On 2/2/22 08:37, Laura Smith wrote:
>
>
> Sent with ProtonMail Secure Email.
>
> ‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
>
> On Wednesday, February 2nd, 2022 at 16:30, Adrian Klaver <adrian.klaver@aklaver.com> wrote:
>
>> I am not following. pg_basebackup is a stand alone client that is not
>>
>> involved in replication other then establishing a starting point from
>>
>> which to later establish a replication relationship.
>>
>
> Indeed. And that is exactly that I am trying to do (i.e. have master, want new slave).
>
>> The error is saying that whatever instance you are pointing
>>
>> pg_basebackup at does not have entry in pg_hba.conf for the
>>
>> host/user/encryption combination pg_basebackup is trying to connect as.
>>
>
> But it *DOES* have an entry, per my original message:
> "hostssl replication all 10.0.0.0/8 md5"
From the OP:
"
Long story short, I've got the following in pg_hba.conf of the master:
hostssl replication all 10.0.0.0/8 md5
But the slave is complaining:
FATAL: no pg_hba.conf entry for replication connection from host
"10.1.2.3", user "myrepl", no encryption
"
The error is coming from a connection to the slave which does not have
data yet, correct? Or a matching pg_hba.conf entry, it would seem.
>
> And yes, that hba is loaded and live because other remote clients are happily connected to that server and thus
relianton a valid hba.conf.
>
> The host is correct. The user is correct.
>
> The point I am making is that pg_basebackup is connecting without encryption and I want to know how to tell it to use
encryption.The docs are silent on the subject.
Not completely:
https://www.postgresql.org/docs/current/app-pgbasebackup.html
-d connstr
--dbname=connstr
Specifies parameters used to connect to the server, as a
<connection string>; these will override any conflicting command line
options.
The option is called --dbname for consistency with other client
applications, but because pg_basebackup doesn't connect to any
particular database in the cluster, any database name in the connection
string will be ignored.
Following the <connection string> link:
https://www.postgresql.org/docs/current/libpq-connect.html#LIBPQ-CONNSTRING
You can use that to set sslmode.
--
Adrian Klaver
adrian.klaver@aklaver.com