repmgr config question

10 views
Skip to first unread message

saha...@gmail.com

unread,
Jan 12, 2021, 12:09:57 PMJan 12
to repmgr
I imagine repmgr.org is the primary reference for configuring repmgr, but I've come across other "How To" references.

To make the overall postgres configuration more secure, I did the following:
1. I had originally configured as prescribed, with repmgr being a superuser and using trust authentication method.  I wanted to "secure" things, so I set password for the repmgr user, modified pg_hba.conf to use md5 (vs. trust), added entries to .pgpass for repmgr user.

2. I also wanted to try to minimize roles for repmgr user - i.e. having repmgr user not being a superuser.  I just thought that with password for repmgr being in .pgpass, someone could gain access to that superuser very easily.

Using 'createuser -s repmgr' command (from repmgr documentation),  the repmgr user has these attributes:
\dx repmgr
                       List of roles
Role name |            Attributes             | Member of  
-----------+-----------------------------------+-----------
repmgr    | Superuser, Create role, Create DB | {}


# SELECT * FROM pg_roles WHERE rolname !~ '^pg_' and rolname = 'repmgr';
-[ RECORD 1 ]--+------------------------------------------
rolname        | repmgr
rolsuper       | t
rolinherit     | t
rolcreaterole  | t
rolcreatedb    | t
rolcanlogin    | t
rolreplication | f


I've seen other references where the repmgr user only has this permission:
\dx repmgr
            List of roles 
Role name | Attributes  | Member of  
-----------+-------------+-----------
repmgr    | Replication | {}

This would indicate that repmgr would not have the SUPERUSER role.

Question:  Does repmgr definitely have to have SUPERUSER role?

To test, I had modified the repmgr to only have REPLICATION role:
ALTER USER repmgr WITH NOCREATEDB NOCREATEROLE NOSUPERUSER REPLICATION;

I then see the following output when issuing the command:
repmgr -f $REPMGR_CONF standby switchover --siblings-follow --verbose --dry-run
NOTICE: using provided configuration file "/var/lib/pgsql/12/repmgr/repmgr.conf"
NOTICE: checking switchover on node "pg-t02" (ID: 2) in --dry-run mode
WARNING: no superuser connection available
DETAIL: it is recommended to perform switchover operations with a database superuser
HINT: provide the name of a superuser with -S/--superuser


Thanks,
Scott

Ian Barwick

unread,
Jan 12, 2021, 7:07:37 PMJan 12
to rep...@googlegroups.com, saha...@gmail.com
Originally this was the case, but we've since removed this as a requirement
for the repmgr user. However there are some situations where superuser
(or superuser-level) permissions are required to perform certain tasks,
in which case a valid superuser needs to be provided with -S/--superuser.

> To test, I had modified the repmgr to only have REPLICATION role:
> ALTER USER repmgr WITH NOCREATEDB NOCREATEROLE NOSUPERUSER REPLICATION;
>
> I then see the following output when issuing the command:
> *repmgr -f $REPMGR_CONF standby switchover --siblings-follow --verbose --dry-run*
> NOTICE: using provided configuration file "/var/lib/pgsql/12/repmgr/repmgr.conf"
> NOTICE: checking switchover on node "pg-t02" (ID: 2) in --dry-run mode
> WARNING: no superuser connection available
> DETAIL: it is recommended to perform switchover operations with a database superuser
> HINT: provide the name of a superuser with -S/--superuser

Such as here, where repmgr would like to be able to perform a checkpoint,
something only superusers can do. See:

https://repmgr.org/docs/current/repmgr-standby-switchover.html#id-1.6.9.5


Regards

Ian Barwick


--
Ian Barwick https://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Training & Services
Reply all
Reply to author
Forward
0 new messages