Is there a way to have subscribers with no direct SQL access to the provider ?
The provider write the data on the subscribers directly. -----Message d'origine----- De : slony1-general-boun...@lists.slony.info [mailto:slony1-general-boun...@lists.slony.info] De la part de Stéphane Schildknecht Envoyé : mardi 10 novembre 2015 14:45 À : slony1-general@lists.slony.info Objet : Re: [Slony1-general] Network connection from slaves to the master On 10/11/2015 14:03, TOINEL, Ludovic wrote: > Thanks Andrew, > > We are not allowed to have network connection from the slaves to the master > (for security constraints). You really should think about a VPN between nodes. It would simplify your architecture. But, in theory, subscriber nodes could be on a DMZ. They can be accessed by daemons, but you don't need them to access providers. Your daemons would run on a node that can access every other node. BTW, there are no real master and slaves in Slony. There are nodes, which can be subscribers (receiving modifications readonly), and providers (read/write). And you can have a subscriber of a set that is provider of another. Only master can communicate with slaves. > We need database on slaves with mix replicates tables and read/write tables. > > The solution could be maybe that solution using a slony master has an Hot > standby of a master protected somewhere ? > > [slony slaves] <-----> [slony master - Standby node] <----(log > shipping)--|firewall|-- [master protected somewhere] > > Do you think this solution can work with slony ? > > Regards, > > Ludovic Toinel > > -----Message d'origine----- > De : slony1-general-boun...@lists.slony.info > [mailto:slony1-general-boun...@lists.slony.info] De la part de Andrew > Sullivan Envoyé : mardi 10 novembre 2015 12:26 À : > slony1-general@lists.slony.info Objet : Re: [Slony1-general] Network > connection from slaves to the master > > On Tue, Nov 10, 2015 at 09:51:29AM +0000, TOINEL, Ludovic wrote: >> The network allows only flows from master to slaves. >> >> Is there any option that I missed to do that ? > > Not really. In principle you could do this with the log shipping mode, but I > don't recall whether doing that on the master was not possible or just a > really bad idea. (You could do this with the built-in standby mechanisms of > Postgres, though. > > I do wonder why you have it set up this way, however. Why do you control the > flows this way? > > A > > -- > Andrew Sullivan > a...@crankycanuck.ca -- Stéphane Schildknecht Contact régional PostgreSQL pour l'Europe francophone Loxodata - Conseil, expertise et formations 06.17.11.37.42 _______________________________________________ Slony1-general mailing list Slony1-general@lists.slony.info http://lists.slony.info/mailman/listinfo/slony1-general _______________________________________________ Slony1-general mailing list Slony1-general@lists.slony.info http://lists.slony.info/mailman/listinfo/slony1-general
