This topic describes the rationale behind specific sudo privilege requirements for virtualizing PostgreSQL Databases.

The sudo configuration exists as /etc/sudoers file.

Below is the example of sudo configuration file contents as mentioned above for Postgres environment.

$ vi /etc/sudoers
Defaults:postgres !requiretty
postgres ALL=NOPASSWD:  /bin/mount,/bin/umount,/bin/mkdir,/bin/rmdir
PrivilegeSourcesTargetsRationale

mkdir/rmdir

Not Required

Required

Delphix dynamically creates and removes directories under the provisioning directory during VDB operations.

mount/umountNot RequiredRequiredDelphix dynamically mounts and unmounts directories under the provisioning directory during VDB operations. This privilege is required because mount and unmount are typically reserved for superuser.

It is required to specify the NOPASSWD qualifier within the "sudo" configuration file, as shown in examples here: Sudo File Configuration Examples for PostgreSQL Environments.  This ensures that the "sudo" command does not demand the entry of a password, even for the "display permissions" (i.e. "sudo -l") command.

AppData Mount Options

Depending on the NFS version used options vers=3 or vers=4.x is added (x varies depending on what that platform supports. e.g. vers=4 or vers=4.1)

Linux (NFSv3)

-t nfs -o rw,fg,hard,rsize=1048576,wsize=1048576,nointr,timeo=600,tcp,noacl,vers=3
Linux (NFSv4)
-t nfs4 -o rw,fg,hard,rsize=1048576,wsize=1048576,nointr,timeo=600,sec=sys,tcp,noacl

Note :

(For some flavors of Linux and NFSv4.1, additional optional 'v4.1' is added)

  1. "port=2049" option is added for all platforms.
unmount options"-f" is used for all platforms. For Linux, "-lf" is used.


Mount and Unmount Options Subject to Change

Please note that the mount and unmount options listed above are subject to change. For example, if Delphix finds that a certain option improves performance, Delphix may add, remove or change options at anytime. Therefore, it is highly recommended to create the sudo profiles using wildcards that allow any number of options.