Plans of merging "cluster spec option to disable default pg_hba.conf"

Hello and thank you for all hard work!

Is there any plans to complete the merge of ?
It is an important functionality for us but, unfortunately, we can’t use it if it’s not in the master branch due to internal rules of our company.

@sjv That was a PR that I did but I’m not sure how it should be really useful. Can you provide more details on why you require this feature?

@sgotti We would like to allow access to the postgres server to the exact ips / networks only.
To achieve this we have to change pg_hba.conf directly.

@sjv I think you can achieve this by setting cluster spec defaultSUReplAccessMode to strict.

In this way stolon will create the required postgres entries the permit access only by the other keepers and not from every ip.
Then you can add your own additional hba entries to the pgHBA cluster spec option. You should add rules to permit access from the proxies since the keepers will see client connection coming from the proxies. See also stolon/ at master · sorintlab/stolon · GitHub

@sgotti Wow, awesome! We’ll try that, thank you!

1 Like