On Tue, Nov 3, 2009 at 3:41 PM, JP Fletcher <jpfletch@xxxxxxxxxxxxxxx> wrote: > Hi, > > We manage hundreds of clusters and a handful of distinct pg_hba.conf files > across several sites. We are mostly satisfied with our automated method of > management, but on occasion, someone will hand edit a pg_hba.conf file, and > some application will get locked out. This a bad. We'd like to be able to > do a few things related to auditing pg_hba.conf: > > 1. Store a copy of pg_hba.conf on server start or reload > > 2. Have an audit trail that shows when particular rules were loaded. > > 3. Compare the contents of pg_hba.conf to the rules that are actually > loaded. > > 4. Alert the DBA when the rules loaded differ from the file that was > previously loaded. > > We can accomplish #1 and #2 by having a shell command copy the file, or by > storing rules in a db table. I'm not sure that #3 and #4 are possible until > we accomplish #1. I'm not aware of any function or catalog table/view that > stores pg_hba rules. I'm curious to know if anyone has any suggestions, or > has solved a similar problem. I'd probably put the various pg_hba.conf files under svn control, and then you can delete and check out a new one with a script that runs every so often / on server restart etc. Then when you need to change the pg_hba.conf for all the machines with x version of pg_hba.conf you update the master and run a script on the remote machines that checks out the new pg_hba.conf and reloads the db. -- Sent via pgsql-general mailing list (pgsql-general@xxxxxxxxxxxxxx) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-general
