week I can work on this while pushing 1.5 RPMs.
>
> Can you please do me a favor, and create a ticket?

Created two tickets, actually.  Sorry about the delay, May was
conference-heavy.


--
Josh Berkus
Containers & Databases Oh My!