Thanks again Christophe, I think I had this mix you talk about with the pool_hba.conf and pg_hba.conf ... anyway,.. now I understand it, and I think it yet does not work. Here I describe what I do, first a configuration wich works, and then the one I would like, but that does not work.
1) WORKING CONFIGURATION: (pgpool is in 192.168.1.30) #cat pool_hba.conf local all all trust host all postgres 192.168.1.30/32 trust in both backends #cat pg_hba.conf local all all trust host all postgres 192.168.1.30/32 trust This configuration works great in all cases. But is clearly insecure. 2) NOT WORKING CONFIGURATION: (pgpool is in 192.168.1.30) #cat pool_hba.conf local all all trust host all postgres 192.168.1.30/32 trust host all postgres 192.168.1.31/32 trust in both backends #cat pg_hba.conf local all all trust host all postgres 192.168.1.30/32 password Replication works fine. Can conect to pgpool and SELECT or INSERT... When I do: #pcp_recovery_node -d 5 192.168.1.30 9898 postgres "pass" 1 DEBUG: send: tos="R", len=46 DEBUG: recv: tos="r", len=21, data=AuthenticationOK DEBUG: send: tos="D", len=6 DEBUG: recv: tos="e", len=20, data=recovery failed DEBUG: command failed. reason=recovery failed BackendError DEBUG: send: tos="X", len=4 And pgpool says: 2010-04-13 12:58:23 DEBUG: pid 3471: pcp_child: start online recovery 2010-04-13 12:58:23 LOG: pid 3471: starting recovering node 1 2010-04-13 12:58:23 ERROR: pid 3471: start_recover: could not connect master node. 2010-04-13 12:58:23 DEBUG: pid 3465: starting health checking 2010-04-13 12:58:23 DEBUG: pid 3465: health_check: 0 th DB node status: 1 2010-04-13 12:58:23 DEBUG: pid 3465: health_check: 1 th DB node status: 3 2010-04-13 12:58:23 DEBUG: pid 3471: pcp_child: received PCP packet type of service 'X' 2010-04-13 12:58:23 DEBUG: pid 3471: pcp_child: client disconnecting. close connection 2010-04-13 12:58:24 DEBUG: pid 3465: starting health checking 2010-04-13 12:58:24 DEBUG: pid 3465: health_check: 0 th DB node status: 1 2010-04-13 12:58:24 DEBUG: pid 3465: health_check: 1 th DB node status: 3 As I understand, in pool_hba.conf is possible just autenticate with trust or PAM... Having it in trust, and leting pg_hba.conf to autenticate with password, it works fine,... but not with pcp_recovery_node as it is not asking for password. 2010/4/13 Christophe Philemotte <[email protected]> > > In my configuration I have enabled the "enable_pool_hba" option, and, in > > "pool_hba.conf" I have all the IP in trusted authentication mode (it just > > can be trust, reject or PAM). > > In my "pg_hba.conf" file, I have those same IPs but, this time, in > > "password" authernticacion mode. > > I think you mix pool_hba and pg_hba fields meaning. > > The pool_hba allows you to setup authentication between the client and > pgpool. And the pg_hba allows you to setup authentication between the > client and the postgresql, but this time the client could be pgpool. > > So, in pg_hba.conf, you have to put IP of your pgpool, not your client > (except if you want clients could directly connect to your backend). > > > That works perfectry in replication, so, connection is perfectrly > possible. > It depends on your whole setup. Could you send the files to check them? > > > In my pcp.conf I have an md5 password configured. > > > > If a node falls and I try: > > pcp_recovery_node -d 5 pgpool_host port user password 1 > In recovery process, the last step is to remotely start the > resynchronized backend. Are you sure that the start command is well > send to it? Is your ssh keys sharing is well setup? > > Have you log the actions made by your recovery scripts? It is a good > information source to debug what exactly happens. > > > It drops the message I told... > > As I understand, the password in the recovery command must be the one > MD5ed > > in pcp.conf, isn't it? > yes, it is. > > > which can be or can't be the same in PostgreSQL database? > It is a password to access to the administration control interface of > pgpool. So, it could be whatever you want and setup in pcp.conf. > > > or, the password in pcp.conf MUST be the MD5ed PostgreSQL > > password? > No, there is no obligation. > > regards, > > christophe >
_______________________________________________ Pgpool-general mailing list [email protected] http://pgfoundry.org/mailman/listinfo/pgpool-general
