[英]Can I use .pgpass in logical replication?
I'm using Logical replication. 我正在使用逻辑复制。 I made subscription like below.
我订阅如下。
=# CREATE SUBSCRIPTION mysub CONNECTION 'host=xxx.xxx.xxx.xxx port=5432
user=postgres dbname=mydb password=<password>' PUBLICATION mypub;
NOTICE: created replication slot "mysub" on publisher
CREATE SUBSCRIPTION
But I wonder if I can use .pgpass file to provide password. 但是我想知道是否可以使用.pgpass文件提供密码。 Of course, I tried it.
当然,我尝试过了。 But it failed like below.
但是失败如下。
=# CREATE SUBSCRIPTION mysub CONNECTION 'host=xxx.xxx.xxx.xxx port=5432
user=postgres dbname=mydb' PUBLICATION mypub;
ERROR: could not connect to the publisher: fe_sendauth: no password supplied
[My .pgpass] [我的.pgpass]
localhost:5432:postgres:postgres:<password>
localhost:5432:mydb:postgres:<password>
xxx.xxx.xxx.xxx:5432:mydb:postgres:<password>
This .pgpass file works well for pgAgent. 该.pgpass文件适用于pgAgent。
Can I use .pgpass file for logical replication? 我可以使用.pgpass文件进行逻辑复制吗? or Should I write my password in CREATE statement?
还是应该在CREATE语句中写密码? If writing password in CREATE command is the only answer, is it secure?
如果仅在CREATE命令中写入密码是安全的吗?
https://www.postgresql.org/docs/10/static/sql-createsubscription.html https://www.postgresql.org/docs/10/static/sql-createsubscription.html
CONNECTION 'conninfo' The connection string to the publisher.
CONNECTION'conninfo'到发布者的连接字符串。 For details see
有关详细信息,请参见
https://www.postgresql.org/docs/10/static/libpq-connect.html#LIBPQ-CONNSTRING https://www.postgresql.org/docs/10/static/libpq-connect.html#LIBPQ-CONNSTRING
passfile
密码文件
Specifies the name of the file used to store passwords (see Section 33.15).
指定用于存储密码的文件名(请参见第33.15节)。 Defaults to ~/.pgpass
默认为〜/ .pgpass
So yes - it should work. 是的-应该可以。 Lets mock up.
让我们模拟一下。 First I deliberately use bad passfile to see if it's reflected in error:
首先,我故意使用错误的密码文件来查看它是否反映在错误中:
t=# CREATE SUBSCRIPTION mysub CONNECTION 'host=localhost port=5433 passfile=/tmp/p user=vao dbname=t' PUBLICATION mypub;
ERROR: could not connect to the publisher: fe_sendauth: no password supplied
no, it's not, but checking logs does: 不,不是,但是检查日志可以:
-bash-4.2$ tail /pg/d10/log/postgresql-Tue.log | grep WARN | tail -n 1
WARNING: password file "/tmp/p" has group or world access; permissions should be u=rw (0600) or less
ok, try using the default: 好的,尝试使用默认值:
t=# CREATE SUBSCRIPTION mysub CONNECTION 'host=localhost port=5433 user=vao dbname=t' PUBLICATION mypub;
ERROR: could not connect to the publisher: fe_sendauth: no password supplied
and this time even no warning! 这次甚至没有警告! so checking chmod:
所以检查chmod:
-bash-4.2$ ll ~/.pgpass
-r-------- 1 postgres postgres 1227 May 15 15:00 /home/vao/.pgpass
looks good, but aha - no line for this connection, because below asks for password: 看起来不错,但是啊哈-没有用于该连接的线路,因为下面要求输入密码:
-bash-4.2$ psql -h localhost -p 5433 -U vao t
Password for user vao:
so: 所以:
echo '*:*:*:vao:blah' > ~/.pgpass
-bash-4.2$ psql -h localhost -p 5433 -U vao t
psql: FATAL: password authentication failed for user "vao"
password retrieved from file "/var/lib/pgsql93/.pgpass"
aha - now it uses it, so back to SQL: 啊哈-现在它使用它,所以回到SQL:
t=# CREATE SUBSCRIPTION mysub CONNECTION 'host=localhost port=5433 user=vao dbname=t' PUBLICATION mypub;
ERROR: could not connect to the publisher: FATAL: password authentication failed for user "vao"
password retrieved from file "/var/lib/pgsql93/.pgpass"
yes, you can use both specified and default pgpassword file for logical replication subscription 是的,您可以使用指定的和默认的pgpassword文件进行逻辑复制预订
[Solved] I did like this. [解决]我确实喜欢这样。
In .pgpass 在.pgpass中
(IP of publisher):5432:mydb:postgres:(my password)
Changed owner, group of .pgpass to 'postgres' 已将.pgpass组的所有者更改为'postgres'
-rw-------. 1 postgres postgres 163 5월 18 06:06 .pgpass
( When owner and group of .pgpass was 'pgagent', "fe_sendauth: no password supplied" occured. ) (当.pgpass的所有者和组为'pgagent'时,会出现“ fe_sendauth:未提供密码”。)
After log in to DB 登录数据库后
=# create subscription mysub connection 'host=(IP of publisher) port=5432 user=postgres dbname=mydb passfile=/var/lib/pgsql/.pgpass' publication mypub;
It works well ^^ 效果很好^^
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.