Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commitbe37c21

Browse files
committed
Enable replication connections by default in pg_hba.conf
initdb now initializes a pg_hba.conf that allows replication connectionsfrom the local host, same as it does for regular connections. Theconnecting user still needs to have the REPLICATION attribute or be asuperuser.The intent is to allow pg_basebackup from the local host to succeedwithout requiring additional configuration.Michael Paquier <michael.paquier@gmail.com> and me
1 parent355d399 commitbe37c21

File tree

5 files changed

+18
-35
lines changed

5 files changed

+18
-35
lines changed

‎doc/src/sgml/ref/initdb.sgml

Lines changed: 11 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -120,11 +120,17 @@ PostgreSQL documentation
120120
<term><option>--auth=<replaceable class="parameter">authmethod</replaceable></option></term>
121121
<listitem>
122122
<para>
123-
This option specifies the authentication method for local users used
124-
in <filename>pg_hba.conf</> (<literal>host</literal>
125-
and <literal>local</literal> lines). Do not use <literal>trust</>
126-
unless you trust all local users on your system. <literal>trust</> is
127-
the default for ease of installation.
123+
This option specifies the default authentication method for local
124+
users used in <filename>pg_hba.conf</> (<literal>host</literal>
125+
and <literal>local</literal> lines). <command>initdb</command> will
126+
prepopulate <filename>pg_hba.conf</filename> entries using the
127+
specified authentication method for non-replication as well as
128+
replication connections.
129+
</para>
130+
131+
<para>
132+
Do not use <literal>trust</> unless you trust all local users on your
133+
system. <literal>trust</> is the default for ease of installation.
128134
</para>
129135
</listitem>
130136
</varlistentry>

‎src/backend/libpq/pg_hba.conf.sample

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -84,6 +84,6 @@ host all all 127.0.0.1/32 @authmethodhost@
8484
host all all ::1/128 @authmethodhost@
8585
# Allow replication connections from localhost, by a user with the
8686
# replication privilege.
87-
@remove-line-for-nolocal@#local replication@default_username@ @authmethodlocal@
88-
#host replication@default_username@ 127.0.0.1/32 @authmethodhost@
89-
#host replication@default_username@ ::1/128 @authmethodhost@
87+
@remove-line-for-nolocal@local replicationall @authmethodlocal@
88+
host replicationall 127.0.0.1/32 @authmethodhost@
89+
host replicationall ::1/128 @authmethodhost@

‎src/bin/initdb/initdb.c

Lines changed: 0 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -1235,11 +1235,6 @@ setup_config(void)
12351235
"@authcomment@",
12361236
(strcmp(authmethodlocal,"trust")==0||strcmp(authmethodhost,"trust")==0) ?AUTHTRUST_WARNING :"");
12371237

1238-
/* Replace username for replication */
1239-
conflines=replace_token(conflines,
1240-
"@default_username@",
1241-
username);
1242-
12431238
snprintf(path,sizeof(path),"%s/pg_hba.conf",pg_data);
12441239

12451240
writefile(path,conflines);

‎src/bin/pg_basebackup/t/010_pg_basebackup.pl

Lines changed: 2 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -4,7 +4,7 @@
44
use Config;
55
use PostgresNode;
66
use TestLib;
7-
use Test::Moretests=>73;
7+
use Test::Moretests=>72;
88

99
program_help_ok('pg_basebackup');
1010
program_version_ok('pg_basebackup');
@@ -15,15 +15,12 @@
1515
my$node = get_new_node('main');
1616

1717
# Initialize node without replication settings
18-
$node->init(hba_permit_replication=> 0);
18+
$node->init;
1919
$node->start;
2020
my$pgdata =$node->data_dir;
2121

2222
$node->command_fails(['pg_basebackup'],
2323
'pg_basebackup needs target directory specified');
24-
$node->command_fails(
25-
['pg_basebackup','-D',"$tempdir/backup" ],
26-
'pg_basebackup fails because of hba');
2724

2825
# Some Windows ANSI code pages may reject this filename, in which case we
2926
# quietly proceed without this bit of test coverage.

‎src/test/perl/PostgresNode.pm

Lines changed: 2 additions & 17 deletions
Original file line numberDiff line numberDiff line change
@@ -349,11 +349,7 @@ sub set_replication_conf
349349

350350
openmy$hba,">>$pgdata/pg_hba.conf";
351351
print$hba"\n# Allow replication (set up by PostgresNode.pm)\n";
352-
if (!$TestLib::windows_os)
353-
{
354-
print$hba"local replication all trust\n";
355-
}
356-
else
352+
if ($TestLib::windows_os)
357353
{
358354
print$hba
359355
"host replication all$test_localhost/32 sspi include_realm=1 map=regress\n";
@@ -373,9 +369,6 @@ a directory that's only accessible to the current user to ensure that.
373369
On Windows, we use SSPI authentication to ensure the same (by pg_regress
374370
--config-auth).
375371
376-
pg_hba.conf is configured to allow replication connections. Pass the keyword
377-
parameter hba_permit_replication => 0 to disable this.
378-
379372
WAL archiving can be enabled on this node by passing the keyword parameter
380373
has_archiving => 1. This is disabled by default.
381374
@@ -396,8 +389,6 @@ sub init
396389
my$pgdata =$self->data_dir;
397390
my$host =$self->host;
398391

399-
$params{hba_permit_replication} = 1
400-
unlessdefined$params{hba_permit_replication};
401392
$params{allows_streaming} = 0unlessdefined$params{allows_streaming};
402393
$params{has_archiving} = 0unlessdefined$params{has_archiving};
403394

@@ -451,7 +442,7 @@ sub init
451442
}
452443
close$conf;
453444

454-
$self->set_replication_confif$params{hba_permit_replication};
445+
$self->set_replication_confif$params{allows_streaming};
455446
$self->enable_archivingif$params{has_archiving};
456447
}
457448

@@ -591,9 +582,6 @@ Does not start the node after initializing it.
591582
592583
A recovery.conf is not created.
593584
594-
pg_hba.conf is configured to allow replication connections. Pass the keyword
595-
parameter hba_permit_replication => 0 to disable this.
596-
597585
Streaming replication can be enabled on this node by passing the keyword
598586
parameter has_streaming => 1. This is disabled by default.
599587
@@ -615,8 +603,6 @@ sub init_from_backup
615603
my$root_name =$root_node->name;
616604

617605
$params{has_streaming} = 0unlessdefined$params{has_streaming};
618-
$params{hba_permit_replication} = 1
619-
unlessdefined$params{hba_permit_replication};
620606
$params{has_restoring} = 0unlessdefined$params{has_restoring};
621607

622608
print
@@ -638,7 +624,6 @@ sub init_from_backup
638624
qq(
639625
port =$port
640626
));
641-
$self->set_replication_confif$params{hba_permit_replication};
642627
$self->enable_streaming($root_node)if$params{has_streaming};
643628
$self->enable_restoring($root_node)if$params{has_restoring};
644629
}

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp