Обсуждение: [ADMIN] FQDN for replication connection in pg_hba.conf

Поиск
Список
Период
Сортировка

[ADMIN] FQDN for replication connection in pg_hba.conf

От
rammohan ganapavarapu
Дата:
Can we use fqdn in  pg_hba.conf for replication connections?


# TYPE  DATABASE        USER            ADDRESS                 METHOD

# "local" is for Unix domain socket connections only
local   all             all                                     trust
# IPv4 local connections:
host    all             all             0.0.0.0/0            md5
host     replication     postgres       slave.example.com          trust


I am getting below error in slave 

2017-10-10 21:34:52 UTC [313]: [1-1] user= db= host= FATAL:  could not connect to the primary server: FATAL:  no pg_hba.conf entry for replication connection from host "10.10.10.10", user "postgres", SSL off where "10.10.10.10" is my slave (slave.example.com ip.

Thanks,
Ram

Re: [ADMIN] FQDN for replication connection in pg_hba.conf

От
Tom Lane
Дата:
rammohan ganapavarapu <rammohanganap@gmail.com> writes:
> Can we use fqdn in  pg_hba.conf for replication connections?

Yes, if you're using 9.3 or newer, but note what the manual says:
   If a host name is specified (anything that is not an IP address range   or a special key word is treated as a host
name),that name is   compared with the result of a reverse name resolution of the client's   IP address (e.g., reverse
DNSlookup, if DNS is used). Host name   comparisons are case insensitive. If there is a match, then a forward   name
resolution(e.g., forward DNS lookup) is performed on the host   name to check whether any of the addresses it resolves
toare equal to   the client's IP address. If both directions match, then the entry is   considered to match. (The host
namethat is used in pg_hba.conf should   be the one that address-to-name resolution of the client's IP address
returns,otherwise the line won't be matched. Some host name databases   allow associating an IP address with multiple
hostnames, but the   operating system will only return one host name when asked to resolve   an IP address.)
 

My bet is you don't have reverse DNS set up correctly for that address.
        regards, tom lane


-- 
Sent via pgsql-admin mailing list (pgsql-admin@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-admin

Re: [ADMIN] FQDN for replication connection in pg_hba.conf

От
"David G. Johnston"
Дата:
On Tue, Oct 10, 2017 at 3:08 PM, rammohan ganapavarapu <rammohanganap@gmail.com> wrote:
Can we use fqdn in  pg_hba.conf for replication connections?


# TYPE  DATABASE        USER            ADDRESS                 METHOD

# "local" is for Unix domain socket connections only
local   all             all                                     trust
# IPv4 local connections:
host    all             all             0.0.0.0/0            md5
host     replication     postgres       slave.example.com          trust


I am getting below error in slave 

2017-10-10 21:34:52 UTC [313]: [1-1] user= db= host= FATAL:  could not connect to the primary server: FATAL:  no pg_hba.conf entry for replication connection from host "10.10.10.10", user "postgres", SSL off where "10.10.10.10" is my slave (slave.example.com ip.


​The comments and note under "address" at the following link suggest that what you are trying is possible.  Hopefully they can shed some light as to what to check in order to find out why it is not working in your case.​  In particular, are both DNS entries configured?


​Ensure you reload the configuration after making changes.
​I don't recall whether having a all/all/any entry above your replication entry is going to be problematic - but that wouldn't explain a "no pg_hba.conf entry" error.

David J.


Re: [ADMIN] FQDN for replication connection in pg_hba.conf

От
Shreeyansh Dba
Дата:


On Wed, Oct 11, 2017 at 3:48 AM, David G. Johnston <david.g.johnston@gmail.com> wrote:
On Tue, Oct 10, 2017 at 3:08 PM, rammohan ganapavarapu <rammohanganap@gmail.com> wrote:
Can we use fqdn in  pg_hba.conf for replication connections?


# TYPE  DATABASE        USER            ADDRESS                 METHOD

# "local" is for Unix domain socket connections only
local   all             all                                     trust
# IPv4 local connections:
host    all             all             0.0.0.0/0            md5
host     replication     postgres       slave.example.com          trust


I am getting below error in slave 

2017-10-10 21:34:52 UTC [313]: [1-1] user= db= host= FATAL:  could not connect to the primary server: FATAL:  no pg_hba.conf entry for replication connection from host "10.10.10.10", user "postgres", SSL off where "10.10.10.10" is my slave (slave.example.com ip.


​The comments and note under "address" at the following link suggest that what you are trying is possible.  Hopefully they can shed some light as to what to check in order to find out why it is not working in your case.​  In particular, are both DNS entries configured?


​Ensure you reload the configuration after making changes.
​I don't recall whether having a all/all/any entry above your replication entry is going to be problematic - but that wouldn't explain a "no pg_hba.conf entry" error.

David J.



We can use fqdn in pg_hba.conf for replication connections
The only thing you need to do is mention the hostname both in pg_hba.conf of postgresql and under /etc/hosts, that too both in master and slave

i) /etc/hosts (Entry required for both master & slave)
master IP address    <name of the FQDN>       <master hostname>
slave IP Address      <name of the FQDN>    <salve hostname>

ii) pg_hba.conf
# "local" is for Unix domain socket connections only
host    all             all             <name of the FQDN of master>    trust
host    all             all             <name of the FQDN of slave>  trust

# Allow replication connections from localhost, by a user with the
# replication privilege.
host    replication     postgres        <name of the FQDN of master>     trust
host    replication     postgres        <name of the FQDN of slave>  trust

Note :- firewall must be disable on (master side)

--

http://www.shreeyansh.com