Обсуждение: "repliation" as database name

Поиск
Список
Период
Сортировка

"repliation" as database name

От
Kyotaro HORIGUCHI
Дата:
Hello.

We can create a database named "replication".

$ createdb replication

A pg_hba.conf entry with DATABASE="all" is described as 'does not
match "replication"' in the comment there, but actually it
matches and we can connect to the database
"replication". (Documentation doesn't mention the restriction)

$ psql replication -At -c 'select current_database()'
replication

We can specify the name replication by quoting and it does not
match a replication connection. It is not documented at all.

pg_hba.conf
> local "replication" all trust
> #local replication all trust  ## commented out

> FATAL:  could not connect to the primary server: FATAL:  no pg_hba.conf entry for replication connection from host
"[local]",user "horiguti", SSL off
 

> $ psql replication -At -c 'select current_database()'
> replication

The same can be said to sameuser, samerole and even all. I think
this is absolutely sane behavior and worth documentation in any
extent if it doesn't become complex.

I think that at least the following amendments would be needed.

- Remove ""all" does not match "replication"". Instead "The "all"
  keyword does not match replication connections."

- double-quoted database name is taken literally.

Is it worth doing?

regards.

-- 
Kyotaro Horiguchi
NTT Open Source Software Center



Re: "repliation" as database name

От
Kyotaro HORIGUCHI
Дата:
At Tue, 18 Dec 2018 18:48:25 +0900 (Tokyo Standard Time), Kyotaro HORIGUCHI <horiguchi.kyotaro@lab.ntt.co.jp> wrote in
<20181218.184825.02619975.horiguchi.kyotaro@lab.ntt.co.jp>
> - Remove ""all" does not match "replication"". Instead "The "all"
>   keyword does not match replication connections."
> - double-quoted database name is taken literally.

I found that in the documentation thanks to a notification
off-list. And after some reconfirmation, what I want to fix is
only a few lines of comment in pg_hba.conf.sample.

-# database name, or a comma-separated list thereof. The "all"
-# keyword does not match "replication". Access to replication
-# must be enabled in a separate record (see example below).
+# database name, or a comma-separated list thereof. The "all" keyword
+# matches all databases. The "replication" keyword matches a physical
+# replication connection request and it must be enabled in a separate
+# record (see example below)

regards.

-- 
Kyotaro Horiguchi
NTT Open Source Software Center
From b270a38b3edc90a3f56cb07ea6fdd5a20140fd46 Mon Sep 17 00:00:00 2001
From: Kyotaro Horiguchi <horiguchi.kyotaro@lab.ntt.co.jp>
Date: Fri, 21 Dec 2018 15:48:25 +0900
Subject: [PATCH] Clarify the comments about "all" and "replication" in
 pg_hba.conf.sample

In the explanetory comments in the pg_hba.conf.sample file looks a bit
misleading. Clarify the meaning of "all" and "replication" keywords by
make database name distinctive from keywords.
---
 src/backend/libpq/pg_hba.conf.sample | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/src/backend/libpq/pg_hba.conf.sample b/src/backend/libpq/pg_hba.conf.sample
index c853e36232..7c9c225afe 100644
--- a/src/backend/libpq/pg_hba.conf.sample
+++ b/src/backend/libpq/pg_hba.conf.sample
@@ -22,9 +22,10 @@
 # plain TCP/IP socket.
 #
 # DATABASE can be "all", "sameuser", "samerole", "replication", a
-# database name, or a comma-separated list thereof. The "all"
-# keyword does not match "replication". Access to replication
-# must be enabled in a separate record (see example below).
+# database name, or a comma-separated list thereof. The "all" keyword
+# matches all databases. The "replication" keyword matches a physical
+# replication connection request and it must be enabled in a separate
+# record (see example below).
 #
 # USER can be "all", a user name, a group name prefixed with "+", or a
 # comma-separated list thereof.  In both the DATABASE and USER fields
-- 
2.16.3


Re: "repliation" as database name

От
Tom Lane
Дата:
Kyotaro HORIGUCHI <horiguchi.kyotaro@lab.ntt.co.jp> writes:
> I found that in the documentation thanks to a notification
> off-list. And after some reconfirmation, what I want to fix is
> only a few lines of comment in pg_hba.conf.sample.

> -# database name, or a comma-separated list thereof. The "all"
> -# keyword does not match "replication". Access to replication
> -# must be enabled in a separate record (see example below).
> +# database name, or a comma-separated list thereof. The "all" keyword
> +# matches all databases. The "replication" keyword matches a physical
> +# replication connection request and it must be enabled in a separate
> +# record (see example below)

Hm, I agree that the para doesn't read very well now, but I think this
could be improved further.  How about something like

# DATABASE can be "all", "sameuser", "samerole", "replication", a
# database name, or a comma-separated list thereof.  The "replication"
# keyword matches replication connection requests (see example below).
# The "all" keyword matches all database names, but not replication
# connections.

            regards, tom lane


Re: "repliation" as database name

От
Kyotaro HORIGUCHI
Дата:
At Wed, 26 Dec 2018 12:59:32 -0500, Tom Lane <tgl@sss.pgh.pa.us> wrote in <32289.1545847172@sss.pgh.pa.us>
> Kyotaro HORIGUCHI <horiguchi.kyotaro@lab.ntt.co.jp> writes:
> > I found that in the documentation thanks to a notification
> > off-list. And after some reconfirmation, what I want to fix is
> > only a few lines of comment in pg_hba.conf.sample.
> 
> > -# database name, or a comma-separated list thereof. The "all"
> > -# keyword does not match "replication". Access to replication
> > -# must be enabled in a separate record (see example below).
> > +# database name, or a comma-separated list thereof. The "all" keyword
> > +# matches all databases. The "replication" keyword matches a physical
> > +# replication connection request and it must be enabled in a separate
> > +# record (see example below)
> 
> Hm, I agree that the para doesn't read very well now, but I think this
> could be improved further.  How about something like
> 
> # DATABASE can be "all", "sameuser", "samerole", "replication", a
> # database name, or a comma-separated list thereof.  The "replication"
> # keyword matches replication connection requests (see example below).
> # The "all" keyword matches all database names, but not replication
> # connections.

I'm afraid that just dropping "it must be enabled in a separate
record" leads to confusion. How about adding a comment to
replication connection examples.

# Allow replication connections from localhost, by a user with the
# replication privilege. Each definition must have its own record.

regards.

-- 
Kyotaro Horiguchi
NTT Open Source Software Center



Re: "repliation" as database name

От
Kyotaro HORIGUCHI
Дата:
At Mon, 28 Jan 2019 17:30:57 +0900 (Tokyo Standard Time), Kyotaro HORIGUCHI <horiguchi.kyotaro@lab.ntt.co.jp> wrote in
<20190128.173057.41178374.horiguchi.kyotaro@lab.ntt.co.jp>
> At Wed, 26 Dec 2018 12:59:32 -0500, Tom Lane <tgl@sss.pgh.pa.us> wrote in <32289.1545847172@sss.pgh.pa.us>
> > Hm, I agree that the para doesn't read very well now, but I think this
> > could be improved further.  How about something like
> > 
> > # DATABASE can be "all", "sameuser", "samerole", "replication", a
> > # database name, or a comma-separated list thereof.  The "replication"
> > # keyword matches replication connection requests (see example below).
> > # The "all" keyword matches all database names, but not replication
> > # connections.
> 
> I'm afraid that just dropping "it must be enabled in a separate
> record" leads to confusion. How about adding a comment to
> replication connection examples.
> 
> # Allow replication connections from localhost, by a user with the
> # replication privilege. Each definition must have its own record.

Mmm, this doesn't seem to saying what I wanted to say there.
This seems better.

# Allow replication connections from localhost, by a user with
# the replication privilege. They must have separate records from
# non-replication connections.

regards.

-- 
Kyotaro Horiguchi
NTT Open Source Software Center