[Bucardo-general] Is it possible to use RDS Postgres Read Only Replicas as a source for replication?

Greg Sabino Mullane greg at endpoint.com
Tue Jan 3 01:42:27 UTC 2017


On Mon, Jan 02, 2017 at 07:43:04PM -0500, Andrei Tchijov wrote:
> If we are
> going to accept that we have to let Bucardo talk to Master, then we would
> be better off, but use Bucardo “normal way”.

Well, perhaps. If Bucardo could be taught to do all its selects and, more 
importantly, its COPYs, from the replica, the extra overhead for Bucardo 
would be greatly reduced as it would be only touching the bucardo metadata 
tables on the master (plus the overhead of the triggers themselves, of course).

What is the security concern about Bucardo talking directly to the master? 
I'm a paranoid type, but there are many layers of security on the RDS, 
the local OS, and the Postgres side that do a very good job of locking 
everyone else out. Hm....unless the concern is having a pseudo-superuser 
connect to the master, in which case I wonder if this new scheme would 
allow us to connect as a non-superuser, since we would not need to do any 
session_replication_role changes on the master. Maybe a change we should 
make anyway... /wild_speculation

-- 
Greg Sabino Mullane greg at endpoint.com
End Point Corporation
PGP Key: 2529 DF6A B8F7 9407 E944  45B4 BC9B 9067 1496 4AC8
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 163 bytes
Desc: not available
URL: <https://mail.endcrypt.com/pipermail/bucardo-general/attachments/20170102/e5ec75c8/attachment.sig>


More information about the Bucardo-general mailing list