[Bucardo-general] Is it possible to use RDS Postgres Read Only Replicas as a source for replication?
Greg Sabino Mullane
greg at endpoint.com
Tue Jan 3 01:42:27 UTC 2017
On Mon, Jan 02, 2017 at 07:43:04PM -0500, Andrei Tchijov wrote:
> If we are
> going to accept that we have to let Bucardo talk to Master, then we would
> be better off, but use Bucardo “normal way”.
Well, perhaps. If Bucardo could be taught to do all its selects and, more
importantly, its COPYs, from the replica, the extra overhead for Bucardo
would be greatly reduced as it would be only touching the bucardo metadata
tables on the master (plus the overhead of the triggers themselves, of course).
What is the security concern about Bucardo talking directly to the master?
I'm a paranoid type, but there are many layers of security on the RDS,
the local OS, and the Postgres side that do a very good job of locking
everyone else out. Hm....unless the concern is having a pseudo-superuser
connect to the master, in which case I wonder if this new scheme would
allow us to connect as a non-superuser, since we would not need to do any
session_replication_role changes on the master. Maybe a change we should
make anyway... /wild_speculation
--
Greg Sabino Mullane greg at endpoint.com
End Point Corporation
PGP Key: 2529 DF6A B8F7 9407 E944 45B4 BC9B 9067 1496 4AC8
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 163 bytes
Desc: not available
URL: <https://mail.endcrypt.com/pipermail/bucardo-general/attachments/20170102/e5ec75c8/attachment.sig>
More information about the Bucardo-general
mailing list