Tips on maintaining several pg_hba files

On Thu, Jan 26, 2017 at 2:36 AM, Alfredo Palhares <alfredo@palhares.me> wrote:

I have a PostgreSQL cluster with several ROLES that access the node
according to his state.

On the master node, I only want the roles that need to write and the admins.
On the synchronous node i would want only roles with read access that
require the most up to date data, and the admins
On the asynchronous node allow roles with read acess, and users to debug the
system.

So I will probably be templating the pg_hba.conf file since there are
common roles between the systems.
Do you guys have any suggestions on this? Links?

Does pg_hba support to include files?

You cannot include an entire file, but it is possible to list users
and/or databases via files specified by @:
https://www.postgresql.org/docs/9.6/static/auth-pg-hba-conf.html

Particularly this bit:
Files included by @ constructs are read as lists of names, which can
be separated by either whitespace or commas. Comments are introduced
by #, just as in pg_hba.conf, and nested @ constructs are allowed.
Unless the file name following @ is an absolute path, it is taken to
be relative to the directory containing the referencing file.

So you could take advantage of that to handle your configurations on
different nodes with the same pg_hba.conf, but different users and
databases.
--
Michael

--
Sent via pgsql-general mailing list (pgsql-general@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-general