Skip site navigation (1) Skip section navigation (2)

Re: Remote administration functionality

From: "Dave Page" <dpage(at)vale-housing(dot)co(dot)uk>
To: "Bruce Momjian" <pgman(at)candle(dot)pha(dot)pa(dot)us>
Cc: "Tom Lane" <tgl(at)sss(dot)pgh(dot)pa(dot)us>,"Magnus Hagander" <mha(at)sollentuna(dot)net>,"PostgreSQL-development" <pgsql-hackers(at)postgreSQL(dot)org>
Subject: Re: Remote administration functionality
Date: 2005-07-31 09:11:16
Message-ID: E7F85A1B5FF8D44C8A1AF6885BC9A0E485078C@ratbert.vale-housing.co.uk (view raw or flat)
Thread:
Lists: pgsql-hackers


-----Original Message-----
From: Bruce Momjian [mailto:pgman(at)candle(dot)pha(dot)pa(dot)us]
Sent: Sun 7/31/2005 4:39 AM
To: Dave Page
Cc: Tom Lane; Magnus Hagander; PostgreSQL-development
Subject: Remote administration functionality
 

> The idea of the patch was to give applications the full unix I/O
> capabilities, allowing them to program these functions into
> administration applications.  I think the group generally would like a
> higher-level API that allows something like:
> 
> 	SET GLOBAL log_statement = 'mod';

Sounds reasonable (and quite nice) for postgresql.conf, but consider pg_hba.conf. The production systems I run at work have heavily commented pg_hba.conf files, with entries that are intentionally ordered. As you know, unlike postgresql.conf, there is no fixed set of possible entries. How can we create a cleaner inteface for that, and be able to maintain annotations in the file in a way that works well when using tools and text editors at different times?

The best I have come up with is functions similar to:

SELECT pg_set_hba_line(20, 'hostssl all all 192.168.1.1/32 md5');
SELECT pg_add_hba_line(19, '# Allow global access for Dave''s test workstation');
SELECT pg_delete_hba_line(24);

However, there are a couple of things that concern me about doing it this way:

- It would make the client code much more complex as it would need to track each change the user makes individually, before applying the end result.

- It doesn't really give us a cleaner, less hackish interface and just seems like work for the sake of it.

I suppose we could just add functions like:

pg_write_hba_file('File contents'::text);
pg_read_hba_file() AS text;

Which would limit what the functions could be used for to their precisely intended purpose, without compromising flexibility.

> Given the confusion about the patch, I think we can give folks some time
> to work on any additional remote administration bulleted items while we
> clean out the patches queue.

Thank you - and my apologies if anyone thought my previous rant came across too srongly, or was unjustified.

Regards, Dave

Responses

pgsql-hackers by date

Next:From: Pavel StehuleDate: 2005-07-31 09:16:22
Subject: Qustions about timestampz
Previous:From: Andreas PflugDate: 2005-07-31 08:55:19
Subject: Re: Remote administration functionality

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group