Thread: "all" not inclusive of "replication" in pg_hba.conf
Dear List , It is been found that the entry local all all trust does not renders below redundant in pg_hba.conf local replication replicator01 trust regds mallah.
On Sat, Sep 24, 2011 at 10:07 PM, Rajesh Kumar Mallah <mallah.rajesh@gmail.com> wrote: > Dear List , > > It is been found that the entry > > local all all trust > > does not renders below redundant in pg_hba.conf > > local replication replicator01 trust I noticed this too, and I think it should. Either way, the documentation isn't clear on this point -- either 'all' should include the faux replication database or it should be noted in appropriate places that 'all' doesn't/can't do that. merlin
On Mon, 2011-09-26 at 11:58 -0500, Merlin Moncure wrote: > On Sat, Sep 24, 2011 at 10:07 PM, Rajesh Kumar Mallah > <mallah.rajesh@gmail.com> wrote: > > Dear List , > > > > It is been found that the entry > > > > local all all trust > > > > does not renders below redundant in pg_hba.conf > > > > local replication replicator01 trust > > I noticed this too, and I think it should. Either way, the > documentation isn't clear on this point -- either 'all' should include > the faux replication database or it should be noted in appropriate > places that 'all' doesn't/can't do that. > "all" includes all real databases, not "virtual" one. The documentation could probably be clearer, but "all" shouldn't include the virtual "replication" database. -- Guillaume http://blog.guillaume.lelarge.info http://www.dalibo.com
On Mon, Sep 26, 2011 at 1:47 PM, Guillaume Lelarge <guillaume@lelarge.info> wrote: > On Mon, 2011-09-26 at 11:58 -0500, Merlin Moncure wrote: >> On Sat, Sep 24, 2011 at 10:07 PM, Rajesh Kumar Mallah >> <mallah.rajesh@gmail.com> wrote: >> > Dear List , >> > >> > It is been found that the entry >> > >> > local all all trust >> > >> > does not renders below redundant in pg_hba.conf >> > >> > local replication replicator01 trust >> >> I noticed this too, and I think it should. Either way, the >> documentation isn't clear on this point -- either 'all' should include >> the faux replication database or it should be noted in appropriate >> places that 'all' doesn't/can't do that. >> > > "all" includes all real databases, not "virtual" one. The documentation > could probably be clearer, but "all" shouldn't include the virtual > "replication" database. ok, what's your rationale for that? pg_hba.conf is a rule based system with no distinction given for rule vs virtual databases. what if we create more virtual databases? do you always have explicitly create a rule for each database for each user? IMSNHO, the more I think about it, the more I think current behavior is broken. merlin
On Mon, 2011-09-26 at 14:13 -0500, Merlin Moncure wrote: > On Mon, Sep 26, 2011 at 1:47 PM, Guillaume Lelarge > <guillaume@lelarge.info> wrote: > > On Mon, 2011-09-26 at 11:58 -0500, Merlin Moncure wrote: > >> On Sat, Sep 24, 2011 at 10:07 PM, Rajesh Kumar Mallah > >> <mallah.rajesh@gmail.com> wrote: > >> > Dear List , > >> > > >> > It is been found that the entry > >> > > >> > local all all trust > >> > > >> > does not renders below redundant in pg_hba.conf > >> > > >> > local replication replicator01 trust > >> > >> I noticed this too, and I think it should. Either way, the > >> documentation isn't clear on this point -- either 'all' should include > >> the faux replication database or it should be noted in appropriate > >> places that 'all' doesn't/can't do that. > >> > > > > "all" includes all real databases, not "virtual" one. The documentation > > could probably be clearer, but "all" shouldn't include the virtual > > "replication" database. > > ok, what's your rationale for that? pg_hba.conf is a rule based system > with no distinction given for rule vs virtual databases. what if we > create more virtual databases? do you always have explicitly create a > rule for each database for each user? IMSNHO, the more I think about > it, the more I think current behavior is broken. > And I would agree (that the current behaviour is broken). Using a database name as a flag to replication connection was a false good idea. But, actually, I failed to find a better one. -- Guillaume http://blog.guillaume.lelarge.info http://www.dalibo.com
On Mon, Sep 26, 2011 at 2:23 PM, Guillaume Lelarge <guillaume@lelarge.info> wrote: > And I would agree (that the current behaviour is broken). Using a > database name as a flag to replication connection was a false good idea. > But, actually, I failed to find a better one. Well, that may or may not be a good idea, but that's a separate issue. pg_hba.conf has a very specific way of working, and the replication 'database' doesn't work that way -- it should follow the same rules the other databases do since it's stored in the same area and should implicitly use the same mechanics. A cleaner way of doing it might have been to introduce a separate area for virtual databases for example (and this might have mitigated pain for the non-zero chance for users that already have a database named 'replication'). Maybe it's too late to change it now, though :(, we should do something about the current situation, even if the best we can come up with is putting a clearly worded disclaimer into the docs. I still think it's better to make 'all' work though. merlin