![]() This is due to fact that connections from pgBouncer to Postgres always occur through auth_user. If we use the approach with auth_user, then we will not be able to configure connection rules using pg_hba.conf in PostgreSQL. Host all +read_only 10.0.0.0/8 md5 After that, we can add 10 roles to "read_write" group and other 40 roles to "read_only" group. The first role has access to both servers, the second only to standby.Īdd to pg_hba.conf file on the primary: TYPE DATABASE USER ADDRESS METHOD host all +read_write 10.0.0.0/8 md5 and on the standby: TYPE DATABASE USER ADDRESS METHOD To implement access control we can create two user groups "read_write" and "read_only". 10 applications can connect to primary and standby and 40 only to standby. For example, suppose we have two servers with physical replication and we have 50 applications.Įach application has its own user. But there is a problem with this approach. Therefore, pgBouncer does not need to store a list of users. auth_user connects to database, reads pg_shadow table and checks username/password. Authentication file userlist.txt stores username and password hash for auth_user only. The most common is "use auth_user with auth_query if user not present in auth_file" as pgBouncer documentation says. There are two approaches to working with this file. PgBouncer uses userlist.txt file to authenticate users. This provides an additional layer of control over connections. You can set allowed addresses for connection using the listen_addr parameter in the same way as in PostgreSQL. For example, there is pg_hba.conf file, similar to pg_hba.conf in PostgreSQL. ![]() There are several mechanisms in pgBouncer allow you to manage connections permissions. ![]() In this article I want to talk about what problem we recently encountered and how we solved it. In addition, pgBouncer allows as to flexibly manage connections for different PostgreSQL instances, helps to perform database maintenance without downtime and much more. This is a really cool connection pooling solution for PostgreSQL. We almost always recommend its use to our customers. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |