+ When using kerberos for patroni, users may attempt to remove the pgpass line from patroni configuration (possibly for security reasons), but this causes the patroni process to fail.

+ There is hard code in patroni utils.py which must check the directory and writeable. Error messages may include these:

2023-02-10 09:34:38,792 ERROR: [Errno 13] Permission denied: '/conf'

2023-02-10 09:37:39,491 INFO: Selected new etcd server https://xxx:2379

2023-02-10 09:37:39,535 INFO: No PostgreSQL configuration items changed, nothing to reload.

2023-02-10 09:37:39,991 INFO: Selected new etcd server https://xxx:2379 PermissionError: [Errno 13] Permission denied: '/home/postgres/tmp_z_nkaa0' raise PatroniException(msg.format(d, "the directory is not writable")) patroni.exceptions.PatroniException: "'/home/postgres' is defined in `postgresql.pgpass`, the directory is not writable" Traceback: File "/d/d1/patroni/patroni_venv/lib64/python3.9/site-packages/patroni/utils.py", line 462, in validate_directory os.makedirs(d) File "/usr/lib64/python3.9/os.py", line 225, in makedirs mkdir(name, mode) PermissionError: [Errno 13] Permission denied: '/d3'

VMware Tanzu Postgres Database.

+ This check shouldn’t be done if kerberos is configured properly.

+ The calling path is:

 def check_directories(self): [...] if not self._krbsrvname: self.try_to_create_dir(os.path.dirname(self._pgpass), "'{}' is defined in `postgresql.pgpass`, {}") 

+ The user needs to properly configure kerberos in patroni with a suitable “krbsrvname” option in the patroni configuration config.py to take effect:

def reload_config(self, config, sighup=False): [...] self._krbsrvname = config.get('krbsrvname')