On Thu, Jan 26, 2017 at 2:36 AM, Alfredo Palhares <alfredo@palhares.me> wrote:
> I have a PostgreSQL cluster with several ROLES that access the node
> according to his state.
>
> On the master node, I only want the roles that need to write and the admins.
> On the synchronous node i would want only roles with read access that
> require the most up to date data, and the admins
> On the asynchronous node allow roles with read acess, and users to debug the
> system.
>
>
> So I will probably be templating the pg_hba.conf file since there are
> common roles between the systems.
> Do you guys have any suggestions on this? Links?
>
> Does pg_hba support to include files?
You cannot include an entire file, but it is possible to list users
and/or databases via files specified by @:
https://www.postgresql.org/docs/9.6/static/auth-pg-hba-conf.html
Particularly this bit:
Files included by @ constructs are read as lists of names, which can
be separated by either whitespace or commas. Comments are introduced
by #, just as in pg_hba.conf, and nested @ constructs are allowed.
Unless the file name following @ is an absolute path, it is taken to
be relative to the directory containing the referencing file.
So you could take advantage of that to handle your configurations on
different nodes with the same pg_hba.conf, but different users and
databases.
--
Michael