From b9071de245be5876d08be5a29ca7d20c7ef4b415 Mon Sep 17 00:00:00 2001 From: akartasov Date: Sat, 15 Jul 2023 06:17:41 -0300 Subject: [PATCH 1/4] feat: add an option to configure host restriction to access to clones (#528) --- engine/configs/config.example.logical_generic.yml | 5 +++++ engine/configs/config.example.logical_rds_iam.yml | 5 +++++ .../configs/config.example.physical_generic.yml | 5 +++++ .../config.example.physical_pgbackrest.yml | 5 +++++ engine/configs/config.example.physical_walg.yml | 5 +++++ engine/internal/provision/docker/docker.go | 2 +- engine/internal/provision/mode_local.go | 2 ++ engine/internal/provision/resources/appconfig.go | 15 ++++++++------- 8 files changed, 36 insertions(+), 8 deletions(-) diff --git a/engine/configs/config.example.logical_generic.yml b/engine/configs/config.example.logical_generic.yml index d4d9006dd..13d682ee3 100644 --- a/engine/configs/config.example.logical_generic.yml +++ b/engine/configs/config.example.logical_generic.yml @@ -143,6 +143,11 @@ provision: # existing users to log in with old passwords. keepUserPasswords: false + # Host or IP address, from which clone containers accepts HTTP connections. + # By default, using a loop-back to accept only local connections. + # The empty string means "all available addresses". + provisioningHost: "127.0.0.1" + # Data retrieval flow. This section defines both initial retrieval, and rules # to keep the data directory in a synchronized state with the source. Both are optional: # you may already have the data directory, so neither initial retrieval nor diff --git a/engine/configs/config.example.logical_rds_iam.yml b/engine/configs/config.example.logical_rds_iam.yml index ba327e0b7..b33146dfb 100644 --- a/engine/configs/config.example.logical_rds_iam.yml +++ b/engine/configs/config.example.logical_rds_iam.yml @@ -142,6 +142,11 @@ provision: # existing users to log in with old passwords. keepUserPasswords: false + # Host or IP address, from which clone containers accepts HTTP connections. + # By default, using a loop-back to accept only local connections. + # The empty string means "all available addresses". + provisioningHost: "127.0.0.1" + # Data retrieval flow. This section defines both initial retrieval, and rules # to keep the data directory in a synchronized state with the source. Both are optional: # you may already have the data directory, so neither initial retrieval nor diff --git a/engine/configs/config.example.physical_generic.yml b/engine/configs/config.example.physical_generic.yml index 0919763d7..3683bcfcd 100644 --- a/engine/configs/config.example.physical_generic.yml +++ b/engine/configs/config.example.physical_generic.yml @@ -140,6 +140,11 @@ provision: # existing users to log in with old passwords. keepUserPasswords: false + # Host or IP address, from which clone containers accepts HTTP connections. + # By default, using a loop-back to accept only local connections. + # The empty string means "all available addresses". + provisioningHost: "127.0.0.1" + # Data retrieval flow. This section defines both initial retrieval, and rules # to keep the data directory in a synchronized state with the source. Both are optional: # you may already have the data directory, so neither initial retrieval nor diff --git a/engine/configs/config.example.physical_pgbackrest.yml b/engine/configs/config.example.physical_pgbackrest.yml index 56fe86597..f8916e0b9 100644 --- a/engine/configs/config.example.physical_pgbackrest.yml +++ b/engine/configs/config.example.physical_pgbackrest.yml @@ -140,6 +140,11 @@ provision: # existing users to log in with old passwords. keepUserPasswords: false + # Host or IP address, from which clone containers accepts HTTP connections. + # By default, using a loop-back to accept only local connections. + # The empty string means "all available addresses". + provisioningHost: "127.0.0.1" + # Data retrieval flow. This section defines both initial retrieval, and rules # to keep the data directory in a synchronized state with the source. Both are optional: # you may already have the data directory, so neither initial retrieval nor diff --git a/engine/configs/config.example.physical_walg.yml b/engine/configs/config.example.physical_walg.yml index df3983755..d5ef0639a 100644 --- a/engine/configs/config.example.physical_walg.yml +++ b/engine/configs/config.example.physical_walg.yml @@ -140,6 +140,11 @@ provision: # existing users to log in with old passwords. keepUserPasswords: false + # Host or IP address, from which clone containers accepts HTTP connections. + # By default, using a loop-back to accept only local connections. + # The empty string means "all available addresses". + provisioningHost: "127.0.0.1" + # Data retrieval flow. This section defines both initial retrieval, and rules # to keep the data directory in a synchronized state with the source. Both are optional: # you may already have the data directory, so neither initial retrieval nor diff --git a/engine/internal/provision/docker/docker.go b/engine/internal/provision/docker/docker.go index b78b15d1c..e81350a88 100644 --- a/engine/internal/provision/docker/docker.go +++ b/engine/internal/provision/docker/docker.go @@ -78,7 +78,7 @@ func RunContainer(r runners.Runner, c *resources.AppConfig) error { "docker run", "--name", c.CloneName, "--detach", - "--publish", fmt.Sprintf("%[1]s:%[1]s", instancePort), + "--publish", fmt.Sprintf("%[1]s:%[2]s:%[2]s", c.ProvisionHost, instancePort), "--env", "PGDATA=" + c.DataDir(), "--env", "PG_UNIX_SOCKET_DIR=" + unixSocketCloneDir, "--env", "PG_SERVER_PORT=" + instancePort, diff --git a/engine/internal/provision/mode_local.go b/engine/internal/provision/mode_local.go index 9ee85c146..83293b9f2 100644 --- a/engine/internal/provision/mode_local.go +++ b/engine/internal/provision/mode_local.go @@ -56,6 +56,7 @@ type Config struct { UseSudo bool `yaml:"useSudo"` KeepUserPasswords bool `yaml:"keepUserPasswords"` ContainerConfig map[string]string `yaml:"containerConfig"` + ProvisioningHost string `yaml:"provisioningHost"` } // Provisioner describes a struct for ports and clones management. @@ -606,6 +607,7 @@ func (p *Provisioner) getAppConfig(pool *resources.Pool, name string, port uint) Pool: pool, ContainerConf: p.config.ContainerConfig, NetworkID: p.networkID, + ProvisionHost: p.config.ProvisioningHost, } return appConfig diff --git a/engine/internal/provision/resources/appconfig.go b/engine/internal/provision/resources/appconfig.go index 864ee4ca3..7c0e282c6 100644 --- a/engine/internal/provision/resources/appconfig.go +++ b/engine/internal/provision/resources/appconfig.go @@ -10,13 +10,14 @@ import ( // AppConfig currently stores Postgres configuration (other application in the future too). type AppConfig struct { - CloneName string - DockerImage string - Pool *Pool - Host string - Port uint - DB *DB - NetworkID string + CloneName string + DockerImage string + Pool *Pool + Host string + Port uint + DB *DB + NetworkID string + ProvisionHost string ContainerConf map[string]string pgExtraConf map[string]string -- GitLab From c808a22a35249b5fca70866fa8955181f5bcad5e Mon Sep 17 00:00:00 2001 From: akartasov Date: Tue, 18 Jul 2023 00:22:13 -0300 Subject: [PATCH 2/4] rename config fields --- engine/configs/config.example.logical_generic.yml | 4 ++-- engine/configs/config.example.logical_rds_iam.yml | 4 ++-- engine/configs/config.example.physical_generic.yml | 4 ++-- .../configs/config.example.physical_pgbackrest.yml | 4 ++-- engine/configs/config.example.physical_walg.yml | 4 ++-- engine/internal/provision/mode_local.go | 14 +++++++------- 6 files changed, 17 insertions(+), 17 deletions(-) diff --git a/engine/configs/config.example.logical_generic.yml b/engine/configs/config.example.logical_generic.yml index 13d682ee3..ee3499dc3 100644 --- a/engine/configs/config.example.logical_generic.yml +++ b/engine/configs/config.example.logical_generic.yml @@ -143,10 +143,10 @@ provision: # existing users to log in with old passwords. keepUserPasswords: false - # Host or IP address, from which clone containers accepts HTTP connections. + # IP address, from which clone containers accepts connections. # By default, using a loop-back to accept only local connections. # The empty string means "all available addresses". - provisioningHost: "127.0.0.1" + addressesToPublishPorts: "127.0.0.1" # Data retrieval flow. This section defines both initial retrieval, and rules # to keep the data directory in a synchronized state with the source. Both are optional: diff --git a/engine/configs/config.example.logical_rds_iam.yml b/engine/configs/config.example.logical_rds_iam.yml index b33146dfb..49db5d017 100644 --- a/engine/configs/config.example.logical_rds_iam.yml +++ b/engine/configs/config.example.logical_rds_iam.yml @@ -142,10 +142,10 @@ provision: # existing users to log in with old passwords. keepUserPasswords: false - # Host or IP address, from which clone containers accepts HTTP connections. + # IP address, from which clone containers accepts connections. # By default, using a loop-back to accept only local connections. # The empty string means "all available addresses". - provisioningHost: "127.0.0.1" + addressesToPublishPorts: "127.0.0.1" # Data retrieval flow. This section defines both initial retrieval, and rules # to keep the data directory in a synchronized state with the source. Both are optional: diff --git a/engine/configs/config.example.physical_generic.yml b/engine/configs/config.example.physical_generic.yml index 3683bcfcd..d803a7e9a 100644 --- a/engine/configs/config.example.physical_generic.yml +++ b/engine/configs/config.example.physical_generic.yml @@ -140,10 +140,10 @@ provision: # existing users to log in with old passwords. keepUserPasswords: false - # Host or IP address, from which clone containers accepts HTTP connections. + # IP address, from which clone containers accepts connections. # By default, using a loop-back to accept only local connections. # The empty string means "all available addresses". - provisioningHost: "127.0.0.1" + addressesToPublishPorts: "127.0.0.1" # Data retrieval flow. This section defines both initial retrieval, and rules # to keep the data directory in a synchronized state with the source. Both are optional: diff --git a/engine/configs/config.example.physical_pgbackrest.yml b/engine/configs/config.example.physical_pgbackrest.yml index f8916e0b9..ee2d8c977 100644 --- a/engine/configs/config.example.physical_pgbackrest.yml +++ b/engine/configs/config.example.physical_pgbackrest.yml @@ -140,10 +140,10 @@ provision: # existing users to log in with old passwords. keepUserPasswords: false - # Host or IP address, from which clone containers accepts HTTP connections. + # IP address, from which clone containers accepts connections. # By default, using a loop-back to accept only local connections. # The empty string means "all available addresses". - provisioningHost: "127.0.0.1" + addressesToPublishPorts: "127.0.0.1" # Data retrieval flow. This section defines both initial retrieval, and rules # to keep the data directory in a synchronized state with the source. Both are optional: diff --git a/engine/configs/config.example.physical_walg.yml b/engine/configs/config.example.physical_walg.yml index d5ef0639a..c2b341d4f 100644 --- a/engine/configs/config.example.physical_walg.yml +++ b/engine/configs/config.example.physical_walg.yml @@ -140,10 +140,10 @@ provision: # existing users to log in with old passwords. keepUserPasswords: false - # Host or IP address, from which clone containers accepts HTTP connections. + # IP address, from which clone containers accepts connections. # By default, using a loop-back to accept only local connections. # The empty string means "all available addresses". - provisioningHost: "127.0.0.1" + addressesToPublishPorts: "127.0.0.1" # Data retrieval flow. This section defines both initial retrieval, and rules # to keep the data directory in a synchronized state with the source. Both are optional: diff --git a/engine/internal/provision/mode_local.go b/engine/internal/provision/mode_local.go index 83293b9f2..6115ecf7d 100644 --- a/engine/internal/provision/mode_local.go +++ b/engine/internal/provision/mode_local.go @@ -51,12 +51,12 @@ type PortPool struct { // Config defines configuration for provisioning. type Config struct { - PortPool PortPool `yaml:"portPool"` - DockerImage string `yaml:"dockerImage"` - UseSudo bool `yaml:"useSudo"` - KeepUserPasswords bool `yaml:"keepUserPasswords"` - ContainerConfig map[string]string `yaml:"containerConfig"` - ProvisioningHost string `yaml:"provisioningHost"` + PortPool PortPool `yaml:"portPool"` + DockerImage string `yaml:"dockerImage"` + UseSudo bool `yaml:"useSudo"` + KeepUserPasswords bool `yaml:"keepUserPasswords"` + ContainerConfig map[string]string `yaml:"containerConfig"` + AddressesToPublishPorts string `yaml:"addressesToPublishPorts"` } // Provisioner describes a struct for ports and clones management. @@ -607,7 +607,7 @@ func (p *Provisioner) getAppConfig(pool *resources.Pool, name string, port uint) Pool: pool, ContainerConf: p.config.ContainerConfig, NetworkID: p.networkID, - ProvisionHost: p.config.ProvisioningHost, + ProvisionHost: p.config.AddressesToPublishPorts, } return appConfig -- GitLab From 7258101b710b8e832c4fa6e1e36fdf257c53b1d4 Mon Sep 17 00:00:00 2001 From: akartasov Date: Fri, 21 Jul 2023 09:28:35 +0700 Subject: [PATCH 3/4] support multiple IPs, rename the configuration option --- .../config.example.logical_generic.yml | 5 ++-- .../config.example.logical_rds_iam.yml | 5 ++-- .../config.example.physical_generic.yml | 5 ++-- .../config.example.physical_pgbackrest.yml | 5 ++-- .../configs/config.example.physical_walg.yml | 5 ++-- engine/internal/provision/docker/docker.go | 16 +++++++++- .../internal/provision/docker/docker_test.go | 17 +++++++++++ engine/internal/provision/mode_local.go | 30 +++++++++---------- .../internal/provision/resources/appconfig.go | 16 +++++----- 9 files changed, 70 insertions(+), 34 deletions(-) diff --git a/engine/configs/config.example.logical_generic.yml b/engine/configs/config.example.logical_generic.yml index ee3499dc3..fa391a73c 100644 --- a/engine/configs/config.example.logical_generic.yml +++ b/engine/configs/config.example.logical_generic.yml @@ -143,10 +143,11 @@ provision: # existing users to log in with old passwords. keepUserPasswords: false - # IP address, from which clone containers accepts connections. + # IP addresses, from which clone containers accepts connections. # By default, using a loop-back to accept only local connections. # The empty string means "all available addresses". - addressesToPublishPorts: "127.0.0.1" + # The option supports multiple IPs (using comma-separated format) and IPv6 addresses (for example, [::1]) + cloneAccessAddresses: "127.0.0.1" # Data retrieval flow. This section defines both initial retrieval, and rules # to keep the data directory in a synchronized state with the source. Both are optional: diff --git a/engine/configs/config.example.logical_rds_iam.yml b/engine/configs/config.example.logical_rds_iam.yml index 49db5d017..aadadb0d4 100644 --- a/engine/configs/config.example.logical_rds_iam.yml +++ b/engine/configs/config.example.logical_rds_iam.yml @@ -142,10 +142,11 @@ provision: # existing users to log in with old passwords. keepUserPasswords: false - # IP address, from which clone containers accepts connections. + # IP addresses, from which clone containers accepts connections. # By default, using a loop-back to accept only local connections. # The empty string means "all available addresses". - addressesToPublishPorts: "127.0.0.1" + # The option supports multiple IPs (using comma-separated format) and IPv6 addresses (for example, [::1]) + cloneAccessAddresses: "127.0.0.1" # Data retrieval flow. This section defines both initial retrieval, and rules # to keep the data directory in a synchronized state with the source. Both are optional: diff --git a/engine/configs/config.example.physical_generic.yml b/engine/configs/config.example.physical_generic.yml index d803a7e9a..656d7bdde 100644 --- a/engine/configs/config.example.physical_generic.yml +++ b/engine/configs/config.example.physical_generic.yml @@ -140,10 +140,11 @@ provision: # existing users to log in with old passwords. keepUserPasswords: false - # IP address, from which clone containers accepts connections. + # IP addresses, from which clone containers accepts connections. # By default, using a loop-back to accept only local connections. # The empty string means "all available addresses". - addressesToPublishPorts: "127.0.0.1" + # The option supports multiple IPs (using comma-separated format) and IPv6 addresses (for example, [::1]) + cloneAccessAddresses: "127.0.0.1" # Data retrieval flow. This section defines both initial retrieval, and rules # to keep the data directory in a synchronized state with the source. Both are optional: diff --git a/engine/configs/config.example.physical_pgbackrest.yml b/engine/configs/config.example.physical_pgbackrest.yml index ee2d8c977..506acd52c 100644 --- a/engine/configs/config.example.physical_pgbackrest.yml +++ b/engine/configs/config.example.physical_pgbackrest.yml @@ -140,10 +140,11 @@ provision: # existing users to log in with old passwords. keepUserPasswords: false - # IP address, from which clone containers accepts connections. + # IP addresses, from which clone containers accepts connections. # By default, using a loop-back to accept only local connections. # The empty string means "all available addresses". - addressesToPublishPorts: "127.0.0.1" + # The option supports multiple IPs (using comma-separated format) and IPv6 addresses (for example, [::1]) + cloneAccessAddresses: "127.0.0.1" # Data retrieval flow. This section defines both initial retrieval, and rules # to keep the data directory in a synchronized state with the source. Both are optional: diff --git a/engine/configs/config.example.physical_walg.yml b/engine/configs/config.example.physical_walg.yml index c2b341d4f..6b1c59953 100644 --- a/engine/configs/config.example.physical_walg.yml +++ b/engine/configs/config.example.physical_walg.yml @@ -140,10 +140,11 @@ provision: # existing users to log in with old passwords. keepUserPasswords: false - # IP address, from which clone containers accepts connections. + # IP addresses, from which clone containers accepts connections. # By default, using a loop-back to accept only local connections. # The empty string means "all available addresses". - addressesToPublishPorts: "127.0.0.1" + # The option supports multiple IPs (using comma-separated format) and IPv6 addresses (for example, [::1]) + cloneAccessAddresses: "127.0.0.1" # Data retrieval flow. This section defines both initial retrieval, and rules # to keep the data directory in a synchronized state with the source. Both are optional: diff --git a/engine/internal/provision/docker/docker.go b/engine/internal/provision/docker/docker.go index e81350a88..d1cc45858 100644 --- a/engine/internal/provision/docker/docker.go +++ b/engine/internal/provision/docker/docker.go @@ -78,7 +78,7 @@ func RunContainer(r runners.Runner, c *resources.AppConfig) error { "docker run", "--name", c.CloneName, "--detach", - "--publish", fmt.Sprintf("%[1]s:%[2]s:%[2]s", c.ProvisionHost, instancePort), + publishPorts(c.ProvisionHosts, instancePort), "--env", "PGDATA=" + c.DataDir(), "--env", "PG_UNIX_SOCKET_DIR=" + unixSocketCloneDir, "--env", "PG_SERVER_PORT=" + instancePort, @@ -101,6 +101,20 @@ func RunContainer(r runners.Runner, c *resources.AppConfig) error { return nil } +func publishPorts(provisionHosts string, instancePort string) string { + if provisionHosts == "" { + return fmt.Sprintf("--publish %[1]s:%[1]s", instancePort) + } + + pub := []string{} + + for _, s := range strings.Split(provisionHosts, ",") { + pub = append(pub, "--publish", fmt.Sprintf("%[1]s:%[2]s:%[2]s", s, instancePort)) + } + + return strings.Join(pub, " ") +} + func createDefaultVolumes(c *resources.AppConfig) (string, []string) { unixSocketCloneDir := c.Pool.SocketCloneDir(c.CloneName) diff --git a/engine/internal/provision/docker/docker_test.go b/engine/internal/provision/docker/docker_test.go index b6f90ef94..ef7287e59 100644 --- a/engine/internal/provision/docker/docker_test.go +++ b/engine/internal/provision/docker/docker_test.go @@ -94,3 +94,20 @@ func TestDefaultVolumes(t *testing.T) { "--volume /tmp/test/default:/tmp/test/default", "--volume /tmp/test/default/socket:/tmp/test/default/socket"}, volumes) } + +func TestPublishPorts(t *testing.T) { + testCases := []struct { + provisionHosts string + instancePort string + expectedResult string + }{ + {provisionHosts: "", instancePort: "6000", expectedResult: "--publish 6000:6000"}, + {provisionHosts: "127.0.0.1", instancePort: "6000", expectedResult: "--publish 127.0.0.1:6000:6000"}, + {provisionHosts: "127.0.0.1,172.0.0.1", instancePort: "6000", expectedResult: "--publish 127.0.0.1:6000:6000 --publish 172.0.0.1:6000:6000"}, + {provisionHosts: "[::1]", instancePort: "6000", expectedResult: "--publish [::1]:6000:6000"}, + } + + for _, tc := range testCases { + assert.Equal(t, publishPorts(tc.provisionHosts, tc.instancePort), tc.expectedResult) + } +} diff --git a/engine/internal/provision/mode_local.go b/engine/internal/provision/mode_local.go index 6115ecf7d..8bb36c347 100644 --- a/engine/internal/provision/mode_local.go +++ b/engine/internal/provision/mode_local.go @@ -51,12 +51,12 @@ type PortPool struct { // Config defines configuration for provisioning. type Config struct { - PortPool PortPool `yaml:"portPool"` - DockerImage string `yaml:"dockerImage"` - UseSudo bool `yaml:"useSudo"` - KeepUserPasswords bool `yaml:"keepUserPasswords"` - ContainerConfig map[string]string `yaml:"containerConfig"` - AddressesToPublishPorts string `yaml:"addressesToPublishPorts"` + PortPool PortPool `yaml:"portPool"` + DockerImage string `yaml:"dockerImage"` + UseSudo bool `yaml:"useSudo"` + KeepUserPasswords bool `yaml:"keepUserPasswords"` + ContainerConfig map[string]string `yaml:"containerConfig"` + CloneAccessAddresses string `yaml:"cloneAccessAddresses"` } // Provisioner describes a struct for ports and clones management. @@ -599,15 +599,15 @@ func (p *Provisioner) stopPoolSessions(fsm pool.FSManager, exceptClones map[stri func (p *Provisioner) getAppConfig(pool *resources.Pool, name string, port uint) *resources.AppConfig { appConfig := &resources.AppConfig{ - CloneName: name, - DockerImage: p.config.DockerImage, - Host: pool.SocketCloneDir(name), - Port: port, - DB: p.dbCfg, - Pool: pool, - ContainerConf: p.config.ContainerConfig, - NetworkID: p.networkID, - ProvisionHost: p.config.AddressesToPublishPorts, + CloneName: name, + DockerImage: p.config.DockerImage, + Host: pool.SocketCloneDir(name), + Port: port, + DB: p.dbCfg, + Pool: pool, + ContainerConf: p.config.ContainerConfig, + NetworkID: p.networkID, + ProvisionHosts: p.config.CloneAccessAddresses, } return appConfig diff --git a/engine/internal/provision/resources/appconfig.go b/engine/internal/provision/resources/appconfig.go index 7c0e282c6..94a37c403 100644 --- a/engine/internal/provision/resources/appconfig.go +++ b/engine/internal/provision/resources/appconfig.go @@ -10,14 +10,14 @@ import ( // AppConfig currently stores Postgres configuration (other application in the future too). type AppConfig struct { - CloneName string - DockerImage string - Pool *Pool - Host string - Port uint - DB *DB - NetworkID string - ProvisionHost string + CloneName string + DockerImage string + Pool *Pool + Host string + Port uint + DB *DB + NetworkID string + ProvisionHosts string ContainerConf map[string]string pgExtraConf map[string]string -- GitLab From 57cfbe1ed0a6c1a227be4510d79fc5807b96d022 Mon Sep 17 00:00:00 2001 From: Nikolay Samokhvalov Date: Wed, 2 Aug 2023 18:32:12 +0000 Subject: [PATCH 4/4] slightly adjust wording --- engine/configs/config.example.logical_generic.yml | 2 +- engine/configs/config.example.logical_rds_iam.yml | 2 +- engine/configs/config.example.physical_generic.yml | 2 +- engine/configs/config.example.physical_pgbackrest.yml | 2 +- engine/configs/config.example.physical_walg.yml | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) diff --git a/engine/configs/config.example.logical_generic.yml b/engine/configs/config.example.logical_generic.yml index fa391a73c..15985426e 100644 --- a/engine/configs/config.example.logical_generic.yml +++ b/engine/configs/config.example.logical_generic.yml @@ -143,7 +143,7 @@ provision: # existing users to log in with old passwords. keepUserPasswords: false - # IP addresses, from which clone containers accepts connections. + # IP addresses that can be used to access clones. # By default, using a loop-back to accept only local connections. # The empty string means "all available addresses". # The option supports multiple IPs (using comma-separated format) and IPv6 addresses (for example, [::1]) diff --git a/engine/configs/config.example.logical_rds_iam.yml b/engine/configs/config.example.logical_rds_iam.yml index aadadb0d4..7f13f0eb8 100644 --- a/engine/configs/config.example.logical_rds_iam.yml +++ b/engine/configs/config.example.logical_rds_iam.yml @@ -142,7 +142,7 @@ provision: # existing users to log in with old passwords. keepUserPasswords: false - # IP addresses, from which clone containers accepts connections. + # IP addresses that can be used to access clones. # By default, using a loop-back to accept only local connections. # The empty string means "all available addresses". # The option supports multiple IPs (using comma-separated format) and IPv6 addresses (for example, [::1]) diff --git a/engine/configs/config.example.physical_generic.yml b/engine/configs/config.example.physical_generic.yml index 656d7bdde..790b19fb4 100644 --- a/engine/configs/config.example.physical_generic.yml +++ b/engine/configs/config.example.physical_generic.yml @@ -140,7 +140,7 @@ provision: # existing users to log in with old passwords. keepUserPasswords: false - # IP addresses, from which clone containers accepts connections. + # IP addresses that can be used to access clones. # By default, using a loop-back to accept only local connections. # The empty string means "all available addresses". # The option supports multiple IPs (using comma-separated format) and IPv6 addresses (for example, [::1]) diff --git a/engine/configs/config.example.physical_pgbackrest.yml b/engine/configs/config.example.physical_pgbackrest.yml index 506acd52c..3b89a5b82 100644 --- a/engine/configs/config.example.physical_pgbackrest.yml +++ b/engine/configs/config.example.physical_pgbackrest.yml @@ -140,7 +140,7 @@ provision: # existing users to log in with old passwords. keepUserPasswords: false - # IP addresses, from which clone containers accepts connections. + # IP addresses that can be used to access clones. # By default, using a loop-back to accept only local connections. # The empty string means "all available addresses". # The option supports multiple IPs (using comma-separated format) and IPv6 addresses (for example, [::1]) diff --git a/engine/configs/config.example.physical_walg.yml b/engine/configs/config.example.physical_walg.yml index 6b1c59953..989611749 100644 --- a/engine/configs/config.example.physical_walg.yml +++ b/engine/configs/config.example.physical_walg.yml @@ -140,7 +140,7 @@ provision: # existing users to log in with old passwords. keepUserPasswords: false - # IP addresses, from which clone containers accepts connections. + # IP addresses that can be used to access clones. # By default, using a loop-back to accept only local connections. # The empty string means "all available addresses". # The option supports multiple IPs (using comma-separated format) and IPv6 addresses (for example, [::1]) -- GitLab