Participants
Kyotaro Horiguchi
Kyotaro Horiguchi
Tom Lane
Tom Lane
Attachments
Download Latest Patchset
+4-4
Show all attachments
Thread Outline
#1Kyotaro HoriguchiKyotaro Horiguchi
Dec 18, 2018
#2Kyotaro HoriguchiKyotaro Horiguchito Kyotaro Horiguchi (#1)
Dec 21, 2018
#3Tom LaneTom Laneto Kyotaro Horiguchi (#2)
Dec 26, 2018
#4Kyotaro HoriguchiKyotaro Horiguchito Tom Lane (#3)
Jan 28, 2019
#5Kyotaro HoriguchiKyotaro Horiguchito Kyotaro Horiguchi (#4)
Jan 29, 2019

"repliation" as database name

Started by Kyotaro Horiguchiover 7 years ago5 messageshackers
Jump to latest
#1Kyotaro Horiguchi
Kyotaro Horiguchi
horikyota.ntt@gmail.com

Hello.

We can create a database named "replication".

$ createdb replication

A pg_hba.conf entry with DATABASE="all" is described as 'does not
match "replication"' in the comment there, but actually it
matches and we can connect to the database
"replication". (Documentation doesn't mention the restriction)

$ psql replication -At -c 'select current_database()'
replication

We can specify the name replication by quoting and it does not
match a replication connection. It is not documented at all.

pg_hba.conf

local "replication" all trust
#local replication all trust ## commented out

FATAL: could not connect to the primary server: FATAL: no pg_hba.conf entry for replication connection from host "[local]", user "horiguti", SSL off

$ psql replication -At -c 'select current_database()'
replication

The same can be said to sameuser, samerole and even all. I think
this is absolutely sane behavior and worth documentation in any
extent if it doesn't become complex.

I think that at least the following amendments would be needed.

- Remove ""all" does not match "replication"". Instead "The "all"
keyword does not match replication connections."

- double-quoted database name is taken literally.

Is it worth doing?

regards.

--
Kyotaro Horiguchi
NTT Open Source Software Center

#2Kyotaro Horiguchi
Kyotaro Horiguchi
horikyota.ntt@gmail.com
In reply to: Kyotaro Horiguchi (#1)
Re: "repliation" as database name

At Tue, 18 Dec 2018 18:48:25 +0900 (Tokyo Standard Time), Kyotaro HORIGUCHI <horiguchi.kyotaro@lab.ntt.co.jp> wrote in <20181218.184825.02619975.horiguchi.kyotaro@lab.ntt.co.jp>

- Remove ""all" does not match "replication"". Instead "The "all"
keyword does not match replication connections."
- double-quoted database name is taken literally.

I found that in the documentation thanks to a notification
off-list. And after some reconfirmation, what I want to fix is
only a few lines of comment in pg_hba.conf.sample.

-# database name, or a comma-separated list thereof. The "all"
-# keyword does not match "replication". Access to replication
-# must be enabled in a separate record (see example below).
+# database name, or a comma-separated list thereof. The "all" keyword
+# matches all databases. The "replication" keyword matches a physical
+# replication connection request and it must be enabled in a separate
+# record (see example below)

regards.

--
Kyotaro Horiguchi
NTT Open Source Software Center

Attachments:

0001-Clarify-the-comments-about-all-and-replication-in-pg.patchtext/x-patch; charset=us-asciiDownload+4-4
#3Tom Lane
Tom Lane
tgl@sss.pgh.pa.us
In reply to: Kyotaro Horiguchi (#2)
Re: "repliation" as database name

Kyotaro HORIGUCHI <horiguchi.kyotaro@lab.ntt.co.jp> writes:

I found that in the documentation thanks to a notification
off-list. And after some reconfirmation, what I want to fix is
only a few lines of comment in pg_hba.conf.sample.

-# database name, or a comma-separated list thereof. The "all"
-# keyword does not match "replication". Access to replication
-# must be enabled in a separate record (see example below).
+# database name, or a comma-separated list thereof. The "all" keyword
+# matches all databases. The "replication" keyword matches a physical
+# replication connection request and it must be enabled in a separate
+# record (see example below)

Hm, I agree that the para doesn't read very well now, but I think this
could be improved further. How about something like

# DATABASE can be "all", "sameuser", "samerole", "replication", a
# database name, or a comma-separated list thereof. The "replication"
# keyword matches replication connection requests (see example below).
# The "all" keyword matches all database names, but not replication
# connections.

regards, tom lane

#4Kyotaro Horiguchi
Kyotaro Horiguchi
horikyota.ntt@gmail.com
In reply to: Tom Lane (#3)
Re: "repliation" as database name

At Wed, 26 Dec 2018 12:59:32 -0500, Tom Lane <tgl@sss.pgh.pa.us> wrote in <32289.1545847172@sss.pgh.pa.us>

Kyotaro HORIGUCHI <horiguchi.kyotaro@lab.ntt.co.jp> writes:

I found that in the documentation thanks to a notification
off-list. And after some reconfirmation, what I want to fix is
only a few lines of comment in pg_hba.conf.sample.

-# database name, or a comma-separated list thereof. The "all"
-# keyword does not match "replication". Access to replication
-# must be enabled in a separate record (see example below).
+# database name, or a comma-separated list thereof. The "all" keyword
+# matches all databases. The "replication" keyword matches a physical
+# replication connection request and it must be enabled in a separate
+# record (see example below)

Hm, I agree that the para doesn't read very well now, but I think this
could be improved further. How about something like

# DATABASE can be "all", "sameuser", "samerole", "replication", a
# database name, or a comma-separated list thereof. The "replication"
# keyword matches replication connection requests (see example below).
# The "all" keyword matches all database names, but not replication
# connections.

I'm afraid that just dropping "it must be enabled in a separate
record" leads to confusion. How about adding a comment to
replication connection examples.

# Allow replication connections from localhost, by a user with the
# replication privilege. Each definition must have its own record.

regards.

--
Kyotaro Horiguchi
NTT Open Source Software Center

#5Kyotaro Horiguchi
Kyotaro Horiguchi
horikyota.ntt@gmail.com
In reply to: Kyotaro Horiguchi (#4)
Re: "repliation" as database name

At Mon, 28 Jan 2019 17:30:57 +0900 (Tokyo Standard Time), Kyotaro HORIGUCHI <horiguchi.kyotaro@lab.ntt.co.jp> wrote in <20190128.173057.41178374.horiguchi.kyotaro@lab.ntt.co.jp>

At Wed, 26 Dec 2018 12:59:32 -0500, Tom Lane <tgl@sss.pgh.pa.us> wrote in <32289.1545847172@sss.pgh.pa.us>

Hm, I agree that the para doesn't read very well now, but I think this
could be improved further. How about something like

# DATABASE can be "all", "sameuser", "samerole", "replication", a
# database name, or a comma-separated list thereof. The "replication"
# keyword matches replication connection requests (see example below).
# The "all" keyword matches all database names, but not replication
# connections.

I'm afraid that just dropping "it must be enabled in a separate
record" leads to confusion. How about adding a comment to
replication connection examples.

# Allow replication connections from localhost, by a user with the
# replication privilege. Each definition must have its own record.

Mmm, this doesn't seem to saying what I wanted to say there.
This seems better.

# Allow replication connections from localhost, by a user with
# the replication privilege. They must have separate records from
# non-replication connections.

regards.

--
Kyotaro Horiguchi
NTT Open Source Software Center

← Back to Topics