19894: Update documentation re: dispatcher connecting to postgresql.

Arvados-DCO-1.1-Signed-off-by: Tom Clegg <tom@curii.com>

diff --git a/doc/admin/upgrading.html.textile.liquid b/doc/admin/upgrading.html.textile.liquid
index 5b61c41e160b9913912d7f18f4ee0f9f5529d58a..4717cce81d74ef62bea896d13ff29b0d702836cb 100644 (file)
--- a/doc/admin/upgrading.html.textile.liquid
+++ b/doc/admin/upgrading.html.textile.liquid
@@ -36,6 +36,10 @@ h2(#v2_5_0). v2.5.0 (2022-12-22)
 
 "previous: Upgrading to 2.4.4":#v2_4_4
 
+h3. Dispatchers require PostgreSQL database access
+
+All dispatchers (cloud, slurm, and LSF) now connect directly to the PostgreSQL database. Make sure these connections are supported by your network firewall rules, PostgreSQL connection settings, and PostgreSQL server configuration (pg_hba.conf) as shown in the "PostgreSQL install instructions":{{site.baseurl}}/install/install-postgresql.html.
+
 h3. Google or OpenID Connect login restricted to trusted clients
 
 If you use OpenID Connect or Google login, and your cluster serves as the @LoginCluster@ in a federation _or_ your users log in from a web application other than the Workbench1 and Workbench2 @ExternalURL@ addresses in your configuration file, the additional web application URLs (e.g., the other clusters' Workbench addresses) must be listed explicitly in @Login.TrustedClients@, otherwise login will fail. Previously, login would succeed with a less-privileged token.

diff --git a/doc/install/install-postgresql.html.textile.liquid b/doc/install/install-postgresql.html.textile.liquid
index a9614b9be58eba7afb2f9fae5bab6f79458e487d..5bb7e422da0097b8326558656328e73e7028b2a6 100644 (file)
--- a/doc/install/install-postgresql.html.textile.liquid
+++ b/doc/install/install-postgresql.html.textile.liquid
@@ -28,8 +28,10 @@ h3(#centos7). CentOS 7
 ~$ <span class="userinput">scl enable rh-postgresql12 bash</span></pre></notextile>
 # Initialize the database
   <notextile><pre># <span class="userinput">postgresql-setup initdb</span></pre></notextile>
-# Configure the database to accept password connections
+# Configure the database to accept password connections from localhost
   <notextile><pre><code># <span class="userinput">sed -ri -e 's/^(host +all +all +(127\.0\.0\.1\/32|::1\/128) +)ident$/\1md5/' /var/lib/pgsql/data/pg_hba.conf</span></code></pre></notextile>
+# Configure the database to accept password connections from the local network (replace @10.9.8.0/24@ with your private network mask)
+  <notextile><pre><code># <span class="userinput">echo 'host all all 10.9.8.0/24 md5' | tee -a /var/lib/pgsql/data/pg_hba.conf</span></code></pre></notextile>
 # Configure the database to launch at boot and start now
   <notextile><pre># <span class="userinput">systemctl enable --now rh-postgresql12-postgresql</span></pre></notextile>
 
@@ -38,6 +40,8 @@ h3(#debian). Debian or Ubuntu
 Debian 10 (Buster) and Ubuntu 16.04 (Xenial) and later versions include a sufficiently recent version of Postgres.
 
 # Install PostgreSQL
-  <notextile><pre># <span class="userinput">apt-get --no-install-recommends install postgresql postgresql-contrib</span></pre></notextile>
+<notextile><pre># <span class="userinput">apt-get --no-install-recommends install postgresql postgresql-contrib</span></pre></notextile>
+# Configure PostgreSQL to accept password connections from the local network (replace @10.9.8.0/24@ with your private network mask)
+<notextile><pre># <span class="userinput">echo 'host all all 10.9.8.0/24 md5' | tee -a /etc/postgresql/*/main/pg_hba.conf</span></pre></notextile>
 # Configure the database to launch at boot and start now
 <notextile><pre># <span class="userinput">systemctl enable --now postgresql</span></pre></notextile>