RE: repmgr and SSH - Mailing list pgsql-general
| From | ROS Didier |
|---|---|
| Subject | RE: repmgr and SSH |
| Date | |
| Msg-id | fd7c9d3d9e5d418cbcff65cb306461e3@PCYINTPEXMU001.NEOPROD.EDF.FR Whole thread Raw |
| In response to | Re: repmgr and SSH (Ian Barwick <ian.barwick@2ndquadrant.com>) |
| List | pgsql-general |
Hi Ian
If we setup SSH between all the nodes (master, standby and witness) there is a big security problem when repmgr
monitorsseveral configurations :
For instance this architecture :
- configuration A : primary A, standby A
- configuration B : primary B, standby B
- Configuration C : primary C, standby C
- witness : monitors the three configurations
If I can connect on primary A with the "postgres" user, I can login on the witness, and then I can connect to all
thenodes (primary B, primary C, standby B, standby C).
Question : is it OK if I setup SSH between only the primary and the standby nodes of each configuration ?
Thanks in advance
Best Regards
Didier ROS
Expertise SGBD
DS IT/IT DMA/Solutions Groupe EDF/Expertise Applicative - SGBD
-----Message d'origine-----
De : ian.barwick@2ndquadrant.com [mailto:ian.barwick@2ndquadrant.com]
Envoyé : mardi 15 janvier 2019 12:53
À : ROS Didier <didier.ros@edf.fr>; pgsql-general@lists.postgresql.org
Objet : Re: repmgr and SSH
On 1/14/19 6:29 PM, ROS Didier wrote:
> Hi
>
> I would like to setup a repmgr configuration with one primary node, one standby node and one witness node.
>
> Regarding SSH configuration, the documentation is not clear, I think.
>
> Do we need to setup SSH between the three nodes or only between primary and standby nodes ?
Between all three, though outbound SSH connections from the witness node are not essential.
We'll clarify the documentation.
Regards
Ian Barwick
--
Ian Barwick http://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Training & Services
Ce message et toutes les pièces jointes (ci-après le 'Message') sont établis à l'intention exclusive des destinataires
etles informations qui y figurent sont strictement confidentielles. Toute utilisation de ce Message non conforme à sa
destination,toute diffusion ou toute publication totale ou partielle, est interdite sauf autorisation expresse.
Si vous n'êtes pas le destinataire de ce Message, il vous est interdit de le copier, de le faire suivre, de le
divulguerou d'en utiliser tout ou partie. Si vous avez reçu ce Message par erreur, merci de le supprimer de votre
système,ainsi que toutes ses copies, et de n'en garder aucune trace sur quelque support que ce soit. Nous vous
remercionségalement d'en avertir immédiatement l'expéditeur par retour du message.
Il est impossible de garantir que les communications par messagerie électronique arrivent en temps utile, sont
sécuriséesou dénuées de toute erreur ou virus.
____________________________________________________
This message and any attachments (the 'Message') are intended solely for the addressees. The information contained in
thisMessage is confidential. Any use of information contained in this Message not in accord with its purpose, any
disseminationor disclosure, either whole or partial, is prohibited except formal approval.
If you are not the addressee, you may not copy, forward, disclose or use any part of it. If you have received this
messagein error, please delete it and all copies from your system and notify the sender immediately by return message.
E-mail communication cannot be guaranteed to be timely secure, error or virus-free.
pgsql-general by date: