[pgpool-general: 7300] Re: No TCP/IP connection to Pgpool on RHEL 8.2

Anssi Kanninen anssi at iki.fi
Tue Sep 22 19:34:25 JST 2020


Update: It works if the client running psql is root or postgres. If it is 
a regular user, the connection fails.

On Sun, 20 Sep 2020, Anssi Kanninen wrote:

> Customer's network engineers are also investigating this for a possible firewall rule problem.
> 
> On 18 September 2020 11:31:41 EEST, Anssi Kanninen <anssi at iki.fi> wrote:
> 
> Thank you!
> Here is some more info. I made some comparison of the TCP traffic when 
> connected to Pgpool or straight to PostgreSQL.
> See attachments:
> * cmd-pgpool.txt
> The command and response when connected to Pgpool.
> * tcpdump-pgpool.txt
> A dump of TCP traffic to/from PgPool port when executed the command 
> above.
> * cmd-postgres.txt
> The command and response when connected straight to PostgreSQL.
> * tcpdump-postgres.txt
> A dump of TCP traffic to/from PostgreSQL port when executed the command 
> above.
> Strangely, it seems that the database name and user name never reached 
> Pgpool.
> Hope this helps,
>    - Anssi
> On Fri, 18 Sep 2020, Bo Peng wrote:
>  Hi,
>  Thank you for reporting this issue.
>  I am going to look into this one.
>  On Fri, 18 Sep 2020 02:47:24 +0300
>  Anssi Kanninen <anssi at iki.fi> wrote:
>  Software versions are the same on both systems:
>  PostgreSQL 12.2
>  Pgpool 4.1.3
>  On 18 September 2020 02:31:11 EEST, Anssi Kanninen <anssi at iki.fi> wrote:
>  Hello,
>  My Pgpool doesn't work on RHEL 8.2.
>  Eveythins runs smoothly on my Centos 8.1.1911 virtual machines but when
>  I
>  transfer the same Pgpool/PostgreSQL configuration to customer's RHEL
>  8.2,
>  I can not connect to Pgpool via TCP/IP.
>  Here is a clip of my log on Centos when I successfully fail to
>  authenticate (x.x.x.x is a wrong interface, so this error is expected).
>  So, "user" and "database" are show in the log.
>  Sep 16 16:04:35 centos8i1 pgpool[6616]: [33-1] pid 6616: ERROR:  failed
>  to authenticate
>  Sep 16 16:04:35 centos8i1 pgpool[6616]: [33-2] pid 6616: DETAIL:  no
>  pg_hba.conf entry for host "x.x.x.x", user "pgpool", database
>  "postgres", SSL off
>  Here is log of successful connection. Protocol Major is 3 and Minor is
>  0.
>  Sep 18 02:07:28 centos8i1 pgpool[27853]: [26-1] pid 27853: DEBUG:
>  reading startup packet
>  Sep 18 02:07:28 centos8i1 pgpool[27853]: [26-2] pid 27853: DETAIL:
>  application_name: psql
>  Sep 18 02:07:28 centos8i1 pgpool[27853]: [27-1] pid 27853: DEBUG:
>  reading startup packet
>  Sep 18 02:07:28 centos8i1 pgpool[27853]: [27-2] pid 27853: DETAIL:
>  Protocol Major: 3 Minor: 0 database: postgres user: pgpool
>  Sep 18 02:07:28 centos8i1 pgpool[27853]: [28-1] pid 27853: DEBUG:
>  creating new connection to backend
>  Sep 18 02:07:28 centos8i1 pgpool[27853]: [28-2] pid 27853: DETAIL:
>  connecting 0 backend
>  Sep 18 02:07:28 centos8i1 pgpool[27853]: [29-1] pid 27853: DEBUG:
>  creating new connection to backend
>  Sep 18 02:07:28 centos8i1 pgpool[27853]: [29-2] pid 27853: DETAIL:
>  connecting 1 backend
>  Sep 18 02:07:28 centos8i1 pgpool[27853]: [30-1] pid 27853: DEBUG:
>  creating new connection to backend
>  Sep 18 02:07:28 centos8i1 pgpool[27853]: [30-2] pid 27853: DETAIL:
>  connecting 2 backend
>  Sep 18 02:07:28 centos8i1 pgpool[27853]: [31-1] pid 27853: DEBUG:
>  authentication backend
>  Sep 18 02:07:28 centos8i1 pgpool[27853]: [31-2] pid 27853: DETAIL:
>  auth kind:10
>  Sep 18 02:07:28 centos8i1 pgpool[27853]: [32-1] pid 27853: DEBUG:
>  authentication backend 0
>  Sep 18 02:07:28 centos8i1 pgpool[27853]: [32-2] pid 27853: DETAIL:
>  trying SCRAM authentication
>  Sep 18 02:07:28 centos8i1 pgpool[27853]: [33-1] pid 27853: DEBUG:
>  SCRAM authentication successful for backend 0
>  So, the above works.
>  But then I transfer the same configuration to the customer's RHEL 8.2,
>  the
>  same connection attempt shows this:
>  Sep 18 01:48:31 haketikuqadb01 pgpool[348681]: [262-1] pid 348681:
>  DEBUG:  I am 348681 accept fd 8
>  Sep 18 01:48:31 haketikuqadb01 pgpool[348681]: [263-1] pid 348681:
>  DEBUG:  reading startup packet
>  Sep 18 01:48:31 haketikuqadb01 pgpool[348681]: [263-2] pid 348681:
>  DETAIL:  Protocol Major: 1234 Minor: 5680 database:  user:
>  Sep 18 01:48:31 haketikuqadb01 pgpool[348681]: [264-1] pid 348681:
>  FATAL:  client authentication failed
>  Sep 18 01:48:31 haketikuqadb01 pgpool[348681]: [264-2] pid 348681:
>  DETAIL:  no pool_hba.conf entry for host "x.x.x.x", user "", database
>  "", SSL off
>  Sep 18 01:48:31 haketikuqadb01 pgpool[348681]: [264-3] pid 348681:
>  HINT:  see pgpool log for details
>  Sep 18 01:48:31 haketikuqadb01 pgpool[348612]: [46-1] pid 348612:
>  DEBUG:  reaper handler
>  Sep 18 01:48:31 haketikuqadb01 pgpool[348612]: [47-1] pid 348612: LOG:
>  child process with pid: 348681 exits with status 512
>  Protocol Major and Minor numbers look strange and why the database name
>  and user name are empty? Did it fail to read the incoming packet for
>  some
>  reason? The connection was local but thru TCP/IP network interface.
>  Linux
>  firewall was used but same ports were open on both clusters. SELinux is
>  in
>  use.
>  Psql client responds like this:
>  psql: error: could not connect to server: server closed the connection
>  unexpectedly
>          This propably means the server terminated abnormally
>          before or while processing the request.
>  Here is my pool_hba.conf:
>  local   all         all                               trust
>  host    all         all         127.0.0.1/32          trust
>  host    all         all         ::1/128               trust
>  host    all         pgpool      samenet               scram-sha-256
>  host    all         postgres    samenet               scram-sha-256
>  My pool_passwd looks like this:
>  postgres:AESmyencryptedpassword==
>  pgpool:AESmyencryptedpassword==
>  The psql command was as follows and the password was correct:
>  $ psql -h x.x.x.x postgres pgpool -w
>  So, something is different on our RHEL but what?
>  Best regards,
>    Anssi
> ______________________________________________________________________________________________________________
>  pgpool-general mailing list
>  pgpool-general at pgpool.net
>  http://www.pgpool.net/mailman/listinfo/pgpool-general
>  --
>  Bo Peng <pengbo at sraoss.co.jp>
>  SRA OSS, Inc. Japan
> 
> 
>

-- 
anssi at iki.fi


More information about the pgpool-general mailing list