I’m trying to find the best way to separate the master from the slaves for security requirements.
In terms of network, I’m not allow to get connection from slaves to master. In terms of database, I use per table granularity replication. Any other idea ? De : Guillaume Lelarge [mailto:guilla...@lelarge.info] Envoyé : mardi 10 novembre 2015 14:17 À : TOINEL, Ludovic Cc : slony1-general@lists.slony.info; Andrew Sullivan Objet : Re: [Slony1-general] Network connection from slaves to the master Le 10 nov. 2015 2:03 PM, "TOINEL, Ludovic" <ludovic.toi...@capgemini.com<mailto:ludovic.toi...@capgemini.com>> a écrit : > > Thanks Andrew, > > We are not allowed to have network connection from the slaves to the master > (for security constraints). Only master can communicate with slaves. > We need database on slaves with mix replicates tables and read/write tables. > > The solution could be maybe that solution using a slony master has an Hot > standby of a master protected somewhere ? > > [slony slaves] <-----> [slony master - Standby node] <----(log > shipping)--|firewall|-- [master protected somewhere] > > Do you think this solution can work with slony ? > This will work as long as you don't try to execute write queries on the slony master, because it's a standby node and, as such, can only execute read queries. Meaning I'm wondering why you would use such a scheme. > Regards, > > Ludovic Toinel > > -----Message d'origine----- > De : > slony1-general-boun...@lists.slony.info<mailto:slony1-general-boun...@lists.slony.info> > > [mailto:slony1-general-boun...@lists.slony.info<mailto:slony1-general-boun...@lists.slony.info>] > De la part de Andrew Sullivan > Envoyé : mardi 10 novembre 2015 12:26 > À : slony1-general@lists.slony.info<mailto:slony1-general@lists.slony.info> > Objet : Re: [Slony1-general] Network connection from slaves to the master > > On Tue, Nov 10, 2015 at 09:51:29AM +0000, TOINEL, Ludovic wrote: > > The network allows only flows from master to slaves. > > > > Is there any option that I missed to do that ? > > Not really. In principle you could do this with the log shipping mode, but I > don't recall whether doing that on the master was not possible or just a > really bad idea. (You could do this with the built-in standby mechanisms of > Postgres, though. > > I do wonder why you have it set up this way, however. Why do you control the > flows this way? > > A > > -- > Andrew Sullivan > a...@crankycanuck.ca<mailto:a...@crankycanuck.ca> > _______________________________________________ > Slony1-general mailing list > Slony1-general@lists.slony.info<mailto:Slony1-general@lists.slony.info> > http://lists.slony.info/mailman/listinfo/slony1-general > _______________________________________________ > Slony1-general mailing list > Slony1-general@lists.slony.info<mailto:Slony1-general@lists.slony.info> > http://lists.slony.info/mailman/listinfo/slony1-general
_______________________________________________ Slony1-general mailing list Slony1-general@lists.slony.info http://lists.slony.info/mailman/listinfo/slony1-general
