[pgpool-general: 7301] Re: No TCP/IP connection to Pgpool on RHEL 8.2

Anssi Kanninen anssi at iki.fi
Tue Sep 22 20:40:16 JST 2020 

Could it be something to do with GSSAPI authentication? We are not using 
it with DB connections. With root user, it doesn't inform about it. As a 
regular user, psql gives us a GSSAPI authentication error.

On Tue, 22 Sep 2020, Anssi Kanninen wrote:

> Update: It works if the client running psql is root or postgres. If it is a 
> regular user, the connection fails.
>
> On Sun, 20 Sep 2020, Anssi Kanninen wrote:
>
>> Customer's network engineers are also investigating this for a possible 
>> firewall rule problem.
>> 
>> On 18 September 2020 11:31:41 EEST, Anssi Kanninen <anssi at iki.fi> wrote:
>> 
>> Thank you!
>> Here is some more info. I made some comparison of the TCP traffic when 
>> connected to Pgpool or straight to PostgreSQL.
>> See attachments:
>> * cmd-pgpool.txt
>> The command and response when connected to Pgpool.
>> * tcpdump-pgpool.txt
>> A dump of TCP traffic to/from PgPool port when executed the command above.
>> * cmd-postgres.txt
>> The command and response when connected straight to PostgreSQL.
>> * tcpdump-postgres.txt
>> A dump of TCP traffic to/from PostgreSQL port when executed the command 
>> above.
>> Strangely, it seems that the database name and user name never reached 
>> Pgpool.
>> Hope this helps,
>>    - Anssi
>> On Fri, 18 Sep 2020, Bo Peng wrote:
>>  Hi,
>>  Thank you for reporting this issue.
>>  I am going to look into this one.
>>  On Fri, 18 Sep 2020 02:47:24 +0300
>>  Anssi Kanninen <anssi at iki.fi> wrote:
>>  Software versions are the same on both systems:
>>  PostgreSQL 12.2
>>  Pgpool 4.1.3
>>  On 18 September 2020 02:31:11 EEST, Anssi Kanninen <anssi at iki.fi> wrote:
>>  Hello,
>>  My Pgpool doesn't work on RHEL 8.2.
>>  Eveythins runs smoothly on my Centos 8.1.1911 virtual machines but when
>>  I
>>  transfer the same Pgpool/PostgreSQL configuration to customer's RHEL
>>  8.2,
>>  I can not connect to Pgpool via TCP/IP.
>>  Here is a clip of my log on Centos when I successfully fail to
>>  authenticate (x.x.x.x is a wrong interface, so this error is expected).
>>  So, "user" and "database" are show in the log.
>>  Sep 16 16:04:35 centos8i1 pgpool[6616]: [33-1] pid 6616: ERROR:  failed
>>  to authenticate
>>  Sep 16 16:04:35 centos8i1 pgpool[6616]: [33-2] pid 6616: DETAIL:  no
>>  pg_hba.conf entry for host "x.x.x.x", user "pgpool", database
>>  "postgres", SSL off
>>  Here is log of successful connection. Protocol Major is 3 and Minor is
>>  0.
>>  Sep 18 02:07:28 centos8i1 pgpool[27853]: [26-1] pid 27853: DEBUG:
>>  reading startup packet
>>  Sep 18 02:07:28 centos8i1 pgpool[27853]: [26-2] pid 27853: DETAIL:
>>  application_name: psql
>>  Sep 18 02:07:28 centos8i1 pgpool[27853]: [27-1] pid 27853: DEBUG:
>>  reading startup packet
>>  Sep 18 02:07:28 centos8i1 pgpool[27853]: [27-2] pid 27853: DETAIL:
>>  Protocol Major: 3 Minor: 0 database: postgres user: pgpool
>>  Sep 18 02:07:28 centos8i1 pgpool[27853]: [28-1] pid 27853: DEBUG:
>>  creating new connection to backend
>>  Sep 18 02:07:28 centos8i1 pgpool[27853]: [28-2] pid 27853: DETAIL:
>>  connecting 0 backend
>>  Sep 18 02:07:28 centos8i1 pgpool[27853]: [29-1] pid 27853: DEBUG:
>>  creating new connection to backend
>>  Sep 18 02:07:28 centos8i1 pgpool[27853]: [29-2] pid 27853: DETAIL:
>>  connecting 1 backend
>>  Sep 18 02:07:28 centos8i1 pgpool[27853]: [30-1] pid 27853: DEBUG:
>>  creating new connection to backend
>>  Sep 18 02:07:28 centos8i1 pgpool[27853]: [30-2] pid 27853: DETAIL:
>>  connecting 2 backend
>>  Sep 18 02:07:28 centos8i1 pgpool[27853]: [31-1] pid 27853: DEBUG:
>>  authentication backend
>>  Sep 18 02:07:28 centos8i1 pgpool[27853]: [31-2] pid 27853: DETAIL:
>>  auth kind:10
>>  Sep 18 02:07:28 centos8i1 pgpool[27853]: [32-1] pid 27853: DEBUG:
>>  authentication backend 0
>>  Sep 18 02:07:28 centos8i1 pgpool[27853]: [32-2] pid 27853: DETAIL:
>>  trying SCRAM authentication
>>  Sep 18 02:07:28 centos8i1 pgpool[27853]: [33-1] pid 27853: DEBUG:
>>  SCRAM authentication successful for backend 0
>>  So, the above works.
>>  But then I transfer the same configuration to the customer's RHEL 8.2,
>>  the
>>  same connection attempt shows this:
>>  Sep 18 01:48:31 haketikuqadb01 pgpool[348681]: [262-1] pid 348681:
>>  DEBUG:  I am 348681 accept fd 8
>>  Sep 18 01:48:31 haketikuqadb01 pgpool[348681]: [263-1] pid 348681:
>>  DEBUG:  reading startup packet
>>  Sep 18 01:48:31 haketikuqadb01 pgpool[348681]: [263-2] pid 348681:
>>  DETAIL:  Protocol Major: 1234 Minor: 5680 database:  user:
>>  Sep 18 01:48:31 haketikuqadb01 pgpool[348681]: [264-1] pid 348681:
>>  FATAL:  client authentication failed
>>  Sep 18 01:48:31 haketikuqadb01 pgpool[348681]: [264-2] pid 348681:
>>  DETAIL:  no pool_hba.conf entry for host "x.x.x.x", user "", database
>>  "", SSL off
>>  Sep 18 01:48:31 haketikuqadb01 pgpool[348681]: [264-3] pid 348681:
>>  HINT:  see pgpool log for details
>>  Sep 18 01:48:31 haketikuqadb01 pgpool[348612]: [46-1] pid 348612:
>>  DEBUG:  reaper handler
>>  Sep 18 01:48:31 haketikuqadb01 pgpool[348612]: [47-1] pid 348612: LOG:
>>  child process with pid: 348681 exits with status 512
>>  Protocol Major and Minor numbers look strange and why the database name
>>  and user name are empty? Did it fail to read the incoming packet for
>>  some
>>  reason? The connection was local but thru TCP/IP network interface.
>>  Linux
>>  firewall was used but same ports were open on both clusters. SELinux is
>>  in
>>  use.
>>  Psql client responds like this:
>>  psql: error: could not connect to server: server closed the connection
>>  unexpectedly
>>          This propably means the server terminated abnormally
>>          before or while processing the request.
>>  Here is my pool_hba.conf:
>>  local   all         all                               trust
>>  host    all         all         127.0.0.1/32          trust
>>  host    all         all         ::1/128               trust
>>  host    all         pgpool      samenet               scram-sha-256
>>  host    all         postgres    samenet               scram-sha-256
>>  My pool_passwd looks like this:
>>  postgres:AESmyencryptedpassword==
>>  pgpool:AESmyencryptedpassword==
>>  The psql command was as follows and the password was correct:
>>  $ psql -h x.x.x.x postgres pgpool -w
>>  So, something is different on our RHEL but what?
>>  Best regards,
>>    Anssi
>> ______________________________________________________________________________________________________________
>>  pgpool-general mailing list
>>  pgpool-general at pgpool.net
>>  http://www.pgpool.net/mailman/listinfo/pgpool-general
>>  --
>>  Bo Peng <pengbo at sraoss.co.jp>
>>  SRA OSS, Inc. Japan
>> 
>> 
>> 
>
> -- 
> anssi at iki.fi
> _______________________________________________
> pgpool-general mailing list
> pgpool-general at pgpool.net
> http://www.pgpool.net/mailman/listinfo/pgpool-general
>

-- 
anssi at iki.fi

More information about the pgpool-general mailing list