diff --git a/compute_tools/src/compute.rs b/compute_tools/src/compute.rs index 06a34ec41e..b5415f8742 100644 --- a/compute_tools/src/compute.rs +++ b/compute_tools/src/compute.rs @@ -1505,15 +1505,19 @@ impl ComputeNode { ) })?; - // Update pg_hba.conf received with basebackup. - update_pg_hba(pgdata_path, None)?; - if let Some(databricks_settings) = spec.databricks_settings.as_ref() { copy_tls_certificates( &databricks_settings.pg_compute_tls_settings.key_file, &databricks_settings.pg_compute_tls_settings.cert_file, pgdata_path, )?; + + // Update pg_hba.conf received with basebackup including additional databricks settings. + update_pg_hba(pgdata_path, Some(&databricks_settings.databricks_pg_hba))?; + update_pg_ident(pgdata_path, Some(&databricks_settings.databricks_pg_ident))?; + } else { + // Update pg_hba.conf received with basebackup. + update_pg_hba(pgdata_path, None)?; } // Place pg_dynshmem under /dev/shm. This allows us to use diff --git a/compute_tools/src/spec.rs b/compute_tools/src/spec.rs index d00f86a2c0..751de76ca5 100644 --- a/compute_tools/src/spec.rs +++ b/compute_tools/src/spec.rs @@ -137,12 +137,13 @@ pub fn get_config_from_control_plane(base_uri: &str, compute_id: &str) -> Result /// Check `pg_hba.conf` and update if needed to allow external connections. pub fn update_pg_hba(pgdata_path: &Path, databricks_pg_hba: Option<&String>) -> Result<()> { // XXX: consider making it a part of config.json + info!("checking pg_hba.conf"); let pghba_path = pgdata_path.join("pg_hba.conf"); // Update pg_hba to contains databricks specfic settings before adding neon settings // PG uses the first record that matches to perform authentication, so we need to have // our rules before the default ones from neon. - // See https://www.postgresql.org/docs/16/auth-pg-hba-conf.html + // See https://www.postgresql.org/docs/current/auth-pg-hba-conf.html if let Some(databricks_pg_hba) = databricks_pg_hba { if config::line_in_file( &pghba_path,