Search Postgresql Archives

Re: pg_basebackup with hostssl ?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 2/2/22 08:37, Laura Smith wrote:



Sent with ProtonMail Secure Email.

‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐

On Wednesday, February 2nd, 2022 at 16:30, Adrian Klaver <adrian.klaver@xxxxxxxxxxx> wrote:


I am not following. pg_basebackup is a stand alone client that is not

involved in replication other then establishing a starting point from

which to later establish a replication relationship.



Indeed. And that is exactly that I am trying to do (i.e. have master, want new slave).


The error is saying that whatever instance you are pointing

pg_basebackup at does not have entry in pg_hba.conf for the

host/user/encryption combination pg_basebackup is trying to connect as.



But it *DOES* have an entry, per my original message:
"hostssl    replication    all    10.0.0.0/8    md5"


From the OP:

"
Long story short, I've got the following in pg_hba.conf of the master:
hostssl    replication    all    10.0.0.0/8    md5

But the slave is complaining:
FATAL: no pg_hba.conf entry for replication connection from host "10.1.2.3", user "myrepl", no encryption 

"
The error is coming from a connection to the slave which does not have data yet, correct? Or a matching pg_hba.conf entry, it would seem. 





And yes, that hba is loaded and live because other remote clients are happily connected to that server and thus reliant on a valid hba.conf.

The host is correct. The user is correct.

The point I am making is that pg_basebackup is connecting without encryption and I want to know how to tell it to use encryption. The docs are silent on the subject.


Not completely:

https://www.postgresql.org/docs/current/app-pgbasebackup.html

-d connstr
--dbname=connstr
Specifies parameters used to connect to the server, as a <connection string>; these will override any conflicting command line options.
The option is called --dbname for consistency with other client applications, but because pg_basebackup doesn't connect to any particular database in the cluster, any database name in the connection string will be ignored. 

Following the <connection string> link:

https://www.postgresql.org/docs/current/libpq-connect.html#LIBPQ-CONNSTRING

You can use that to set sslmode.

--
Adrian Klaver
adrian.klaver@xxxxxxxxxxx
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Postgresql Jobs]     [Postgresql Admin]     [Postgresql Performance]     [Linux Clusters]     [PHP Home]     [PHP on Windows]     [Kernel Newbies]     [PHP Classes]     [PHP Databases]     [Postgresql & PHP]     [Yosemite]

  Powered by Linux