public inbox for [email protected]
help / color / mirror / Atom feedFrom: Dan Mahoney (Gushi) <[email protected]>
To: Laurenz Albe <[email protected]>
Cc: [email protected]
Subject: Re: pgpass file in postresql.auto.conf?
Date: Tue, 30 Sep 2025 12:34:43 +0000 (UTC)
Message-ID: <[email protected]> (raw)
In-Reply-To: <[email protected]>
References: <[email protected]>
<[email protected]>
On Fri, 26 Sep 2025, Laurenz Albe wrote:
> On Fri, 2025-09-26 at 12:05 +0000, Dan Mahoney (Gushi) wrote:
>> In the interest of automation, I've set up a pgpass file for my
>> pg_basebackup between master and standby. This all works, thusly:
>>
>> pg_basebackup -d
>> 'postgres://[email protected]:5432/foo?sslmode=verify-ca' -F p
>> --wal-method=stream -P -R -D /var/db/postgres/data17-test3
>>
>> However, instead of the password getting baked into the pgsql.auto.conf,
>> the reference to the passfile gets put in, instead:
>>
>> # Do not edit this file manually!
>> # It will be overwritten by the ALTER SYSTEM command.
>> primary_conninfo = 'user=repuser passfile=''/var/db/postgres/.pgpass''
>> channel_binding=prefer host=10.1.1.1 port=5432 sslmode=''verify-ca''
>> sslnegotiation=postgres sslcompression=0 sslcertmode=allow sslsni=1
>> ssl_min_protocol_version=TLSv1.2 gssencmode=disable krbsrvname=postgres
>> gssdelegation=0 target_session_attrs=any load_balance_hosts=disable
>> dbname=foo'
>
> That happens when "pg_basebackup" used a password file to connect to
> the PostgreSQL server.
>
>> But it seems postgres won't actually read the passfile.
>
> Oh yes, it will, as long as it has permissions 0600, 0400 or 0700 and
> belongs to the database server OS user (commonly "postgres").
> It must have worked for the "pg_basebackup", so PostgreSQL assumes it
> will also work for replication.
I found the problem.
When I did the basebackup, I used a string like:
postgres://[email protected]:5432/foo?sslmode=verify-ca
And my .pgpass file on the replica reflects this:
#hostname:port:database:username:password
10.1.1.1:5432:foo:repuser:xxxx
(I read *somewhere* that you can use a dummy databasename in the .pgpass
file for replication purposes, but the actual DB is ignored.)
What I missed was that for replication, the database name in .pgpass
*must* be 'replication', for pgpass to pay attention to it.
As in, while everything else about the connection string allowed
pgbasebackup to find that line, that same fake DB name was not baked in to
the primary_conninfo allow postgres to find the same user.
-Dan
--
reply
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Reply to all the recipients using the --to and --cc options:
reply via email
To: [email protected]
Cc: [email protected], [email protected], [email protected]
Subject: Re: pgpass file in postresql.auto.conf?
In-Reply-To: <[email protected]>
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox