[pgpool-general: 7301] Re: No TCP/IP connection to Pgpool on RHEL 8.2
Anssi Kanninen
anssi at iki.fi
Tue Sep 22 20:40:16 JST 2020
Could it be something to do with GSSAPI authentication? We are not using
it with DB connections. With root user, it doesn't inform about it. As a
regular user, psql gives us a GSSAPI authentication error.
On Tue, 22 Sep 2020, Anssi Kanninen wrote:
> Update: It works if the client running psql is root or postgres. If it is a
> regular user, the connection fails.
>
> On Sun, 20 Sep 2020, Anssi Kanninen wrote:
>
>> Customer's network engineers are also investigating this for a possible
>> firewall rule problem.
>>
>> On 18 September 2020 11:31:41 EEST, Anssi Kanninen <anssi at iki.fi> wrote:
>>
>> Thank you!
>> Here is some more info. I made some comparison of the TCP traffic when
>> connected to Pgpool or straight to PostgreSQL.
>> See attachments:
>> * cmd-pgpool.txt
>> The command and response when connected to Pgpool.
>> * tcpdump-pgpool.txt
>> A dump of TCP traffic to/from PgPool port when executed the command above.
>> * cmd-postgres.txt
>> The command and response when connected straight to PostgreSQL.
>> * tcpdump-postgres.txt
>> A dump of TCP traffic to/from PostgreSQL port when executed the command
>> above.
>> Strangely, it seems that the database name and user name never reached
>> Pgpool.
>> Hope this helps,
>> - Anssi
>> On Fri, 18 Sep 2020, Bo Peng wrote:
>> Hi,
>> Thank you for reporting this issue.
>> I am going to look into this one.
>> On Fri, 18 Sep 2020 02:47:24 +0300
>> Anssi Kanninen <anssi at iki.fi> wrote:
>> Software versions are the same on both systems:
>> PostgreSQL 12.2
>> Pgpool 4.1.3
>> On 18 September 2020 02:31:11 EEST, Anssi Kanninen <anssi at iki.fi> wrote:
>> Hello,
>> My Pgpool doesn't work on RHEL 8.2.
>> Eveythins runs smoothly on my Centos 8.1.1911 virtual machines but when
>> I
>> transfer the same Pgpool/PostgreSQL configuration to customer's RHEL
>> 8.2,
>> I can not connect to Pgpool via TCP/IP.
>> Here is a clip of my log on Centos when I successfully fail to
>> authenticate (x.x.x.x is a wrong interface, so this error is expected).
>> So, "user" and "database" are show in the log.
>> Sep 16 16:04:35 centos8i1 pgpool[6616]: [33-1] pid 6616: ERROR: failed
>> to authenticate
>> Sep 16 16:04:35 centos8i1 pgpool[6616]: [33-2] pid 6616: DETAIL: no
>> pg_hba.conf entry for host "x.x.x.x", user "pgpool", database
>> "postgres", SSL off
>> Here is log of successful connection. Protocol Major is 3 and Minor is
>> 0.
>> Sep 18 02:07:28 centos8i1 pgpool[27853]: [26-1] pid 27853: DEBUG:
>> reading startup packet
>> Sep 18 02:07:28 centos8i1 pgpool[27853]: [26-2] pid 27853: DETAIL:
>> application_name: psql
>> Sep 18 02:07:28 centos8i1 pgpool[27853]: [27-1] pid 27853: DEBUG:
>> reading startup packet
>> Sep 18 02:07:28 centos8i1 pgpool[27853]: [27-2] pid 27853: DETAIL:
>> Protocol Major: 3 Minor: 0 database: postgres user: pgpool
>> Sep 18 02:07:28 centos8i1 pgpool[27853]: [28-1] pid 27853: DEBUG:
>> creating new connection to backend
>> Sep 18 02:07:28 centos8i1 pgpool[27853]: [28-2] pid 27853: DETAIL:
>> connecting 0 backend
>> Sep 18 02:07:28 centos8i1 pgpool[27853]: [29-1] pid 27853: DEBUG:
>> creating new connection to backend
>> Sep 18 02:07:28 centos8i1 pgpool[27853]: [29-2] pid 27853: DETAIL:
>> connecting 1 backend
>> Sep 18 02:07:28 centos8i1 pgpool[27853]: [30-1] pid 27853: DEBUG:
>> creating new connection to backend
>> Sep 18 02:07:28 centos8i1 pgpool[27853]: [30-2] pid 27853: DETAIL:
>> connecting 2 backend
>> Sep 18 02:07:28 centos8i1 pgpool[27853]: [31-1] pid 27853: DEBUG:
>> authentication backend
>> Sep 18 02:07:28 centos8i1 pgpool[27853]: [31-2] pid 27853: DETAIL:
>> auth kind:10
>> Sep 18 02:07:28 centos8i1 pgpool[27853]: [32-1] pid 27853: DEBUG:
>> authentication backend 0
>> Sep 18 02:07:28 centos8i1 pgpool[27853]: [32-2] pid 27853: DETAIL:
>> trying SCRAM authentication
>> Sep 18 02:07:28 centos8i1 pgpool[27853]: [33-1] pid 27853: DEBUG:
>> SCRAM authentication successful for backend 0
>> So, the above works.
>> But then I transfer the same configuration to the customer's RHEL 8.2,
>> the
>> same connection attempt shows this:
>> Sep 18 01:48:31 haketikuqadb01 pgpool[348681]: [262-1] pid 348681:
>> DEBUG: I am 348681 accept fd 8
>> Sep 18 01:48:31 haketikuqadb01 pgpool[348681]: [263-1] pid 348681:
>> DEBUG: reading startup packet
>> Sep 18 01:48:31 haketikuqadb01 pgpool[348681]: [263-2] pid 348681:
>> DETAIL: Protocol Major: 1234 Minor: 5680 database: user:
>> Sep 18 01:48:31 haketikuqadb01 pgpool[348681]: [264-1] pid 348681:
>> FATAL: client authentication failed
>> Sep 18 01:48:31 haketikuqadb01 pgpool[348681]: [264-2] pid 348681:
>> DETAIL: no pool_hba.conf entry for host "x.x.x.x", user "", database
>> "", SSL off
>> Sep 18 01:48:31 haketikuqadb01 pgpool[348681]: [264-3] pid 348681:
>> HINT: see pgpool log for details
>> Sep 18 01:48:31 haketikuqadb01 pgpool[348612]: [46-1] pid 348612:
>> DEBUG: reaper handler
>> Sep 18 01:48:31 haketikuqadb01 pgpool[348612]: [47-1] pid 348612: LOG:
>> child process with pid: 348681 exits with status 512
>> Protocol Major and Minor numbers look strange and why the database name
>> and user name are empty? Did it fail to read the incoming packet for
>> some
>> reason? The connection was local but thru TCP/IP network interface.
>> Linux
>> firewall was used but same ports were open on both clusters. SELinux is
>> in
>> use.
>> Psql client responds like this:
>> psql: error: could not connect to server: server closed the connection
>> unexpectedly
>> This propably means the server terminated abnormally
>> before or while processing the request.
>> Here is my pool_hba.conf:
>> local all all trust
>> host all all 127.0.0.1/32 trust
>> host all all ::1/128 trust
>> host all pgpool samenet scram-sha-256
>> host all postgres samenet scram-sha-256
>> My pool_passwd looks like this:
>> postgres:AESmyencryptedpassword==
>> pgpool:AESmyencryptedpassword==
>> The psql command was as follows and the password was correct:
>> $ psql -h x.x.x.x postgres pgpool -w
>> So, something is different on our RHEL but what?
>> Best regards,
>> Anssi
>> ______________________________________________________________________________________________________________
>> pgpool-general mailing list
>> pgpool-general at pgpool.net
>> http://www.pgpool.net/mailman/listinfo/pgpool-general
>> --
>> Bo Peng <pengbo at sraoss.co.jp>
>> SRA OSS, Inc. Japan
>>
>>
>>
>
> --
> anssi at iki.fi
> _______________________________________________
> pgpool-general mailing list
> pgpool-general at pgpool.net
> http://www.pgpool.net/mailman/listinfo/pgpool-general
>
--
anssi at iki.fi
More information about the pgpool-general
mailing list