I came across this error notice when trying to execute pg_rewind
through repmgr
's old primary demotion to standby after recovery. (the old standby @192.168.1.2 has already executed repmgr standby promote
)
https://serverfault.com/questions/1144242
postgres
version=15.4 repmgr
version=5.4dev and the command to execute such process and the following feedback are these:
repmgr node rejoin --force-rewind -d 'host=192.168.1.2 port=5432 user=rep dbname=repmgr connect_timeout=5'
NOTICE: rejoin target is node "yzx2" (ID: 2)
NOTICE: pg_rewind execution required for this node to attach to rejoin target node 2
DETAIL: rejoin target server's timeline 2 forked off current database system timeline 1 before current recovery point 0/81C6D80
NOTICE: executing pg_rewind
DETAIL: pg_rewind command is "/usr/pgsql-15/bin/pg_rewind -D '/pgdata' --source-server='host=192.168.1.2 port=5432 user=rep dbname=repmgr connect_timeout=5'"
ERROR: pg_rewind execution failed
DETAIL: pg_rewind: error: could not fetch remote file "global/pg_control": ERROR: permission denied for function pg_read_binary_file
Actually I have grant function pg_read_binary_file's execution right to the user rep, and here are the setup for this role:
CREATE EXTENSION repmgr;
GRANT pg_checkpoint TO rep;
GRANT pg_read_all_stats TO rep;
GRANT EXECUTE ON function pg_catalog.pg_ls_dir(text, boolean, boolean) TO rep;
GRANT EXECUTE ON function pg_catalog.pg_stat_file(text, boolean) TO rep;
GRANT EXECUTE ON function pg_catalog.pg_read_binary_file(text) TO rep;
GRANT EXECUTE ON function pg_catalog.pg_read_binary_file(text, bigint, bigint, boolean
I re-grant the right again using GRANT EXECUTE ON function pg_read_binary_file(text) TO rep;
, and it made no difference. It is not that the user rep
does not have the right to execute the function, but that the function has no right to fetch remote file "global/pg_control"
? BTW, I did not give ssh right to access postgres Linux account on another server for security reasons.