Enable replication connections by default in pg_hba.conf
initdb now initializes a pg_hba.conf that allows replication connections from the local host, same as it does for regular connections. The connecting user still needs to have the REPLICATION attribute or be a superuser. The intent is to allow pg_basebackup from the local host to succeed without requiring additional configuration. Michael Paquier <michael.paquier@gmail.com> and me
This commit is contained in:
parent
355d3993c5
commit
be37c2120a
|
@ -120,11 +120,17 @@ PostgreSQL documentation
|
||||||
<term><option>--auth=<replaceable class="parameter">authmethod</replaceable></option></term>
|
<term><option>--auth=<replaceable class="parameter">authmethod</replaceable></option></term>
|
||||||
<listitem>
|
<listitem>
|
||||||
<para>
|
<para>
|
||||||
This option specifies the authentication method for local users used
|
This option specifies the default authentication method for local
|
||||||
in <filename>pg_hba.conf</> (<literal>host</literal>
|
users used in <filename>pg_hba.conf</> (<literal>host</literal>
|
||||||
and <literal>local</literal> lines). Do not use <literal>trust</>
|
and <literal>local</literal> lines). <command>initdb</command> will
|
||||||
unless you trust all local users on your system. <literal>trust</> is
|
prepopulate <filename>pg_hba.conf</filename> entries using the
|
||||||
the default for ease of installation.
|
specified authentication method for non-replication as well as
|
||||||
|
replication connections.
|
||||||
|
</para>
|
||||||
|
|
||||||
|
<para>
|
||||||
|
Do not use <literal>trust</> unless you trust all local users on your
|
||||||
|
system. <literal>trust</> is the default for ease of installation.
|
||||||
</para>
|
</para>
|
||||||
</listitem>
|
</listitem>
|
||||||
</varlistentry>
|
</varlistentry>
|
||||||
|
|
|
@ -84,6 +84,6 @@ host all all 127.0.0.1/32 @authmethodhost@
|
||||||
host all all ::1/128 @authmethodhost@
|
host all all ::1/128 @authmethodhost@
|
||||||
# Allow replication connections from localhost, by a user with the
|
# Allow replication connections from localhost, by a user with the
|
||||||
# replication privilege.
|
# replication privilege.
|
||||||
@remove-line-for-nolocal@#local replication @default_username@ @authmethodlocal@
|
@remove-line-for-nolocal@local replication all @authmethodlocal@
|
||||||
#host replication @default_username@ 127.0.0.1/32 @authmethodhost@
|
host replication all 127.0.0.1/32 @authmethodhost@
|
||||||
#host replication @default_username@ ::1/128 @authmethodhost@
|
host replication all ::1/128 @authmethodhost@
|
||||||
|
|
|
@ -1235,11 +1235,6 @@ setup_config(void)
|
||||||
"@authcomment@",
|
"@authcomment@",
|
||||||
(strcmp(authmethodlocal, "trust") == 0 || strcmp(authmethodhost, "trust") == 0) ? AUTHTRUST_WARNING : "");
|
(strcmp(authmethodlocal, "trust") == 0 || strcmp(authmethodhost, "trust") == 0) ? AUTHTRUST_WARNING : "");
|
||||||
|
|
||||||
/* Replace username for replication */
|
|
||||||
conflines = replace_token(conflines,
|
|
||||||
"@default_username@",
|
|
||||||
username);
|
|
||||||
|
|
||||||
snprintf(path, sizeof(path), "%s/pg_hba.conf", pg_data);
|
snprintf(path, sizeof(path), "%s/pg_hba.conf", pg_data);
|
||||||
|
|
||||||
writefile(path, conflines);
|
writefile(path, conflines);
|
||||||
|
|
|
@ -4,7 +4,7 @@ use Cwd;
|
||||||
use Config;
|
use Config;
|
||||||
use PostgresNode;
|
use PostgresNode;
|
||||||
use TestLib;
|
use TestLib;
|
||||||
use Test::More tests => 73;
|
use Test::More tests => 72;
|
||||||
|
|
||||||
program_help_ok('pg_basebackup');
|
program_help_ok('pg_basebackup');
|
||||||
program_version_ok('pg_basebackup');
|
program_version_ok('pg_basebackup');
|
||||||
|
@ -15,15 +15,12 @@ my $tempdir = TestLib::tempdir;
|
||||||
my $node = get_new_node('main');
|
my $node = get_new_node('main');
|
||||||
|
|
||||||
# Initialize node without replication settings
|
# Initialize node without replication settings
|
||||||
$node->init(hba_permit_replication => 0);
|
$node->init;
|
||||||
$node->start;
|
$node->start;
|
||||||
my $pgdata = $node->data_dir;
|
my $pgdata = $node->data_dir;
|
||||||
|
|
||||||
$node->command_fails(['pg_basebackup'],
|
$node->command_fails(['pg_basebackup'],
|
||||||
'pg_basebackup needs target directory specified');
|
'pg_basebackup needs target directory specified');
|
||||||
$node->command_fails(
|
|
||||||
[ 'pg_basebackup', '-D', "$tempdir/backup" ],
|
|
||||||
'pg_basebackup fails because of hba');
|
|
||||||
|
|
||||||
# Some Windows ANSI code pages may reject this filename, in which case we
|
# Some Windows ANSI code pages may reject this filename, in which case we
|
||||||
# quietly proceed without this bit of test coverage.
|
# quietly proceed without this bit of test coverage.
|
||||||
|
|
|
@ -349,11 +349,7 @@ sub set_replication_conf
|
||||||
|
|
||||||
open my $hba, ">>$pgdata/pg_hba.conf";
|
open my $hba, ">>$pgdata/pg_hba.conf";
|
||||||
print $hba "\n# Allow replication (set up by PostgresNode.pm)\n";
|
print $hba "\n# Allow replication (set up by PostgresNode.pm)\n";
|
||||||
if (!$TestLib::windows_os)
|
if ($TestLib::windows_os)
|
||||||
{
|
|
||||||
print $hba "local replication all trust\n";
|
|
||||||
}
|
|
||||||
else
|
|
||||||
{
|
{
|
||||||
print $hba
|
print $hba
|
||||||
"host replication all $test_localhost/32 sspi include_realm=1 map=regress\n";
|
"host replication all $test_localhost/32 sspi include_realm=1 map=regress\n";
|
||||||
|
@ -373,9 +369,6 @@ a directory that's only accessible to the current user to ensure that.
|
||||||
On Windows, we use SSPI authentication to ensure the same (by pg_regress
|
On Windows, we use SSPI authentication to ensure the same (by pg_regress
|
||||||
--config-auth).
|
--config-auth).
|
||||||
|
|
||||||
pg_hba.conf is configured to allow replication connections. Pass the keyword
|
|
||||||
parameter hba_permit_replication => 0 to disable this.
|
|
||||||
|
|
||||||
WAL archiving can be enabled on this node by passing the keyword parameter
|
WAL archiving can be enabled on this node by passing the keyword parameter
|
||||||
has_archiving => 1. This is disabled by default.
|
has_archiving => 1. This is disabled by default.
|
||||||
|
|
||||||
|
@ -396,8 +389,6 @@ sub init
|
||||||
my $pgdata = $self->data_dir;
|
my $pgdata = $self->data_dir;
|
||||||
my $host = $self->host;
|
my $host = $self->host;
|
||||||
|
|
||||||
$params{hba_permit_replication} = 1
|
|
||||||
unless defined $params{hba_permit_replication};
|
|
||||||
$params{allows_streaming} = 0 unless defined $params{allows_streaming};
|
$params{allows_streaming} = 0 unless defined $params{allows_streaming};
|
||||||
$params{has_archiving} = 0 unless defined $params{has_archiving};
|
$params{has_archiving} = 0 unless defined $params{has_archiving};
|
||||||
|
|
||||||
|
@ -451,7 +442,7 @@ sub init
|
||||||
}
|
}
|
||||||
close $conf;
|
close $conf;
|
||||||
|
|
||||||
$self->set_replication_conf if $params{hba_permit_replication};
|
$self->set_replication_conf if $params{allows_streaming};
|
||||||
$self->enable_archiving if $params{has_archiving};
|
$self->enable_archiving if $params{has_archiving};
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -591,9 +582,6 @@ Does not start the node after initializing it.
|
||||||
|
|
||||||
A recovery.conf is not created.
|
A recovery.conf is not created.
|
||||||
|
|
||||||
pg_hba.conf is configured to allow replication connections. Pass the keyword
|
|
||||||
parameter hba_permit_replication => 0 to disable this.
|
|
||||||
|
|
||||||
Streaming replication can be enabled on this node by passing the keyword
|
Streaming replication can be enabled on this node by passing the keyword
|
||||||
parameter has_streaming => 1. This is disabled by default.
|
parameter has_streaming => 1. This is disabled by default.
|
||||||
|
|
||||||
|
@ -615,8 +603,6 @@ sub init_from_backup
|
||||||
my $root_name = $root_node->name;
|
my $root_name = $root_node->name;
|
||||||
|
|
||||||
$params{has_streaming} = 0 unless defined $params{has_streaming};
|
$params{has_streaming} = 0 unless defined $params{has_streaming};
|
||||||
$params{hba_permit_replication} = 1
|
|
||||||
unless defined $params{hba_permit_replication};
|
|
||||||
$params{has_restoring} = 0 unless defined $params{has_restoring};
|
$params{has_restoring} = 0 unless defined $params{has_restoring};
|
||||||
|
|
||||||
print
|
print
|
||||||
|
@ -638,7 +624,6 @@ sub init_from_backup
|
||||||
qq(
|
qq(
|
||||||
port = $port
|
port = $port
|
||||||
));
|
));
|
||||||
$self->set_replication_conf if $params{hba_permit_replication};
|
|
||||||
$self->enable_streaming($root_node) if $params{has_streaming};
|
$self->enable_streaming($root_node) if $params{has_streaming};
|
||||||
$self->enable_restoring($root_node) if $params{has_restoring};
|
$self->enable_restoring($root_node) if $params{has_restoring};
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue