[pgpool-general: 7302] Re: No TCP/IP connection to Pgpool on RHEL 8.2
Tatsuo Ishii
ishii at sraoss.co.jp
Tue Sep 22 21:00:30 JST 2020
Yes, Major = 1234, Minor = 5680 means GSSAPI authentication request.
Unfortunately Pgpool-II does not support GSSAPI (yet).
Best regards,
--
Tatsuo Ishii
SRA OSS, Inc. Japan
English: http://www.sraoss.co.jp/index_en.php
Japanese:http://www.sraoss.co.jp
> Could it be something to do with GSSAPI authentication? We are not
> using it with DB connections. With root user, it doesn't inform about
> it. As a regular user, psql gives us a GSSAPI authentication error.
>
> On Tue, 22 Sep 2020, Anssi Kanninen wrote:
>
>> Update: It works if the client running psql is root or postgres. If it
>> is a regular user, the connection fails.
>>
>> On Sun, 20 Sep 2020, Anssi Kanninen wrote:
>>
>>> Customer's network engineers are also investigating this for a
>>> possible firewall rule problem.
>>> On 18 September 2020 11:31:41 EEST, Anssi Kanninen <anssi at iki.fi>
>>> wrote:
>>> Thank you!
>>> Here is some more info. I made some comparison of the TCP traffic when
>>> connected to Pgpool or straight to PostgreSQL.
>>> See attachments:
>>> * cmd-pgpool.txt
>>> The command and response when connected to Pgpool.
>>> * tcpdump-pgpool.txt
>>> A dump of TCP traffic to/from PgPool port when executed the command
>>> above.
>>> * cmd-postgres.txt
>>> The command and response when connected straight to PostgreSQL.
>>> * tcpdump-postgres.txt
>>> A dump of TCP traffic to/from PostgreSQL port when executed the
>>> command above.
>>> Strangely, it seems that the database name and user name never reached
>>> Pgpool.
>>> Hope this helps,
>>> - Anssi
>>> On Fri, 18 Sep 2020, Bo Peng wrote:
>>> Hi,
>>> Thank you for reporting this issue.
>>> I am going to look into this one.
>>> On Fri, 18 Sep 2020 02:47:24 +0300
>>> Anssi Kanninen <anssi at iki.fi> wrote:
>>> Software versions are the same on both systems:
>>> PostgreSQL 12.2
>>> Pgpool 4.1.3
>>> On 18 September 2020 02:31:11 EEST, Anssi Kanninen <anssi at iki.fi>
>>> wrote:
>>> Hello,
>>> My Pgpool doesn't work on RHEL 8.2.
>>> Eveythins runs smoothly on my Centos 8.1.1911 virtual machines but
>>> when
>>> I
>>> transfer the same Pgpool/PostgreSQL configuration to customer's RHEL
>>> 8.2,
>>> I can not connect to Pgpool via TCP/IP.
>>> Here is a clip of my log on Centos when I successfully fail to
>>> authenticate (x.x.x.x is a wrong interface, so this error is
>>> expected).
>>> So, "user" and "database" are show in the log.
>>> Sep 16 16:04:35 centos8i1 pgpool[6616]: [33-1] pid 6616: ERROR: failed
>>> to authenticate
>>> Sep 16 16:04:35 centos8i1 pgpool[6616]: [33-2] pid 6616: DETAIL: no
>>> pg_hba.conf entry for host "x.x.x.x", user "pgpool", database
>>> "postgres", SSL off
>>> Here is log of successful connection. Protocol Major is 3 and Minor is
>>> 0.
>>> Sep 18 02:07:28 centos8i1 pgpool[27853]: [26-1] pid 27853: DEBUG:
>>> reading startup packet
>>> Sep 18 02:07:28 centos8i1 pgpool[27853]: [26-2] pid 27853: DETAIL:
>>> application_name: psql
>>> Sep 18 02:07:28 centos8i1 pgpool[27853]: [27-1] pid 27853: DEBUG:
>>> reading startup packet
>>> Sep 18 02:07:28 centos8i1 pgpool[27853]: [27-2] pid 27853: DETAIL:
>>> Protocol Major: 3 Minor: 0 database: postgres user: pgpool
>>> Sep 18 02:07:28 centos8i1 pgpool[27853]: [28-1] pid 27853: DEBUG:
>>> creating new connection to backend
>>> Sep 18 02:07:28 centos8i1 pgpool[27853]: [28-2] pid 27853: DETAIL:
>>> connecting 0 backend
>>> Sep 18 02:07:28 centos8i1 pgpool[27853]: [29-1] pid 27853: DEBUG:
>>> creating new connection to backend
>>> Sep 18 02:07:28 centos8i1 pgpool[27853]: [29-2] pid 27853: DETAIL:
>>> connecting 1 backend
>>> Sep 18 02:07:28 centos8i1 pgpool[27853]: [30-1] pid 27853: DEBUG:
>>> creating new connection to backend
>>> Sep 18 02:07:28 centos8i1 pgpool[27853]: [30-2] pid 27853: DETAIL:
>>> connecting 2 backend
>>> Sep 18 02:07:28 centos8i1 pgpool[27853]: [31-1] pid 27853: DEBUG:
>>> authentication backend
>>> Sep 18 02:07:28 centos8i1 pgpool[27853]: [31-2] pid 27853: DETAIL:
>>> auth kind:10
>>> Sep 18 02:07:28 centos8i1 pgpool[27853]: [32-1] pid 27853: DEBUG:
>>> authentication backend 0
>>> Sep 18 02:07:28 centos8i1 pgpool[27853]: [32-2] pid 27853: DETAIL:
>>> trying SCRAM authentication
>>> Sep 18 02:07:28 centos8i1 pgpool[27853]: [33-1] pid 27853: DEBUG:
>>> SCRAM authentication successful for backend 0
>>> So, the above works.
>>> But then I transfer the same configuration to the customer's RHEL 8.2,
>>> the
>>> same connection attempt shows this:
>>> Sep 18 01:48:31 haketikuqadb01 pgpool[348681]: [262-1] pid 348681:
>>> DEBUG: I am 348681 accept fd 8
>>> Sep 18 01:48:31 haketikuqadb01 pgpool[348681]: [263-1] pid 348681:
>>> DEBUG: reading startup packet
>>> Sep 18 01:48:31 haketikuqadb01 pgpool[348681]: [263-2] pid 348681:
>>> DETAIL: Protocol Major: 1234 Minor: 5680 database: user:
>>> Sep 18 01:48:31 haketikuqadb01 pgpool[348681]: [264-1] pid 348681:
>>> FATAL: client authentication failed
>>> Sep 18 01:48:31 haketikuqadb01 pgpool[348681]: [264-2] pid 348681:
>>> DETAIL: no pool_hba.conf entry for host "x.x.x.x", user "", database
>>> "", SSL off
>>> Sep 18 01:48:31 haketikuqadb01 pgpool[348681]: [264-3] pid 348681:
>>> HINT: see pgpool log for details
>>> Sep 18 01:48:31 haketikuqadb01 pgpool[348612]: [46-1] pid 348612:
>>> DEBUG: reaper handler
>>> Sep 18 01:48:31 haketikuqadb01 pgpool[348612]: [47-1] pid 348612: LOG:
>>> child process with pid: 348681 exits with status 512
>>> Protocol Major and Minor numbers look strange and why the database
>>> name
>>> and user name are empty? Did it fail to read the incoming packet for
>>> some
>>> reason? The connection was local but thru TCP/IP network interface.
>>> Linux
>>> firewall was used but same ports were open on both clusters. SELinux
>>> is
>>> in
>>> use.
>>> Psql client responds like this:
>>> psql: error: could not connect to server: server closed the connection
>>> unexpectedly
>>> This propably means the server terminated abnormally
>>> before or while processing the request.
>>> Here is my pool_hba.conf:
>>> local all all trust
>>> host all all 127.0.0.1/32 trust
>>> host all all ::1/128 trust
>>> host all pgpool samenet scram-sha-256
>>> host all postgres samenet scram-sha-256
>>> My pool_passwd looks like this:
>>> postgres:AESmyencryptedpassword==
>>> pgpool:AESmyencryptedpassword==
>>> The psql command was as follows and the password was correct:
>>> $ psql -h x.x.x.x postgres pgpool -w
>>> So, something is different on our RHEL but what?
>>> Best regards,
>>> Anssi
>>> ______________________________________________________________________________________________________________
>>> pgpool-general mailing list
>>> pgpool-general at pgpool.net
>>> http://www.pgpool.net/mailman/listinfo/pgpool-general
>>> --
>>> Bo Peng <pengbo at sraoss.co.jp>
>>> SRA OSS, Inc. Japan
>>>
>>
>> --
>> anssi at iki.fi
>> _______________________________________________
>> pgpool-general mailing list
>> pgpool-general at pgpool.net
>> http://www.pgpool.net/mailman/listinfo/pgpool-general
>>
>
> --
> anssi at iki.fi
> _______________________________________________
> pgpool-general mailing list
> pgpool-general at pgpool.net
> http://www.pgpool.net/mailman/listinfo/pgpool-general
More information about the pgpool-general
mailing list