0

I am replicating multiple PostgreSQL clústers in single server using streaming replication and dedicated replication slot.

We also want to monitor some parameters such as the status of replication slots on each master and, for this reason, we want to be able to connect the master using replication user just to query slot status so no need to setup any user having privileges to access any database.

I successfully achieved it in many servers. For example:

joanmi@standby:~$ PGPASSWORD=supersecret psql -h serverA.example.com -U replication -c "select slot_name, active from pg_replication_slots" postgres                                                                                                                 
    slot_name    | active       
-----------------+--------      
 pasifae_replica | t            
(1 fila)

But the exact same statement against another server throws an error message claiming about non allowed access. Concretely it says that there isn't any row in pg_hba.conf file allowing replicationuser from our standby server to connect postgres database.

joanmi@standby:~$ PGPASSWORD=supersecret psql -h serverB.example.com -U replication -c "select slot_name, active from pg_replic
ation_slots" postgres                                                                                                              
psql: FATAL:  no hay una línea en pg_hba.conf para «172.30.100.190», usuario «replication», base de datos «postgres», SSL activo   
FATAL:  no hay una línea en pg_hba.conf para «172.30.100.190», usuario «replication», base de datos «postgres», SSL inactivo

In fact that is true. But in both master servers and it only fails in one of them.

I checked both pg_hba.conf and below are the (unique) rows for replication user in both:

Server A:

host     replication     replication     172.30.100.190/32       md5

Server B:

host    replication     replication     172.30.100.0/24           md5

...and both are Postgresql 9.4. Concretely:

Server A: 9.4.6

Server B: 9.4.3

bitifet
  • 3,514
  • 15
  • 37

1 Answers1

1

The pg_hba.conf lines that you show only allow replication connections for the user replication.

You need a line like

host    postgres     replication    172.30.100.0/24     md5

If it works on one of the servers, there must be another line in pg_hba.conf that allows the connection.

Laurenz Albe
  • 209,280
  • 17
  • 206
  • 263
  • You're right! Perhaps I was blindly focusing in the fact that there is no other row explicitly granting rights to the user `replication`. 172.30.100.x is an administrative network we recently added for replication and backup traffic and I were unconsciously supposing there aren't any other accesses granted to that network yet apart of `replication` ones I put myself. Thanks and sorry for such a stupid question. – bitifet Mar 02 '18 at 11:35