[pgpool-general: 7302] Re: No TCP/IP connection to Pgpool on RHEL 8.2

Tatsuo Ishii ishii at sraoss.co.jp
Tue Sep 22 21:00:30 JST 2020


Yes, Major = 1234, Minor = 5680 means GSSAPI authentication request.
Unfortunately Pgpool-II does not support GSSAPI (yet).

Best regards,
--
Tatsuo Ishii
SRA OSS, Inc. Japan
English: http://www.sraoss.co.jp/index_en.php
Japanese:http://www.sraoss.co.jp

> Could it be something to do with GSSAPI authentication? We are not
> using it with DB connections. With root user, it doesn't inform about
> it. As a regular user, psql gives us a GSSAPI authentication error.
> 
> On Tue, 22 Sep 2020, Anssi Kanninen wrote:
> 
>> Update: It works if the client running psql is root or postgres. If it
>> is a regular user, the connection fails.
>>
>> On Sun, 20 Sep 2020, Anssi Kanninen wrote:
>>
>>> Customer's network engineers are also investigating this for a
>>> possible firewall rule problem.
>>> On 18 September 2020 11:31:41 EEST, Anssi Kanninen <anssi at iki.fi>
>>> wrote:
>>> Thank you!
>>> Here is some more info. I made some comparison of the TCP traffic when
>>> connected to Pgpool or straight to PostgreSQL.
>>> See attachments:
>>> * cmd-pgpool.txt
>>> The command and response when connected to Pgpool.
>>> * tcpdump-pgpool.txt
>>> A dump of TCP traffic to/from PgPool port when executed the command
>>> above.
>>> * cmd-postgres.txt
>>> The command and response when connected straight to PostgreSQL.
>>> * tcpdump-postgres.txt
>>> A dump of TCP traffic to/from PostgreSQL port when executed the
>>> command above.
>>> Strangely, it seems that the database name and user name never reached
>>> Pgpool.
>>> Hope this helps,
>>>    - Anssi
>>> On Fri, 18 Sep 2020, Bo Peng wrote:
>>>  Hi,
>>>  Thank you for reporting this issue.
>>>  I am going to look into this one.
>>>  On Fri, 18 Sep 2020 02:47:24 +0300
>>>  Anssi Kanninen <anssi at iki.fi> wrote:
>>>  Software versions are the same on both systems:
>>>  PostgreSQL 12.2
>>>  Pgpool 4.1.3
>>>  On 18 September 2020 02:31:11 EEST, Anssi Kanninen <anssi at iki.fi>
>>>  wrote:
>>>  Hello,
>>>  My Pgpool doesn't work on RHEL 8.2.
>>>  Eveythins runs smoothly on my Centos 8.1.1911 virtual machines but
>>>  when
>>>  I
>>>  transfer the same Pgpool/PostgreSQL configuration to customer's RHEL
>>>  8.2,
>>>  I can not connect to Pgpool via TCP/IP.
>>>  Here is a clip of my log on Centos when I successfully fail to
>>>  authenticate (x.x.x.x is a wrong interface, so this error is
>>>  expected).
>>>  So, "user" and "database" are show in the log.
>>>  Sep 16 16:04:35 centos8i1 pgpool[6616]: [33-1] pid 6616: ERROR: failed
>>>  to authenticate
>>>  Sep 16 16:04:35 centos8i1 pgpool[6616]: [33-2] pid 6616: DETAIL:  no
>>>  pg_hba.conf entry for host "x.x.x.x", user "pgpool", database
>>>  "postgres", SSL off
>>>  Here is log of successful connection. Protocol Major is 3 and Minor is
>>>  0.
>>>  Sep 18 02:07:28 centos8i1 pgpool[27853]: [26-1] pid 27853: DEBUG:
>>>  reading startup packet
>>>  Sep 18 02:07:28 centos8i1 pgpool[27853]: [26-2] pid 27853: DETAIL:
>>>  application_name: psql
>>>  Sep 18 02:07:28 centos8i1 pgpool[27853]: [27-1] pid 27853: DEBUG:
>>>  reading startup packet
>>>  Sep 18 02:07:28 centos8i1 pgpool[27853]: [27-2] pid 27853: DETAIL:
>>>  Protocol Major: 3 Minor: 0 database: postgres user: pgpool
>>>  Sep 18 02:07:28 centos8i1 pgpool[27853]: [28-1] pid 27853: DEBUG:
>>>  creating new connection to backend
>>>  Sep 18 02:07:28 centos8i1 pgpool[27853]: [28-2] pid 27853: DETAIL:
>>>  connecting 0 backend
>>>  Sep 18 02:07:28 centos8i1 pgpool[27853]: [29-1] pid 27853: DEBUG:
>>>  creating new connection to backend
>>>  Sep 18 02:07:28 centos8i1 pgpool[27853]: [29-2] pid 27853: DETAIL:
>>>  connecting 1 backend
>>>  Sep 18 02:07:28 centos8i1 pgpool[27853]: [30-1] pid 27853: DEBUG:
>>>  creating new connection to backend
>>>  Sep 18 02:07:28 centos8i1 pgpool[27853]: [30-2] pid 27853: DETAIL:
>>>  connecting 2 backend
>>>  Sep 18 02:07:28 centos8i1 pgpool[27853]: [31-1] pid 27853: DEBUG:
>>>  authentication backend
>>>  Sep 18 02:07:28 centos8i1 pgpool[27853]: [31-2] pid 27853: DETAIL:
>>>  auth kind:10
>>>  Sep 18 02:07:28 centos8i1 pgpool[27853]: [32-1] pid 27853: DEBUG:
>>>  authentication backend 0
>>>  Sep 18 02:07:28 centos8i1 pgpool[27853]: [32-2] pid 27853: DETAIL:
>>>  trying SCRAM authentication
>>>  Sep 18 02:07:28 centos8i1 pgpool[27853]: [33-1] pid 27853: DEBUG:
>>>  SCRAM authentication successful for backend 0
>>>  So, the above works.
>>>  But then I transfer the same configuration to the customer's RHEL 8.2,
>>>  the
>>>  same connection attempt shows this:
>>>  Sep 18 01:48:31 haketikuqadb01 pgpool[348681]: [262-1] pid 348681:
>>>  DEBUG:  I am 348681 accept fd 8
>>>  Sep 18 01:48:31 haketikuqadb01 pgpool[348681]: [263-1] pid 348681:
>>>  DEBUG:  reading startup packet
>>>  Sep 18 01:48:31 haketikuqadb01 pgpool[348681]: [263-2] pid 348681:
>>>  DETAIL:  Protocol Major: 1234 Minor: 5680 database:  user:
>>>  Sep 18 01:48:31 haketikuqadb01 pgpool[348681]: [264-1] pid 348681:
>>>  FATAL:  client authentication failed
>>>  Sep 18 01:48:31 haketikuqadb01 pgpool[348681]: [264-2] pid 348681:
>>>  DETAIL:  no pool_hba.conf entry for host "x.x.x.x", user "", database
>>>  "", SSL off
>>>  Sep 18 01:48:31 haketikuqadb01 pgpool[348681]: [264-3] pid 348681:
>>>  HINT:  see pgpool log for details
>>>  Sep 18 01:48:31 haketikuqadb01 pgpool[348612]: [46-1] pid 348612:
>>>  DEBUG:  reaper handler
>>>  Sep 18 01:48:31 haketikuqadb01 pgpool[348612]: [47-1] pid 348612: LOG:
>>>  child process with pid: 348681 exits with status 512
>>>  Protocol Major and Minor numbers look strange and why the database
>>>  name
>>>  and user name are empty? Did it fail to read the incoming packet for
>>>  some
>>>  reason? The connection was local but thru TCP/IP network interface.
>>>  Linux
>>>  firewall was used but same ports were open on both clusters. SELinux
>>>  is
>>>  in
>>>  use.
>>>  Psql client responds like this:
>>>  psql: error: could not connect to server: server closed the connection
>>>  unexpectedly
>>>          This propably means the server terminated abnormally
>>>          before or while processing the request.
>>>  Here is my pool_hba.conf:
>>>  local   all         all                               trust
>>>  host    all         all         127.0.0.1/32          trust
>>>  host    all         all         ::1/128               trust
>>>  host    all         pgpool      samenet               scram-sha-256
>>>  host    all         postgres    samenet               scram-sha-256
>>>  My pool_passwd looks like this:
>>>  postgres:AESmyencryptedpassword==
>>>  pgpool:AESmyencryptedpassword==
>>>  The psql command was as follows and the password was correct:
>>>  $ psql -h x.x.x.x postgres pgpool -w
>>>  So, something is different on our RHEL but what?
>>>  Best regards,
>>>    Anssi
>>> ______________________________________________________________________________________________________________
>>>  pgpool-general mailing list
>>>  pgpool-general at pgpool.net
>>>  http://www.pgpool.net/mailman/listinfo/pgpool-general
>>>  --
>>>  Bo Peng <pengbo at sraoss.co.jp>
>>>  SRA OSS, Inc. Japan
>>> 
>>
>> -- 
>> anssi at iki.fi
>> _______________________________________________
>> pgpool-general mailing list
>> pgpool-general at pgpool.net
>> http://www.pgpool.net/mailman/listinfo/pgpool-general
>>
> 
> -- 
> anssi at iki.fi
> _______________________________________________
> pgpool-general mailing list
> pgpool-general at pgpool.net
> http://www.pgpool.net/mailman/listinfo/pgpool-general


More information about the pgpool-general mailing list