Rewrite the PostgreSQL authorization instructions in the Server HowTo guide.
Provide two complete examples: the "all-in-one localhost" option, and the "separate postgres over the network" option. This reduces the decision trees and makes it easier to copy and paste the entire pg_hba.conf file. Explain what each mystery setting does and link to the PostgreSQL documentation.
Only set listen_addresses to "*" if we need it, and turn it off if we don't.
Simplify the instructions so that the user only restarts the postgresql daemon once.
Clarify that koji-web does not need DB access, and the hub is the only service that requires direct DB access.
Remove the example of authorizing the apache system user, because that implies that the admin must run a series of complicated GRANT instructions to allow both koji and apache to write to the DB. Just grant the koji user full trust access for simplicity.
Rewrite the PostgreSQL authorization instructions in the Server HowTo guide.
Provide two complete examples: the "all-in-one localhost" option, and the "separate postgres over the network" option. This reduces the decision trees and makes it easier to copy and paste the entire
pg_hba.conf
file. Explain what each mystery setting does and link to the PostgreSQL documentation.Only set listen_addresses to "*" if we need it, and turn it off if we don't.
Simplify the instructions so that the user only restarts the postgresql daemon once.
Clarify that koji-web does not need DB access, and the hub is the only service that requires direct DB access.
Remove the example of authorizing the apache system user, because that implies that the admin must run a series of complicated GRANT instructions to allow both koji and apache to write to the DB. Just grant the koji user full
trust
access for simplicity.