[pgpool-general: 7303] Re: No TCP/IP connection to Pgpool on RHEL 8.2

Anssi Kanninen anssi at iki.fi
Tue Sep 22 21:25:43 JST 2020


Oh yes...
Thank you very much, this may solve the whole problem.


On Tue, 22 Sep 2020, Tatsuo Ishii wrote:

> Yes, Major = 1234, Minor = 5680 means GSSAPI authentication request.
> Unfortunately Pgpool-II does not support GSSAPI (yet).
>
> Best regards,
> --
> Tatsuo Ishii
> SRA OSS, Inc. Japan
> English: http://www.sraoss.co.jp/index_en.php
> Japanese:http://www.sraoss.co.jp
>
>> Could it be something to do with GSSAPI authentication? We are not
>> using it with DB connections. With root user, it doesn't inform about
>> it. As a regular user, psql gives us a GSSAPI authentication error.
>>
>> On Tue, 22 Sep 2020, Anssi Kanninen wrote:
>>
>>> Update: It works if the client running psql is root or postgres. If it
>>> is a regular user, the connection fails.
>>>
>>> On Sun, 20 Sep 2020, Anssi Kanninen wrote:
>>>
>>>> Customer's network engineers are also investigating this for a
>>>> possible firewall rule problem.
>>>> On 18 September 2020 11:31:41 EEST, Anssi Kanninen <anssi at iki.fi>
>>>> wrote:
>>>> Thank you!
>>>> Here is some more info. I made some comparison of the TCP traffic when
>>>> connected to Pgpool or straight to PostgreSQL.
>>>> See attachments:
>>>> * cmd-pgpool.txt
>>>> The command and response when connected to Pgpool.
>>>> * tcpdump-pgpool.txt
>>>> A dump of TCP traffic to/from PgPool port when executed the command
>>>> above.
>>>> * cmd-postgres.txt
>>>> The command and response when connected straight to PostgreSQL.
>>>> * tcpdump-postgres.txt
>>>> A dump of TCP traffic to/from PostgreSQL port when executed the
>>>> command above.
>>>> Strangely, it seems that the database name and user name never reached
>>>> Pgpool.
>>>> Hope this helps,
>>>>    - Anssi
>>>> On Fri, 18 Sep 2020, Bo Peng wrote:
>>>>  Hi,
>>>>  Thank you for reporting this issue.
>>>>  I am going to look into this one.
>>>>  On Fri, 18 Sep 2020 02:47:24 +0300
>>>>  Anssi Kanninen <anssi at iki.fi> wrote:
>>>>  Software versions are the same on both systems:
>>>>  PostgreSQL 12.2
>>>>  Pgpool 4.1.3
>>>>  On 18 September 2020 02:31:11 EEST, Anssi Kanninen <anssi at iki.fi>
>>>>  wrote:
>>>>  Hello,
>>>>  My Pgpool doesn't work on RHEL 8.2.
>>>>  Eveythins runs smoothly on my Centos 8.1.1911 virtual machines but
>>>>  when
>>>>  I
>>>>  transfer the same Pgpool/PostgreSQL configuration to customer's RHEL
>>>>  8.2,
>>>>  I can not connect to Pgpool via TCP/IP.
>>>>  Here is a clip of my log on Centos when I successfully fail to
>>>>  authenticate (x.x.x.x is a wrong interface, so this error is
>>>>  expected).
>>>>  So, "user" and "database" are show in the log.
>>>>  Sep 16 16:04:35 centos8i1 pgpool[6616]: [33-1] pid 6616: ERROR: failed
>>>>  to authenticate
>>>>  Sep 16 16:04:35 centos8i1 pgpool[6616]: [33-2] pid 6616: DETAIL:  no
>>>>  pg_hba.conf entry for host "x.x.x.x", user "pgpool", database
>>>>  "postgres", SSL off
>>>>  Here is log of successful connection. Protocol Major is 3 and Minor is
>>>>  0.
>>>>  Sep 18 02:07:28 centos8i1 pgpool[27853]: [26-1] pid 27853: DEBUG:
>>>>  reading startup packet
>>>>  Sep 18 02:07:28 centos8i1 pgpool[27853]: [26-2] pid 27853: DETAIL:
>>>>  application_name: psql
>>>>  Sep 18 02:07:28 centos8i1 pgpool[27853]: [27-1] pid 27853: DEBUG:
>>>>  reading startup packet
>>>>  Sep 18 02:07:28 centos8i1 pgpool[27853]: [27-2] pid 27853: DETAIL:
>>>>  Protocol Major: 3 Minor: 0 database: postgres user: pgpool
>>>>  Sep 18 02:07:28 centos8i1 pgpool[27853]: [28-1] pid 27853: DEBUG:
>>>>  creating new connection to backend
>>>>  Sep 18 02:07:28 centos8i1 pgpool[27853]: [28-2] pid 27853: DETAIL:
>>>>  connecting 0 backend
>>>>  Sep 18 02:07:28 centos8i1 pgpool[27853]: [29-1] pid 27853: DEBUG:
>>>>  creating new connection to backend
>>>>  Sep 18 02:07:28 centos8i1 pgpool[27853]: [29-2] pid 27853: DETAIL:
>>>>  connecting 1 backend
>>>>  Sep 18 02:07:28 centos8i1 pgpool[27853]: [30-1] pid 27853: DEBUG:
>>>>  creating new connection to backend
>>>>  Sep 18 02:07:28 centos8i1 pgpool[27853]: [30-2] pid 27853: DETAIL:
>>>>  connecting 2 backend
>>>>  Sep 18 02:07:28 centos8i1 pgpool[27853]: [31-1] pid 27853: DEBUG:
>>>>  authentication backend
>>>>  Sep 18 02:07:28 centos8i1 pgpool[27853]: [31-2] pid 27853: DETAIL:
>>>>  auth kind:10
>>>>  Sep 18 02:07:28 centos8i1 pgpool[27853]: [32-1] pid 27853: DEBUG:
>>>>  authentication backend 0
>>>>  Sep 18 02:07:28 centos8i1 pgpool[27853]: [32-2] pid 27853: DETAIL:
>>>>  trying SCRAM authentication
>>>>  Sep 18 02:07:28 centos8i1 pgpool[27853]: [33-1] pid 27853: DEBUG:
>>>>  SCRAM authentication successful for backend 0
>>>>  So, the above works.
>>>>  But then I transfer the same configuration to the customer's RHEL 8.2,
>>>>  the
>>>>  same connection attempt shows this:
>>>>  Sep 18 01:48:31 haketikuqadb01 pgpool[348681]: [262-1] pid 348681:
>>>>  DEBUG:  I am 348681 accept fd 8
>>>>  Sep 18 01:48:31 haketikuqadb01 pgpool[348681]: [263-1] pid 348681:
>>>>  DEBUG:  reading startup packet
>>>>  Sep 18 01:48:31 haketikuqadb01 pgpool[348681]: [263-2] pid 348681:
>>>>  DETAIL:  Protocol Major: 1234 Minor: 5680 database:  user:
>>>>  Sep 18 01:48:31 haketikuqadb01 pgpool[348681]: [264-1] pid 348681:
>>>>  FATAL:  client authentication failed
>>>>  Sep 18 01:48:31 haketikuqadb01 pgpool[348681]: [264-2] pid 348681:
>>>>  DETAIL:  no pool_hba.conf entry for host "x.x.x.x", user "", database
>>>>  "", SSL off
>>>>  Sep 18 01:48:31 haketikuqadb01 pgpool[348681]: [264-3] pid 348681:
>>>>  HINT:  see pgpool log for details
>>>>  Sep 18 01:48:31 haketikuqadb01 pgpool[348612]: [46-1] pid 348612:
>>>>  DEBUG:  reaper handler
>>>>  Sep 18 01:48:31 haketikuqadb01 pgpool[348612]: [47-1] pid 348612: LOG:
>>>>  child process with pid: 348681 exits with status 512
>>>>  Protocol Major and Minor numbers look strange and why the database
>>>>  name
>>>>  and user name are empty? Did it fail to read the incoming packet for
>>>>  some
>>>>  reason? The connection was local but thru TCP/IP network interface.
>>>>  Linux
>>>>  firewall was used but same ports were open on both clusters. SELinux
>>>>  is
>>>>  in
>>>>  use.
>>>>  Psql client responds like this:
>>>>  psql: error: could not connect to server: server closed the connection
>>>>  unexpectedly
>>>>          This propably means the server terminated abnormally
>>>>          before or while processing the request.
>>>>  Here is my pool_hba.conf:
>>>>  local   all         all                               trust
>>>>  host    all         all         127.0.0.1/32          trust
>>>>  host    all         all         ::1/128               trust
>>>>  host    all         pgpool      samenet               scram-sha-256
>>>>  host    all         postgres    samenet               scram-sha-256
>>>>  My pool_passwd looks like this:
>>>>  postgres:AESmyencryptedpassword==
>>>>  pgpool:AESmyencryptedpassword==
>>>>  The psql command was as follows and the password was correct:
>>>>  $ psql -h x.x.x.x postgres pgpool -w
>>>>  So, something is different on our RHEL but what?
>>>>  Best regards,
>>>>    Anssi
>>>> ______________________________________________________________________________________________________________
>>>>  pgpool-general mailing list
>>>>  pgpool-general at pgpool.net
>>>>  http://www.pgpool.net/mailman/listinfo/pgpool-general
>>>>  --
>>>>  Bo Peng <pengbo at sraoss.co.jp>
>>>>  SRA OSS, Inc. Japan
>>>>
>>>
>>> --
>>> anssi at iki.fi
>>> _______________________________________________
>>> pgpool-general mailing list
>>> pgpool-general at pgpool.net
>>> http://www.pgpool.net/mailman/listinfo/pgpool-general
>>>
>>
>> --
>> anssi at iki.fi
>> _______________________________________________
>> pgpool-general mailing list
>> pgpool-general at pgpool.net
>> http://www.pgpool.net/mailman/listinfo/pgpool-general
>

-- 
anssi at iki.fi


More information about the pgpool-general mailing list