Request a Demo
32.1. Cluster Initialization Settings Related to Access Management
Prev UpChapter 32. Cluster Configuration for Distributed SystemHome Next

32.1. Cluster Initialization Settings Related to Access Management #

When a Postgres Pro Shardman cluster is initialized, security-related settings are taken from the initialization file. You can change them later, but do this with care and remember that in most cases, the change will require a DBMS restart.

A Postgres Pro Shardman cluster has two special users: administrative and replication. Postgres Pro Shardman manages controlled DBMS instances with administrative users. BiHA needs replication users for replications between controlled DBMS instances.

Security-related settings from the initialization file specify:

  • Authentication methods for administrative and replication users — PgSuAuthMethod, PgReplAuthMethod

  • Usernames for administrative and replication users — PgSuUsername, PgReplUsername

  • Passwords for administrative and replication users — PgSuPassword, PgReplPassword

  • pg_hba.conf rules used by DBMS instances — ShardSpec.pgHBA

See Section 18.20.2 for detailed descriptions of these settings.

To change security-related user settings, perform these steps:

  1. Change the password for the postgres user in the cluster0 cluster:

    $ shardmanctl --cluster-name cluster0 config update credentials --user postgres --password newpassword --yes

  2. Update SSL certificates:

                        $ shardmanctl --cluster-name cluster0 config update credentials --user postgres --ssl-cert /path/to/cert.pem --ssl-key /path/to/key.pem --yes

Modifying these settings will lead to a DBMS restart.

Unlike the above settings, the ShardSpec.pgHBA setting can be changed online. To do this, perform these steps:

  1. Extract the current ShardSpec definition, save it to a file, and modify it as necessary: 

    $ shardmanctl --cluster-name cluster0 store get -a shardspec -f shardspec.json

  2. Edit shardspec.json and replace the ShardSpec.pgHBA definition with the appropriate one, for example: 

    "pgHBA": [
        "host all postgres 0.0.0.0/0 scram-sha-256",
        "host replication postgres 0.0.0.0/0 scram-sha-256",
        "host replication postgres ::0/0 scram-sha-256",
        "host all someuser 0.0.0.0/0 scram-sha-256"
      ],

  3. Apply the edited shardspec.json file: 

    $ shardmanctl --cluster-name cluster0 config update -f shardspec.json

Prev Up Next
Chapter 32. Cluster Configuration for Distributed System Home 32.2. Scaling the Cluster
epub pdf