[Pulp-list] MongoDB Users

[Jay Dobies]

On 09/21/2011 02:44 PM, John Matthews wrote:
>
>
> ----- Original Message -----
>> I don't think Pulp currently supports the ability to connect to a
>> mongo
>> database with user credentials.
>>
>> Do we need to support this for Katello? I imagine that anyone looking
>> to
>> deploy Pulp in a production environment wouldn't feel comfortable
>> leaving the mongo database without authentication.
>>
>> We'd need to support it for both the server and pulp-migrate, but I'm
>> pretty sure that stuff is written in a way such that if we change it
>> in
>> one place, it applies to both. We'd also need to document that
>> "pulp-server init" would need the following done before it's run"
>> * mongo running ahead of time
>> * configured with a database called "pulp_database"
>> * the database is configured with user credentials
>> * /etc/pulp/pulp.conf has to be edited to include the database
>> credentials
>>
>> Todd, I'll leave it to you to add to the backlog appropriately based
>> on
>> if it becomes a Katello requirement.
>>
>
>
> Agree this is something we should test.
> I think a basic level of support may be working,
> if the username:password are including in a URI as described here: http://www.mongodb.org/display/DOCS/Connections
>
> The configuration change to pulp would be to update 'seeds' under [database].
> That string is passed into the pymongo connection, so username/password settings should be obeyed.

Interesting. I thought the credentials were separate parameters to the 
PyMongo Connection constructor, but I don't really have a solid basis 
for why I thought that. That also doesn't mean Mongo won't honor the 
credentials in the seeds.

I'll take a few minutes and give this a test. Thanks for the heads up.


-- 
Jay Dobies
RHCE# 805008743336126
Freenode: jdob @ #pulp
http://pulpproject.org | http://blog.pulpproject.org