Thread: Replication to less secure slave server
I am planning a system that will be hosted within a secure network with very limited access. All access to the database will be from within this network. I need to have a copy of the database available on a much less secure server, which will allow access for web applications. This copy of the database is considered sacrificial.
The replication methods I have read about are focussed on creating standby servers to take over if the primary becomes unavailable. For this, there is obviously a requirement that the slave be able to connect to the database on the master. This is not allowed by our security set-up (that's the whole reason for having the replica database).
I need to somehow push the changes from the master out to the slave. The database is not very complex or large (two main tables with < 100,000 rows) and new rows will be added only every few minutes. A minute or so lag on the copy database is acceptable.
I think Slony-1 using shipping of log files may be an option:
http://www.slony.info/documentation/1.2/logshipping.html
Could I do this without using a separate replication tool? Is there any way that I could use the replication methods in PostgreSQL 9 without allowing the slave to connect to the master?
I know that log shipping is still possible with earlier versions of Postgres, but I think the slave is then in a permanent state of recovery and cannot accept read-only connections.
Thanks in advance for any suggestions,
Alys
The replication methods I have read about are focussed on creating standby servers to take over if the primary becomes unavailable. For this, there is obviously a requirement that the slave be able to connect to the database on the master. This is not allowed by our security set-up (that's the whole reason for having the replica database).
I need to somehow push the changes from the master out to the slave. The database is not very complex or large (two main tables with < 100,000 rows) and new rows will be added only every few minutes. A minute or so lag on the copy database is acceptable.
I think Slony-1 using shipping of log files may be an option:
http://www.slony.info/documentation/1.2/logshipping.html
Could I do this without using a separate replication tool? Is there any way that I could use the replication methods in PostgreSQL 9 without allowing the slave to connect to the master?
I know that log shipping is still possible with earlier versions of Postgres, but I think the slave is then in a permanent state of recovery and cannot accept read-only connections.
Thanks in advance for any suggestions,
Alys
On Jan 25, 2011, at 7:04 AM, alys brett wrote: > I am planning a system that will be hosted within a secure network with very limited access. All access to the databasewill be from within this network. I need to have a copy of the database available on a much less secure server, whichwill allow access for web applications. This copy of the database is considered sacrificial. > > The replication methods I have read about are focussed on creating standby servers to take over if the primary becomesunavailable. For this, there is obviously a requirement that the slave be able to connect to the database on the master.This is not allowed by our security set-up (that's the whole reason for having the replica database). > > I need to somehow push the changes from the master out to the slave. The database is not very complex or large (two maintables with < 100,000 rows) and new rows will be added only every few minutes. A minute or so lag on the copy databaseis acceptable. I have similar requirements, so I have the master initiate an SSH reverse tunnel to the replica, where pg connects to thelocal port that is the remote end of that tunnel. -- Scott Ribe scott_ribe@elevated-dev.com http://www.elevated-dev.com/ (303) 722-0567 voice