On Fri, 2025-09-26 at 12:05 +0000, Dan Mahoney (Gushi) wrote:
> In the interest of automation, I've set up a pgpass file for my
> pg_basebackup between master and standby. This all works, thusly:
>
> pg_basebackup -d
> 'postgres://repuser@10.1.1.1:5432/foo?sslmode=verify-ca' -F p
> --wal-method=stream -P -R -D /var/db/postgres/data17-test3
>
> However, instead of the password getting baked into the pgsql.auto.conf,
> the reference to the passfile gets put in, instead:
>
> # Do not edit this file manually!
> # It will be overwritten by the ALTER SYSTEM command.
> primary_conninfo = 'user=repuser passfile=''/var/db/postgres/.pgpass''
> channel_binding=prefer host=10.1.1.1 port=5432 sslmode=''verify-ca''
> sslnegotiation=postgres sslcompression=0 sslcertmode=allow sslsni=1
> ssl_min_protocol_version=TLSv1.2 gssencmode=disable krbsrvname=postgres
> gssdelegation=0 target_session_attrs=any load_balance_hosts=disable
> dbname=foo'
That happens when "pg_basebackup" used a password file to connect to
the PostgreSQL server.
> But it seems postgres won't actually read the passfile.
Oh yes, it will, as long as it has permissions 0600, 0400 or 0700 and
belongs to the database server OS user (commonly "postgres").
It must have worked for the "pg_basebackup", so PostgreSQL assumes it
will also work for replication.
> Sep 26 12:01:27 hostname postgres[42455]: [7-1] 2025-09-26 12:01:27.658
> UTC [42455] FATAL: could not connect to the primary server: connection to
> server at "10.1.1.1", port 5432 failed: fe_sendauth: no password supplied
>
> Am I doing something wrong here?
That is hard to say. You should have run "pg_basebackup" as the
same OS user that starts the standby.
> I'm loathe to hand-edit the file, because of that warning there.
Makes sense, although it is OK as long as you don't mess up the file.
> Is there an alter system command that can be used to properly populate the
> password into this file?
Sure. If the standby server is up and running (even if it cannot connect
to the primary), you can connect and execute
ALTER SYSTEM SET primary_conninfo = 'password=''my secret password''';
Yours,
Laurenz Albe
