From: | Haribabu Kommi <kommi(dot)haribabu(at)gmail(dot)com> |
---|---|
To: | Stephen Frost <sfrost(at)snowman(dot)net> |
Cc: | Pavel Stehule <pavel(dot)stehule(at)gmail(dot)com>, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Tomas Vondra <tomas(dot)vondra(at)2ndquadrant(dot)com>, PostgreSQL Hackers <pgsql-hackers(at)postgresql(dot)org> |
Subject: | Re: Providing catalog view to pg_hba.conf file - Patch submission |
Date: | 2015-03-02 06:36:18 |
Message-ID: | CAJrrPGedf9TrbCYS7QXtLrFSWp79k6La06z7J_V9r1B_SnWKzg@mail.gmail.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
On Sat, Feb 28, 2015 at 11:41 AM, Stephen Frost <sfrost(at)snowman(dot)net> wrote:
> Pavel,
>
> * Pavel Stehule (pavel(dot)stehule(at)gmail(dot)com) wrote:
>> 2015-02-27 22:26 GMT+01:00 Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>:
>> > Stephen Frost <sfrost(at)snowman(dot)net> writes:
>> > > Right, we also need a view (or function, or both) which provides what
>> > > the *active* configuration of the running postmaster is. This is
>> > > exactly what I was proposing (or what I was intending to, at least) with
>> > > pg_hba_active, so, again, I think we're in agreement here.
>> >
>> > I think that's going to be a lot harder than you realize, and it will have
>> > undesirable security implications, in that whatever you do to expose the
>> > postmaster's internal state to backends will also make it visible to other
>> > onlookers; not to mention probably adding new failure modes.
>>
>> we can do copy of pg_hba.conf somewhere when postmaster starts or when it
>> is reloaded.
>
> Please see my reply to Tom. There's no trivial way to reach into the
> postmaster from a backend- but we do get a copy of whatever the
> postmaster had when we forked, and the postmaster only reloads
> pg_hba.conf on a sighup and that sighup is passed down to the children,
> so we simply need to also reload the pg_hba.conf in the children when
> they get a sighup.
>
> That's how postgresql.conf is handled, which is what pg_settings is
> based off of, and I believe is the behavior folks are really looking
> for.
Loading pg_hba.conf during SIGHUP in the backends will solve the
problem of displaying the
data which is not yet loaded. This change may produce a warning if it
fails to load pg_hba.conf in the backends.
Here I attached the updated patch. I didn't yet added the pg_hba_check function.
I feel it is better to be a separate patch. I can share the same later.
Regards,
Hari Babu
Fujitsu Australia
Attachment | Content-Type | Size |
---|---|---|
Catalog_view_to_HBA_settings_patch_V6.patch | application/octet-stream | 19.0 KB |
From | Date | Subject | |
---|---|---|---|
Next Message | Fujii Masao | 2015-03-02 09:53:03 | Re: remove pg_standby? |
Previous Message | Michael Paquier | 2015-03-02 06:03:07 | Re: Idea: closing the loop for "pg_ctl reload" |