| From: | Michael Banck <mbanck(at)gmx(dot)net> |
|---|---|
| To: | kamal deen <kamaldeendba(at)gmail(dot)com> |
| Cc: | Ron Johnson <ronljohnsonjr(at)gmail(dot)com>, pgsql-admin <pgsql-admin(at)postgresql(dot)org> |
| Subject: | Re: Super user password explicit in patroni yml |
| Date: | 2025-03-03 14:16:15 |
| Message-ID: | 67c5b9b0.050a0220.324e87.5ae8@mx.google.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-admin |
Hi,
On Thu, Feb 27, 2025 at 01:30:55AM +0530, kamal deen wrote:
> Without .pgpass file patroni can connect to postgres ?
Well, I think you could also set the password via environment variables,
but I am not sure that is much better form a security point-of-view.
As an alternative, if you have unix sockets configured and keep the
superuser password empty, Patroni will use a local unix socket
connection, i.e. does not require a superuser password to be set.
> How patroni service works in this sinario?
If you want to use pg_rewind, you will need to configure an additional
pg_rewind user (with a password, cause pg_rewind connects remotely) if
your superuser has no password. If you add this to a running Patroni
cluster, I think Patroni will not GRANT the necessary function execution
rights to this pg_rewind user so you will have to do this yourself. This
should all be in the Patroni documentation.
Michael
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Mike L | 2025-03-03 17:59:01 | Re: Create Publication v12 |
| Previous Message | David G. Johnston | 2025-03-03 14:10:08 | Re: pg_upgrade and generated column |