[Bucardo-general] General clarifications about users permissions

David Christensen david at endpoint.com
Mon Jul 6 16:54:46 UTC 2020 

> On Jul 5, 2020, at 9:56 PM, Rodrigo Rodovalho <rodrigo.rodovalho at gmail.com> wrote:
> 
> Hi,
> 
> I'm having a little trouble setting up the correct postgres permissions of the databases involved in a two element multi-master environment. I would like to describe here my understanding and gently ask for clarifications in what is wrong. In my tests, I was able to make it work while the tests were made in a single machine using pgbench. Now, with two, I'm having constant authentications failures.

[snip]

> My commands so far, on Master-1:
>     $ bucardo add db database_local dbname=database_name
>     $ bucardo add db database_remote dbname=database_name port=5432 host=master_2_ip user=user_name password=password_2 <---- This connection works fine!
>     $ bucardo add dbgroup database_group database_local:source database_remote:source
>     $ bucardo add all tables relgroup=tables_group  <---- ISSUE HERE: "FATAL:  Peer authentication failed for user "bucardo" at line 64" (it really says *peer*)
>     $ bucardo add sync sync_name telgroup=tables_group dbgroup=database_group

It looks like there might be an earlier line in `pg_hba.conf` which is requiring peer authentication (probably for all local users).

One thing to know when setting up connections here is to know that there are two potential connections involved:

1) Connections initiated by the `bucardo` program.  These will be using the environment of the user who executes the program itself.

2) Connections initiated by the `postgres` database itself.  These are things like plperl functions which talk to the other databases in the cluster (example: validate_sync()).

You will want to check and see if there are pg_hba.conf configurations which are preventing things from working properly.

I find that it is helpful to put a .pgpass or pg_service file with the actual passwords for the bucardo user in ~postgres and whatever user runs your service account for bucardo just to make the authentication more concise.

HTH,

David
--
David Christensen
Senior Software and Database Engineer
End Point Corporation
david at endpoint.com
785-727-1171



-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: Message signed with OpenPGP
URL: <https://bucardo.org/pipermail/bucardo-general/attachments/20200706/732f7ce0/attachment.sig>

More information about the Bucardo-general mailing list