-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
On 02/04/2016 03:56 AM, Aviel Buskila wrote:
> Hey everyone,
> I am trying to configure reverse proxy to postgresql using haproxy, for this example I have the following architecture:
> - node1
> - node2
> - haproxysrv
>
> Streaming replication between node1 and node2 and auto failover with repmgr.
>
> When I issue a connection to haproxysrv to connect, I get a pg_hba.conf error telling that I haven't configured the haproxysrv to connect to the database.
>
> The reason that this scenario occurs is that:
> HAProxy establishes 2 separate connections, 1 between the client and haproxy and one between haproxy and postgresql. the connection made haproxy haproxy and postgresql contains source ip of the haproxy itself.
>
> HAProxy offers a "transparent" ip using proxy protocol.
>
> According to haproxy docs and forums this feature is feasible only if the application is proxy protocol aware.
>
> My question are:
> 1. is there any other solution for this issue?
> 2. is there anyone who knows if postgresql is proxy protocol aware?
> PostgreSQL only cares about who is talking directly to it. You will have to put the HAProxy server's IP address in your pg_hba.conf. This is normal and to be expected. I've configured it many times and it works well.
Aside from the simple issue of pg_hba.conf, I would just be mindful, HAProxy is just a 'dumb' load balancer, by that, I mean that it isn't really aware of who the master *should* be. If you're not careful, you can end up easily causing a split-brain scenario. I'm not sure if repmgr deals with this or not (it may), but, you want to make sure that, if you failover, you fence that old master to the point that HAProxy cannot send requests to it any longer.
> Best regards,
> Aviel B. - --
Scott Mead
OpenSCG
<http://www.openscg.com>http://www.openscg.com PostgreSQL, Java & Linux Experts
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQEcBAEBCAAGBQJWs1uJAAoJEMpZLrKS7LGMxncIAKEttG5ntfrOXOxpwtQQT+Cr
nTBTI3QLwNuWryk01nqDwYNh8G97heEv1ag1sdsdXiSfYuoar0BMHuTAH/yPozfv
xa/NkpnDTaPoKiH/kkGolt51PCKQ77VjsCZZqwg18XMuHWUM25Sxj08lQJB08fYK
v2SI79GlhfUvOoanHIWu95RfhO+cWeK1cvjYnKDXmxn20O76olHIZgxX/NG9bWVL
XaV2Y3KVkemwOaXc766ITSVJQacwHGLmBDYZXkuI4o88ILJGiMTTymkIyngKUkhA
eqtCuJx2Wx6FzUuKTEnM9M0CwC4VWyVtYik2teEBmP37VSPZ4Pk27FOBf13mzEc=
=p84R
-----END PGP SIGNATURE-----