| From: | Adrian Klaver <adrian(dot)klaver(at)aklaver(dot)com> |
|---|---|
| To: | Laura Smith <n5d9xq3ti233xiyif2vp(at)protonmail(dot)ch> |
| Cc: | postgre <pgsql-general(at)lists(dot)postgresql(dot)org> |
| Subject: | Re: pg_basebackup with hostssl ? |
| Date: | 2022-02-02 16:50:31 |
| Message-ID: | c9ff64a4-8d52-fedb-8048-eb5b37813858@aklaver.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
On 2/2/22 08:37, Laura Smith wrote:
>
>
> Sent with ProtonMail Secure Email.
>
> ‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
>
> On Wednesday, February 2nd, 2022 at 16:30, Adrian Klaver <adrian(dot)klaver(at)aklaver(dot)com> wrote:
>
>> I am not following. pg_basebackup is a stand alone client that is not
>>
>> involved in replication other then establishing a starting point from
>>
>> which to later establish a replication relationship.
>>
>
> Indeed. And that is exactly that I am trying to do (i.e. have master, want new slave).
>
>> The error is saying that whatever instance you are pointing
>>
>> pg_basebackup at does not have entry in pg_hba.conf for the
>>
>> host/user/encryption combination pg_basebackup is trying to connect as.
>>
>
> But it *DOES* have an entry, per my original message:
> "hostssl replication all 10.0.0.0/8 md5"
From the OP:
"
Long story short, I've got the following in pg_hba.conf of the master:
hostssl replication all 10.0.0.0/8 md5
But the slave is complaining:
FATAL: no pg_hba.conf entry for replication connection from host
"10.1.2.3", user "myrepl", no encryption
"
The error is coming from a connection to the slave which does not have
data yet, correct? Or a matching pg_hba.conf entry, it would seem.
>
> And yes, that hba is loaded and live because other remote clients are happily connected to that server and thus reliant on a valid hba.conf.
>
> The host is correct. The user is correct.
>
> The point I am making is that pg_basebackup is connecting without encryption and I want to know how to tell it to use encryption. The docs are silent on the subject.
Not completely:
https://www.postgresql.org/docs/current/app-pgbasebackup.html
-d connstr
--dbname=connstr
Specifies parameters used to connect to the server, as a
<connection string>; these will override any conflicting command line
options.
The option is called --dbname for consistency with other client
applications, but because pg_basebackup doesn't connect to any
particular database in the cluster, any database name in the connection
string will be ignored.
Following the <connection string> link:
https://www.postgresql.org/docs/current/libpq-connect.html#LIBPQ-CONNSTRING
You can use that to set sslmode.
--
Adrian Klaver
adrian(dot)klaver(at)aklaver(dot)com
| From | Date | Subject | |
|---|---|---|---|
| Next Message | David G. Johnston | 2022-02-02 16:51:05 | Re: pg_basebackup with hostssl ? |
| Previous Message | Laura Smith | 2022-02-02 16:40:32 | Re: pg_basebackup with hostssl ? |