[pgpool-general: 7304] Re: No TCP/IP connection to Pgpool on RHEL 8.2
Anssi Kanninen
anssi at iki.fi
Tue Sep 22 23:17:04 JST 2020
This is resolved now for pgpool. Thank you very much again!
Does anybody know how to disable GSSAPI authentication of psql client?
Cheers,
- Anssi
On Tue, 22 Sep 2020, Anssi Kanninen wrote:
> Oh yes...
> Thank you very much, this may solve the whole problem.
>
>
> On Tue, 22 Sep 2020, Tatsuo Ishii wrote:
>
>> Yes, Major = 1234, Minor = 5680 means GSSAPI authentication request.
>> Unfortunately Pgpool-II does not support GSSAPI (yet).
>>
>> Best regards,
>> --
>> Tatsuo Ishii
>> SRA OSS, Inc. Japan
>> English: http://www.sraoss.co.jp/index_en.php
>> Japanese:http://www.sraoss.co.jp
>>
>>> Could it be something to do with GSSAPI authentication? We are not
>>> using it with DB connections. With root user, it doesn't inform about
>>> it. As a regular user, psql gives us a GSSAPI authentication error.
>>>
>>> On Tue, 22 Sep 2020, Anssi Kanninen wrote:
>>>
>>>> Update: It works if the client running psql is root or postgres. If it
>>>> is a regular user, the connection fails.
>>>>
>>>> On Sun, 20 Sep 2020, Anssi Kanninen wrote:
>>>>
>>>>> Customer's network engineers are also investigating this for a
>>>>> possible firewall rule problem.
>>>>> On 18 September 2020 11:31:41 EEST, Anssi Kanninen <anssi at iki.fi>
>>>>> wrote:
>>>>> Thank you!
>>>>> Here is some more info. I made some comparison of the TCP traffic when
>>>>> connected to Pgpool or straight to PostgreSQL.
>>>>> See attachments:
>>>>> * cmd-pgpool.txt
>>>>> The command and response when connected to Pgpool.
>>>>> * tcpdump-pgpool.txt
>>>>> A dump of TCP traffic to/from PgPool port when executed the command
>>>>> above.
>>>>> * cmd-postgres.txt
>>>>> The command and response when connected straight to PostgreSQL.
>>>>> * tcpdump-postgres.txt
>>>>> A dump of TCP traffic to/from PostgreSQL port when executed the
>>>>> command above.
>>>>> Strangely, it seems that the database name and user name never reached
>>>>> Pgpool.
>>>>> Hope this helps,
>>>>> - Anssi
>>>>> On Fri, 18 Sep 2020, Bo Peng wrote:
>>>>> Hi,
>>>>> Thank you for reporting this issue.
>>>>> I am going to look into this one.
>>>>> On Fri, 18 Sep 2020 02:47:24 +0300
>>>>> Anssi Kanninen <anssi at iki.fi> wrote:
>>>>> Software versions are the same on both systems:
>>>>> PostgreSQL 12.2
>>>>> Pgpool 4.1.3
>>>>> On 18 September 2020 02:31:11 EEST, Anssi Kanninen <anssi at iki.fi>
>>>>> wrote:
>>>>> Hello,
>>>>> My Pgpool doesn't work on RHEL 8.2.
>>>>> Eveythins runs smoothly on my Centos 8.1.1911 virtual machines but
>>>>> when
>>>>> I
>>>>> transfer the same Pgpool/PostgreSQL configuration to customer's RHEL
>>>>> 8.2,
>>>>> I can not connect to Pgpool via TCP/IP.
>>>>> Here is a clip of my log on Centos when I successfully fail to
>>>>> authenticate (x.x.x.x is a wrong interface, so this error is
>>>>> expected).
>>>>> So, "user" and "database" are show in the log.
>>>>> Sep 16 16:04:35 centos8i1 pgpool[6616]: [33-1] pid 6616: ERROR: failed
>>>>> to authenticate
>>>>> Sep 16 16:04:35 centos8i1 pgpool[6616]: [33-2] pid 6616: DETAIL: no
>>>>> pg_hba.conf entry for host "x.x.x.x", user "pgpool", database
>>>>> "postgres", SSL off
>>>>> Here is log of successful connection. Protocol Major is 3 and Minor is
>>>>> 0.
>>>>> Sep 18 02:07:28 centos8i1 pgpool[27853]: [26-1] pid 27853: DEBUG:
>>>>> reading startup packet
>>>>> Sep 18 02:07:28 centos8i1 pgpool[27853]: [26-2] pid 27853: DETAIL:
>>>>> application_name: psql
>>>>> Sep 18 02:07:28 centos8i1 pgpool[27853]: [27-1] pid 27853: DEBUG:
>>>>> reading startup packet
>>>>> Sep 18 02:07:28 centos8i1 pgpool[27853]: [27-2] pid 27853: DETAIL:
>>>>> Protocol Major: 3 Minor: 0 database: postgres user: pgpool
>>>>> Sep 18 02:07:28 centos8i1 pgpool[27853]: [28-1] pid 27853: DEBUG:
>>>>> creating new connection to backend
>>>>> Sep 18 02:07:28 centos8i1 pgpool[27853]: [28-2] pid 27853: DETAIL:
>>>>> connecting 0 backend
>>>>> Sep 18 02:07:28 centos8i1 pgpool[27853]: [29-1] pid 27853: DEBUG:
>>>>> creating new connection to backend
>>>>> Sep 18 02:07:28 centos8i1 pgpool[27853]: [29-2] pid 27853: DETAIL:
>>>>> connecting 1 backend
>>>>> Sep 18 02:07:28 centos8i1 pgpool[27853]: [30-1] pid 27853: DEBUG:
>>>>> creating new connection to backend
>>>>> Sep 18 02:07:28 centos8i1 pgpool[27853]: [30-2] pid 27853: DETAIL:
>>>>> connecting 2 backend
>>>>> Sep 18 02:07:28 centos8i1 pgpool[27853]: [31-1] pid 27853: DEBUG:
>>>>> authentication backend
>>>>> Sep 18 02:07:28 centos8i1 pgpool[27853]: [31-2] pid 27853: DETAIL:
>>>>> auth kind:10
>>>>> Sep 18 02:07:28 centos8i1 pgpool[27853]: [32-1] pid 27853: DEBUG:
>>>>> authentication backend 0
>>>>> Sep 18 02:07:28 centos8i1 pgpool[27853]: [32-2] pid 27853: DETAIL:
>>>>> trying SCRAM authentication
>>>>> Sep 18 02:07:28 centos8i1 pgpool[27853]: [33-1] pid 27853: DEBUG:
>>>>> SCRAM authentication successful for backend 0
>>>>> So, the above works.
>>>>> But then I transfer the same configuration to the customer's RHEL 8.2,
>>>>> the
>>>>> same connection attempt shows this:
>>>>> Sep 18 01:48:31 haketikuqadb01 pgpool[348681]: [262-1] pid 348681:
>>>>> DEBUG: I am 348681 accept fd 8
>>>>> Sep 18 01:48:31 haketikuqadb01 pgpool[348681]: [263-1] pid 348681:
>>>>> DEBUG: reading startup packet
>>>>> Sep 18 01:48:31 haketikuqadb01 pgpool[348681]: [263-2] pid 348681:
>>>>> DETAIL: Protocol Major: 1234 Minor: 5680 database: user:
>>>>> Sep 18 01:48:31 haketikuqadb01 pgpool[348681]: [264-1] pid 348681:
>>>>> FATAL: client authentication failed
>>>>> Sep 18 01:48:31 haketikuqadb01 pgpool[348681]: [264-2] pid 348681:
>>>>> DETAIL: no pool_hba.conf entry for host "x.x.x.x", user "", database
>>>>> "", SSL off
>>>>> Sep 18 01:48:31 haketikuqadb01 pgpool[348681]: [264-3] pid 348681:
>>>>> HINT: see pgpool log for details
>>>>> Sep 18 01:48:31 haketikuqadb01 pgpool[348612]: [46-1] pid 348612:
>>>>> DEBUG: reaper handler
>>>>> Sep 18 01:48:31 haketikuqadb01 pgpool[348612]: [47-1] pid 348612: LOG:
>>>>> child process with pid: 348681 exits with status 512
>>>>> Protocol Major and Minor numbers look strange and why the database
>>>>> name
>>>>> and user name are empty? Did it fail to read the incoming packet for
>>>>> some
>>>>> reason? The connection was local but thru TCP/IP network interface.
>>>>> Linux
>>>>> firewall was used but same ports were open on both clusters. SELinux
>>>>> is
>>>>> in
>>>>> use.
>>>>> Psql client responds like this:
>>>>> psql: error: could not connect to server: server closed the connection
>>>>> unexpectedly
>>>>> This propably means the server terminated abnormally
>>>>> before or while processing the request.
>>>>> Here is my pool_hba.conf:
>>>>> local all all trust
>>>>> host all all 127.0.0.1/32 trust
>>>>> host all all ::1/128 trust
>>>>> host all pgpool samenet scram-sha-256
>>>>> host all postgres samenet scram-sha-256
>>>>> My pool_passwd looks like this:
>>>>> postgres:AESmyencryptedpassword==
>>>>> pgpool:AESmyencryptedpassword==
>>>>> The psql command was as follows and the password was correct:
>>>>> $ psql -h x.x.x.x postgres pgpool -w
>>>>> So, something is different on our RHEL but what?
>>>>> Best regards,
>>>>> Anssi
>>>>> ______________________________________________________________________________________________________________
>>>>> pgpool-general mailing list
>>>>> pgpool-general at pgpool.net
>>>>> http://www.pgpool.net/mailman/listinfo/pgpool-general
>>>>> --
>>>>> Bo Peng <pengbo at sraoss.co.jp>
>>>>> SRA OSS, Inc. Japan
>>>>>
>>>>
>>>> --
>>>> anssi at iki.fi
>>>> _______________________________________________
>>>> pgpool-general mailing list
>>>> pgpool-general at pgpool.net
>>>> http://www.pgpool.net/mailman/listinfo/pgpool-general
>>>>
>>>
>>> --
>>> anssi at iki.fi
>>> _______________________________________________
>>> pgpool-general mailing list
>>> pgpool-general at pgpool.net
>>> http://www.pgpool.net/mailman/listinfo/pgpool-general
>>
>
> --
> anssi at iki.fi
> _______________________________________________
> pgpool-general mailing list
> pgpool-general at pgpool.net
> http://www.pgpool.net/mailman/listinfo/pgpool-general
>
--
anssi at iki.fi
More information about the pgpool-general
mailing list