> Tatsuo, thank you very much for the answer. I only have one question: > > Is there any estimated date for release PGPool-II 3.2?
I estimate the earliest would be May 2012. -- Tatsuo Ishii SRA OSS, Inc. Japan English: http://www.sraoss.co.jp/index_en.php Japanese: http://www.sraoss.co.jp > Regards. > > -----Mensaje original----- > De: Tatsuo Ishii [mailto:is...@sraoss.co.jp] > Enviado el: lunes, 21 de noviembre de 2011 09:24 > Para: Lazaro Rubén García Martinez > CC: guilla...@lelarge.info; pgpool-general@pgfoundry.org > Asunto: Re: [Pgpool-general] Authentication method used for > sr_check_password, health_check_password and recovery_password > > I have checked pgpool-II 3.1 code and found that my explanation was wrong. > > 1) sr_check_user and sr_check_password are working fine with 3.1 even > with md5 auth. > > 2) health_check_password is ignored in 3.1. So you can not use other > trust with health_check_user. > > For #2, it seems a fix to recognize health_check_password will break > backward compatibility. Because 3.1 code uses V2 protocol (used by 7.3 > or before). To enable md5 auth, I need to replace it by using > make_persistent_db_connection(), which handles V3 protocol only. So it > seems there's no hope to recognize health_check_password in 3.1.x. > > 3.2 will allow to use md5 auth with health_check_password for price > of discontinuing support for V2 protocol. > > BTW, problem with SSL is totally different story. It seems someone > forgot to allow to use SSL with health checking and > make_persistent_db_connection()... > -- > Tatsuo Ishii > SRA OSS, Inc. Japan > English: http://www.sraoss.co.jp/index_en.php > Japanese: http://www.sraoss.co.jp > >> I configured pg_hba.conf like this: >> >> #For recovery_user and health_check_user of pgpool >> hostssl postgres pgpool 10.13.4.201/32 >> md5 >> hostssl template1 pgpool 10.13.4.201/32 >> md5 >> >> #For sr_check_user of pgpool >> hostssl postgres sr_pgpool 10.13.4.201/32 >> trust >> hostssl template1 sr_pgpool 10.13.4.201/32 >> trust >> >> The postgresql log file shows this error: >> >> LOG: connection received: host=10.13.4.201 port=50640 >> LOG: could not receive data from client: Connection reset by peer >> >> The pgpoolAdmin tool doesn't shows the information about master and standby >> nodes. >> >> Please, I need configure the access from pgpool to postgreSQL through md5 >> authentication method, or other authentication method different of trust. >> >> Is this possible with Pgpool-II??, because I tested it, in different ways >> and always these errors are shown. >> >> pgpool.conf is configure like this: >> >> ************************************************************* >> ssl = on >> ssl_key = '/opt/pgpool/ssl/server.key' >> ssl_cert = '/opt/pgpool/ssl/server.cert' >> >> sr_check_user = 'sr_pgpool' >> sr_check_password = '' >> >> health_check_user = 'pgpool' >> health_check_password = 'pgpool' >> >> recovery_user = 'pgpool' >> recovery_password = 'pgpool' >> >> ************************************************************ >> >> Regards and thank you very much for your time. >> >> -----Mensaje original----- >> De: Lazaro Rubén García Martinez >> Enviado el: lunes, 21 de noviembre de 2011 10:59 >> Para: Lazaro Rubén García Martinez; Guillaume Lelarge >> CC: pgpool-general@pgfoundry.org >> Asunto: RE: [Pgpool-general] Authentication method used for >> sr_check_password, health_check_password and recovery_password >> >> Continuing with this thread, I have some doubt about using SSL connections >> with pgpool and postgreSQL, my pg_hba.conf have this configuration at this >> moment: >> >> hostssl postgres pgpool 10.13.4.201/32 >> trust >> hostssl template1 pgpool 10.13.4.201/32 >> trust >> hostssl postgres sr_pgpool 10.13.4.201/32 >> trust >> hostssl template1 sr_pgpool 10.13.4.201/32 >> trust >> >> But in the postgreSQL log file, this error is shows: >> >> LOG: connection received: host=10.13.4.201 port=50423 >> LOG: connection received: host=10.13.4.201 port=50424 >> LOG: connection authorized: user=sr_pgpool database=postgres >> LOG: connection authorized: user=sr_pgpool database=postgres >> LOG: statement: SELECT pg_is_in_recovery() >> LOG: statement: SELECT pg_current_xlog_location() >> LOG: disconnection: session time: 0:00:00.092 user=sr_pgpool >> database=postgres host=10.13.4.201 port=50424 >> LOG: disconnection: session time: 0:00:00.096 user=sr_pgpool >> database=postgres host=10.13.4.201 port=50423 >> LOG: connection received: host=10.13.4.201 port=50426 >> FATAL: no pg_hba.conf entry for host "10.13.4.201", user "pgpool", database >> "postgres", SSL off >> LOG: connection received: host=10.13.4.201 port=50428 >> LOG: connection authorized: user=sr_pgpool database=postgres >> LOG: statement: SELECT pg_is_in_recovery() >> LOG: disconnection: session time: 0:00:00.048 user=sr_pgpool >> database=postgres host=10.13.4.201 port=50428 >> LOG: connection received: host=10.13.4.201 port=50432 >> LOG: connection authorized: user=pgpool database=template1 >> LOG: statement: SELECT pg_is_in_recovery() >> LOG: disconnection: session time: 0:00:00.053 user=pgpool >> database=template1 host=10.13.4.201 port=50432 >> >> Why pgpool can connect to the database template1, and not to postgres >> database? >> >> In what case pgpool connects to database postgres and in what case connects >> to template1 database? >> >> Regards. >> >> -----Mensaje original----- >> De: pgpool-general-boun...@pgfoundry.org >> [mailto:pgpool-general-boun...@pgfoundry.org] En nombre de Lazaro Rubén >> García Martinez >> Enviado el: domingo, 20 de noviembre de 2011 06:43 >> Para: Guillaume Lelarge >> CC: pgpool-general@pgfoundry.org >> Asunto: Re: [Pgpool-general] Authentication method used for >> sr_check_password, health_check_password and recovery_password >> >> I am agree with you, but if it is not a bug, what is the purpose for having >> sr_sheck_password property in pgpool.conf file?. >> >> I think this property can confuse pgpool's users, for this reason I propose >> -1. >> >> If you understand that this feature should be present in Pgpool 3.2, I will >> agree with you too. >> >> Regards. >> ________________________________________ >> De: Guillaume Lelarge [guilla...@lelarge.info] >> Enviado el: domingo, 20 de noviembre de 2011 17:58 >> Para: Lazaro Rubén García Martinez >> CC: Tatsuo Ishii; pgpool-general@pgfoundry.org >> Asunto: RE: [Pgpool-general] Authentication method used for >> sr_check_password, health_check_password and recovery_password >> >> On Sun, 2011-11-20 at 17:24 -0430, Lazaro Rubén García Martinez wrote: >>> I think this feature is very important, because having trust acces in >>> pg_hba.conf is not a good idea. >> >> I understand that and I agree with you. The problem is not on the >> feature itself, but on which release it should be delivered. If the >> feature is really urgent to get out there, then we should release 3.2 >> quickly. We shouldn't put it in 3.1.whatever because 3.1.whatever could >> get out before 3.2. >> >> Minor releases shouldn't change behaviour apart from bugfixes. That's an >> important part of the trust you can have in a software. If we start to >> add features on bugfix releases, many people will stop doing minor >> updates on pgpool, afraid of bugs which might be included with new >> features. I know I'll do if this will happen, and I won't encourage my >> customers to upgrade their pgpool. >> >> So, definite +1 to add this feature to pgpool, +1 to add it to 3.2, -1 >> to add it as a bugfix in 3.1.1. It definitely is not a bugfix. >> >> >> -- >> Guillaume >> http://blog.guillaume.lelarge.info >> http://www.dalibo.com >> >> _______________________________________________ >> Pgpool-general mailing list >> Pgpool-general@pgfoundry.org >> http://pgfoundry.org/mailman/listinfo/pgpool-general >> _______________________________________________ >> Pgpool-general mailing list >> Pgpool-general@pgfoundry.org >> http://pgfoundry.org/mailman/listinfo/pgpool-general _______________________________________________ Pgpool-general mailing list Pgpool-general@pgfoundry.org http://pgfoundry.org/mailman/listinfo/pgpool-general
