Topic on Project:Support desk

Azure Postgres support

11 comments • 16:33, 13 March 2023 1 year ago

11

Acksyn (talkcontribs)

I've been tasked to migrate a MediaWiki (1.30.0) setup, from a self-hosted Postgres database to some service offered by Azure.

In practice, the main changes from most Postgres services are that:

- we would need to login using an username that includes a domain part (eg: myuser@mypostgresdomain), and have installer working with such database username

- we would need to enable postgres' SSL option, and have installer allow for switching it on

As of right now, I managed to get it working, although my patch isn't PR material, my customer won't leave me more time on that matter/fixed as far as he's concerned, ...

https://gist.github.com/faust64/c5f8e73aefe442d100f229fa4f62c9ae

Still going through How to contribute, although I'm not interested in becoming a contributor, ...

Is there anyone that could take over?

Thanks!

Reply 17:43, 9 August 2018 5 years ago

MarkAHershberger (talkcontribs)

Thanks for the patch! It would be awesome to get you to become a contributor....

Is there a reason to use the envvar PGSSL instead of setting $wgDBssl? That seems like a local modification and not something that should be incorrporated.

Reply 18:54, 9 August 2018 5 years ago

Acksyn (talkcontribs)

AFAIU, the wgDBssl can't be toggled from installer, or I didn't see an option that would allow me to do so. Adding an env vars was a quick way to do it, but definitely not the best.

Reply 06:38, 10 August 2018 5 years ago

MarkAHershberger (talkcontribs)

Hmm... and the manual says

CREATE USER is now an alias for CREATE ROLE. The only difference is that when the command is spelled CREATE USER, LOGIN is assumed by default, whereas NOLOGIN is assumed when the command is spelled CREATE ROLE.

Reply 19:10, 9 August 2018 5 years ago

Acksyn (talkcontribs)

From what I've seen, although Azure provides us with a username formatted such as `username@domain`, postgres roles listing doesn't mention that domain part - looks like it's only used during login.

Reply 06:49, 10 August 2018 5 years ago

MarkAHershberger (talkcontribs)

I'm tried setting up an Azure PostgreSQL account yesterday and didn't get a username with an @. Which PG service did you use?

Reply 14:21, 10 August 2018 5 years ago

Acksyn (talkcontribs)

I have no idea, I'm only given access to virtual machines.

From the trello cards, I can make up they went through forms documented over there: https://docs.microsoft.com/en-us/azure/postgresql/quickstart-create-server-database-portal

The "Connect to PostgreSQL" section does mention a "myadmin@mydemoserver" username.

Note that using psql from a shell, I also need passing sslmode to require (https://docs.microsoft.com/en-us/azure/postgresql/concepts-ssl-connection-security)

Reply Edited 18:59, 12 August 2018 5 years ago

Bawolff (talkcontribs)

Maybe its using something like kerberos?

Reply 19:37, 12 August 2018 5 years ago

Acksyn (talkcontribs)

Unclear, could be. Being Microsoft, AD integration's probably not far away.

.

Reply 07:15, 15 August 2018 5 years ago

Bawolff (talkcontribs)

Cool. Thanks for the patch.

To get it merged into mediawiki we would probably have to:

Drop the environment variable. If it needs to be triggered from installer, installer should add a checkbox
We'd need a link to the docs explaining exactly what the @ sign means to postgres. Given its stripped out in most places, maybe it should be set in a different variable instead of the username or something.

(Also ping User:Anomie as someone familiar with postgres)

Reply 19:00, 11 August 2018 5 years ago

Vid (talkcontribs)

Hello, is there any solution for 2023? We are in a similar situation, where we want to use Postgresq in for Mediawiki in a secure Azure environment. Thanks!

Reply 16:33, 13 March 2023 1 year ago

Reply to "Azure Postgres support"