Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bootstrap pg_hba for system app, postgresql pg_hba for user app #878

Closed
patsevanton opened this issue Nov 25, 2018 · 6 comments
Closed

Bootstrap pg_hba for system app, postgresql pg_hba for user app #878

patsevanton opened this issue Nov 25, 2018 · 6 comments

Comments

@patsevanton
Copy link

patsevanton commented Nov 25, 2018
edited
Loading

Hello!
I have idea. Please will think about it:

bootstrap:
  pg_hba:
    - host replication replicator 192.168.88.91/32 md5
    - host replication replicator 192.168.88.90/32 md5
    - host replication replicator 192.168.88.89/32 md5

postgresql:
  pg_hba:
    - host test1 test2 192.168.1.1/32 md5

I run cluster with bootstrap pg_hba.
But later (may when i restart patroni service) pg_hba changed.
2 places where you can declare pg_hba confusing.

Can create feature bootstrap pg_hba for system app, postgresql pg_hba for user app?
Final pg_hba merge bootstrap pg_hba and postgresql pg_hba.
@CyberDem0n
Copy link
Member

CyberDem0n commented Nov 26, 2018
edited
Loading

2 places where you can declare pg_hba confusing.

There are actually more places where you can configure it, just pick one and stick with it:

  1. bootstrap.pg_hba -- this is the oldest one. The value from here is appended to pg_hba.conf right after initdb run and later never changed (even if you edit the config file)
  2. bootstrap.dcs.postrgesql.pg_hba -- value from here is written into /config key into DCS. After that any node will take this value and write it into pg_hba.conf. Later you can use patronictl edit-config to change pg_hba on all nodes in the cluster.
  3. postrgesql.pg_hba -- value from here will completely overwrite pg_hba.conf upon restart or reload of patroni.
  4. postgresql.parameters.hba_file.

If the hba_file if set, all other pg_hba parameters are ignored.
postrgesql.pg_hba from the config file takes precedence over the value from the DCS:/config key.

It is not really possible to merge pg_hba from different sources, because rules are aplpied line by line.

@patsevanton
Copy link
Author

patsevanton commented Nov 26, 2018
edited
Loading

Thank for fast answer
What is best practice for user pg_hba in patroni?

@CyberDem0n
Copy link
Member

Well, Patroni provides enough flexibility and you need to figure out what is better for you.

@patsevanton
Copy link
Author

I understand. Thanks.

@patsevanton
Copy link
Author

Is this correct?
postgresql.parameters.hba_file overwrite postrgesql.pg_hba overwrite bootstrap.dcs.postrgesql.pg_hba overwrite bootstrap.pg_hba ?

postgresql.parameters.hba_file >> postrgesql.pg_hba >> bootstrap.dcs.postrgesql.pg_hba >> bootstrap.pg_hba

@patsevanton patsevanton reopened this Nov 27, 2018
@CyberDem0n
Copy link
Member

Kind of, except that they don't overwrite anything but taking precedence.

And regarding bootstrap.dcs.postrgesql.pg_hba: please read documentation about bootstrap.dcs https://github.com/zalando/patroni/blob/master/docs/SETTINGS.rst#bootstrap-configuration

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@CyberDem0n @patsevanton