X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/c0a9b9a3291e14c75711d5849dc5365e2166fccd..2e727c5d2d000faa6f1d9a566dc59568f1b276fe:/lib/boot/postgresql.go

diff --git a/lib/boot/postgresql.go b/lib/boot/postgresql.go
index 34ccf04a88..d105b0b623 100644
--- a/lib/boot/postgresql.go
+++ b/lib/boot/postgresql.go
@@ -36,15 +36,19 @@ func (runPostgreSQL) Run(ctx context.Context, fail func(error), super *Superviso
 		return err
 	}
 
+	if super.ClusterType == "production" {
+		return nil
+	}
+
 	iamroot := false
 	if u, err := user.Current(); err != nil {
-		return fmt.Errorf("user.Current(): %s", err)
+		return fmt.Errorf("user.Current(): %w", err)
 	} else if u.Uid == "0" {
 		iamroot = true
 	}
 
 	buf := bytes.NewBuffer(nil)
-	err = super.RunProgram(ctx, super.tempdir, buf, nil, "pg_config", "--bindir")
+	err = super.RunProgram(ctx, super.tempdir, runOptions{output: buf}, "pg_config", "--bindir")
 	if err != nil {
 		return err
 	}
@@ -56,12 +60,13 @@ func (runPostgreSQL) Run(ctx context.Context, fail func(error), super *Superviso
 		return err
 	}
 	prog, args := filepath.Join(bindir, "initdb"), []string{"-D", datadir, "-E", "utf8"}
+	opts := runOptions{}
 	if iamroot {
 		postgresUser, err := user.Lookup("postgres")
 		if err != nil {
 			return fmt.Errorf("user.Lookup(\"postgres\"): %s", err)
 		}
-		postgresUid, err := strconv.Atoi(postgresUser.Uid)
+		postgresUID, err := strconv.Atoi(postgresUser.Uid)
 		if err != nil {
 			return fmt.Errorf("user.Lookup(\"postgres\"): non-numeric uid?: %q", postgresUser.Uid)
 		}
@@ -77,29 +82,23 @@ func (runPostgreSQL) Run(ctx context.Context, fail func(error), super *Superviso
 		if err != nil {
 			return err
 		}
-		err = os.Chown(datadir, postgresUid, 0)
+		err = os.Chown(datadir, postgresUID, 0)
 		if err != nil {
 			return err
 		}
-		// We can't use "sudo -u" here because it creates an
-		// intermediate process that interferes with our
-		// ability to reliably kill postgres. The setuidgid
-		// program just calls exec without forking, so it
-		// doesn't have this problem.
-		args = append([]string{"postgres", prog}, args...)
-		prog = "setuidgid"
-	}
-	err = super.RunProgram(ctx, super.tempdir, nil, nil, prog, args...)
+		opts.user = "postgres"
+	}
+	err = super.RunProgram(ctx, super.tempdir, opts, prog, args...)
 	if err != nil {
 		return err
 	}
 
-	err = super.RunProgram(ctx, super.tempdir, nil, nil, "cp", "server.crt", "server.key", datadir)
+	err = super.RunProgram(ctx, super.tempdir, runOptions{}, "cp", "server.crt", "server.key", datadir)
 	if err != nil {
 		return err
 	}
 	if iamroot {
-		err = super.RunProgram(ctx, super.tempdir, nil, nil, "chown", "postgres", datadir+"/server.crt", datadir+"/server.key")
+		err = super.RunProgram(ctx, super.tempdir, runOptions{}, "chown", "postgres", datadir+"/server.crt", datadir+"/server.key")
 		if err != nil {
 			return err
 		}
@@ -114,13 +113,14 @@ func (runPostgreSQL) Run(ctx context.Context, fail func(error), super *Superviso
 			"-l",          // enable ssl
 			"-D", datadir, // data dir
 			"-k", datadir, // socket dir
+			"-h", super.cluster.PostgreSQL.Connection["host"],
 			"-p", super.cluster.PostgreSQL.Connection["port"],
 		}
+		opts := runOptions{}
 		if iamroot {
-			args = append([]string{"postgres", prog}, args...)
-			prog = "setuidgid"
+			opts.user = "postgres"
 		}
-		fail(super.RunProgram(ctx, super.tempdir, nil, nil, prog, args...))
+		fail(super.RunProgram(ctx, super.tempdir, opts, prog, args...))
 	}()
 
 	for {