Re: pg_basebackup with hostssl ?
| От | Adrian Klaver |
|---|---|
| Тема | Re: pg_basebackup with hostssl ? |
| Дата | |
| Msg-id | c9ff64a4-8d52-fedb-8048-eb5b37813858@aklaver.com обсуждение исходный текст |
| Ответ на | Re: pg_basebackup with hostssl ? (Laura Smith <n5d9xq3ti233xiyif2vp@protonmail.ch>) |
| Ответы |
Re: pg_basebackup with hostssl ?
|
| Список | pgsql-general |
On 2/2/22 08:37, Laura Smith wrote: > > > Sent with ProtonMail Secure Email. > > ‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐ > > On Wednesday, February 2nd, 2022 at 16:30, Adrian Klaver <adrian.klaver@aklaver.com> wrote: > >> I am not following. pg_basebackup is a stand alone client that is not >> >> involved in replication other then establishing a starting point from >> >> which to later establish a replication relationship. >> > > Indeed. And that is exactly that I am trying to do (i.e. have master, want new slave). > >> The error is saying that whatever instance you are pointing >> >> pg_basebackup at does not have entry in pg_hba.conf for the >> >> host/user/encryption combination pg_basebackup is trying to connect as. >> > > But it *DOES* have an entry, per my original message: > "hostssl replication all 10.0.0.0/8 md5" From the OP: " Long story short, I've got the following in pg_hba.conf of the master: hostssl replication all 10.0.0.0/8 md5 But the slave is complaining: FATAL: no pg_hba.conf entry for replication connection from host "10.1.2.3", user "myrepl", no encryption " The error is coming from a connection to the slave which does not have data yet, correct? Or a matching pg_hba.conf entry, it would seem. > > And yes, that hba is loaded and live because other remote clients are happily connected to that server and thus relianton a valid hba.conf. > > The host is correct. The user is correct. > > The point I am making is that pg_basebackup is connecting without encryption and I want to know how to tell it to use encryption.The docs are silent on the subject. Not completely: https://www.postgresql.org/docs/current/app-pgbasebackup.html -d connstr --dbname=connstr Specifies parameters used to connect to the server, as a <connection string>; these will override any conflicting command line options. The option is called --dbname for consistency with other client applications, but because pg_basebackup doesn't connect to any particular database in the cluster, any database name in the connection string will be ignored. Following the <connection string> link: https://www.postgresql.org/docs/current/libpq-connect.html#LIBPQ-CONNSTRING You can use that to set sslmode. -- Adrian Klaver adrian.klaver@aklaver.com
В списке pgsql-general по дате отправления: