[pgpool-general: 7305] Re: No TCP/IP connection to Pgpool on RHEL 8.2
Bo Peng
pengbo at sraoss.co.jp
Tue Sep 22 23:27:46 JST 2020
Hi,
On Tue, 22 Sep 2020 17:17:04 +0300 (FLE Daylight Time)
Anssi Kanninen <anssi at iki.fi> wrote:
> This is resolved now for pgpool. Thank you very much again!
>
> Does anybody know how to disable GSSAPI authentication of psql client?
A workaround is to set an environment variable to disable GSSAPI in the client.
export PGGSSENCMODE=disable
> Cheers,
> - Anssi
>
> On Tue, 22 Sep 2020, Anssi Kanninen wrote:
>
> > Oh yes...
> > Thank you very much, this may solve the whole problem.
> >
> >
> > On Tue, 22 Sep 2020, Tatsuo Ishii wrote:
> >
> >> Yes, Major = 1234, Minor = 5680 means GSSAPI authentication request.
> >> Unfortunately Pgpool-II does not support GSSAPI (yet).
> >>
> >> Best regards,
> >> --
> >> Tatsuo Ishii
> >> SRA OSS, Inc. Japan
> >> English: http://www.sraoss.co.jp/index_en.php
> >> Japanese:http://www.sraoss.co.jp
> >>
> >>> Could it be something to do with GSSAPI authentication? We are not
> >>> using it with DB connections. With root user, it doesn't inform about
> >>> it. As a regular user, psql gives us a GSSAPI authentication error.
> >>>
> >>> On Tue, 22 Sep 2020, Anssi Kanninen wrote:
> >>>
> >>>> Update: It works if the client running psql is root or postgres. If it
> >>>> is a regular user, the connection fails.
> >>>>
> >>>> On Sun, 20 Sep 2020, Anssi Kanninen wrote:
> >>>>
> >>>>> Customer's network engineers are also investigating this for a
> >>>>> possible firewall rule problem.
> >>>>> On 18 September 2020 11:31:41 EEST, Anssi Kanninen <anssi at iki.fi>
> >>>>> wrote:
> >>>>> Thank you!
> >>>>> Here is some more info. I made some comparison of the TCP traffic when
> >>>>> connected to Pgpool or straight to PostgreSQL.
> >>>>> See attachments:
> >>>>> * cmd-pgpool.txt
> >>>>> The command and response when connected to Pgpool.
> >>>>> * tcpdump-pgpool.txt
> >>>>> A dump of TCP traffic to/from PgPool port when executed the command
> >>>>> above.
> >>>>> * cmd-postgres.txt
> >>>>> The command and response when connected straight to PostgreSQL.
> >>>>> * tcpdump-postgres.txt
> >>>>> A dump of TCP traffic to/from PostgreSQL port when executed the
> >>>>> command above.
> >>>>> Strangely, it seems that the database name and user name never reached
> >>>>> Pgpool.
> >>>>> Hope this helps,
> >>>>> - Anssi
> >>>>> On Fri, 18 Sep 2020, Bo Peng wrote:
> >>>>> Hi,
> >>>>> Thank you for reporting this issue.
> >>>>> I am going to look into this one.
> >>>>> On Fri, 18 Sep 2020 02:47:24 +0300
> >>>>> Anssi Kanninen <anssi at iki.fi> wrote:
> >>>>> Software versions are the same on both systems:
> >>>>> PostgreSQL 12.2
> >>>>> Pgpool 4.1.3
> >>>>> On 18 September 2020 02:31:11 EEST, Anssi Kanninen <anssi at iki.fi>
> >>>>> wrote:
> >>>>> Hello,
> >>>>> My Pgpool doesn't work on RHEL 8.2.
> >>>>> Eveythins runs smoothly on my Centos 8.1.1911 virtual machines but
> >>>>> when
> >>>>> I
> >>>>> transfer the same Pgpool/PostgreSQL configuration to customer's RHEL
> >>>>> 8.2,
> >>>>> I can not connect to Pgpool via TCP/IP.
> >>>>> Here is a clip of my log on Centos when I successfully fail to
> >>>>> authenticate (x.x.x.x is a wrong interface, so this error is
> >>>>> expected).
> >>>>> So, "user" and "database" are show in the log.
> >>>>> Sep 16 16:04:35 centos8i1 pgpool[6616]: [33-1] pid 6616: ERROR: failed
> >>>>> to authenticate
> >>>>> Sep 16 16:04:35 centos8i1 pgpool[6616]: [33-2] pid 6616: DETAIL: no
> >>>>> pg_hba.conf entry for host "x.x.x.x", user "pgpool", database
> >>>>> "postgres", SSL off
> >>>>> Here is log of successful connection. Protocol Major is 3 and Minor is
> >>>>> 0.
> >>>>> Sep 18 02:07:28 centos8i1 pgpool[27853]: [26-1] pid 27853: DEBUG:
> >>>>> reading startup packet
> >>>>> Sep 18 02:07:28 centos8i1 pgpool[27853]: [26-2] pid 27853: DETAIL:
> >>>>> application_name: psql
> >>>>> Sep 18 02:07:28 centos8i1 pgpool[27853]: [27-1] pid 27853: DEBUG:
> >>>>> reading startup packet
> >>>>> Sep 18 02:07:28 centos8i1 pgpool[27853]: [27-2] pid 27853: DETAIL:
> >>>>> Protocol Major: 3 Minor: 0 database: postgres user: pgpool
> >>>>> Sep 18 02:07:28 centos8i1 pgpool[27853]: [28-1] pid 27853: DEBUG:
> >>>>> creating new connection to backend
> >>>>> Sep 18 02:07:28 centos8i1 pgpool[27853]: [28-2] pid 27853: DETAIL:
> >>>>> connecting 0 backend
> >>>>> Sep 18 02:07:28 centos8i1 pgpool[27853]: [29-1] pid 27853: DEBUG:
> >>>>> creating new connection to backend
> >>>>> Sep 18 02:07:28 centos8i1 pgpool[27853]: [29-2] pid 27853: DETAIL:
> >>>>> connecting 1 backend
> >>>>> Sep 18 02:07:28 centos8i1 pgpool[27853]: [30-1] pid 27853: DEBUG:
> >>>>> creating new connection to backend
> >>>>> Sep 18 02:07:28 centos8i1 pgpool[27853]: [30-2] pid 27853: DETAIL:
> >>>>> connecting 2 backend
> >>>>> Sep 18 02:07:28 centos8i1 pgpool[27853]: [31-1] pid 27853: DEBUG:
> >>>>> authentication backend
> >>>>> Sep 18 02:07:28 centos8i1 pgpool[27853]: [31-2] pid 27853: DETAIL:
> >>>>> auth kind:10
> >>>>> Sep 18 02:07:28 centos8i1 pgpool[27853]: [32-1] pid 27853: DEBUG:
> >>>>> authentication backend 0
> >>>>> Sep 18 02:07:28 centos8i1 pgpool[27853]: [32-2] pid 27853: DETAIL:
> >>>>> trying SCRAM authentication
> >>>>> Sep 18 02:07:28 centos8i1 pgpool[27853]: [33-1] pid 27853: DEBUG:
> >>>>> SCRAM authentication successful for backend 0
> >>>>> So, the above works.
> >>>>> But then I transfer the same configuration to the customer's RHEL 8.2,
> >>>>> the
> >>>>> same connection attempt shows this:
> >>>>> Sep 18 01:48:31 haketikuqadb01 pgpool[348681]: [262-1] pid 348681:
> >>>>> DEBUG: I am 348681 accept fd 8
> >>>>> Sep 18 01:48:31 haketikuqadb01 pgpool[348681]: [263-1] pid 348681:
> >>>>> DEBUG: reading startup packet
> >>>>> Sep 18 01:48:31 haketikuqadb01 pgpool[348681]: [263-2] pid 348681:
> >>>>> DETAIL: Protocol Major: 1234 Minor: 5680 database: user:
> >>>>> Sep 18 01:48:31 haketikuqadb01 pgpool[348681]: [264-1] pid 348681:
> >>>>> FATAL: client authentication failed
> >>>>> Sep 18 01:48:31 haketikuqadb01 pgpool[348681]: [264-2] pid 348681:
> >>>>> DETAIL: no pool_hba.conf entry for host "x.x.x.x", user "", database
> >>>>> "", SSL off
> >>>>> Sep 18 01:48:31 haketikuqadb01 pgpool[348681]: [264-3] pid 348681:
> >>>>> HINT: see pgpool log for details
> >>>>> Sep 18 01:48:31 haketikuqadb01 pgpool[348612]: [46-1] pid 348612:
> >>>>> DEBUG: reaper handler
> >>>>> Sep 18 01:48:31 haketikuqadb01 pgpool[348612]: [47-1] pid 348612: LOG:
> >>>>> child process with pid: 348681 exits with status 512
> >>>>> Protocol Major and Minor numbers look strange and why the database
> >>>>> name
> >>>>> and user name are empty? Did it fail to read the incoming packet for
> >>>>> some
> >>>>> reason? The connection was local but thru TCP/IP network interface.
> >>>>> Linux
> >>>>> firewall was used but same ports were open on both clusters. SELinux
> >>>>> is
> >>>>> in
> >>>>> use.
> >>>>> Psql client responds like this:
> >>>>> psql: error: could not connect to server: server closed the connection
> >>>>> unexpectedly
> >>>>> This propably means the server terminated abnormally
> >>>>> before or while processing the request.
> >>>>> Here is my pool_hba.conf:
> >>>>> local all all trust
> >>>>> host all all 127.0.0.1/32 trust
> >>>>> host all all ::1/128 trust
> >>>>> host all pgpool samenet scram-sha-256
> >>>>> host all postgres samenet scram-sha-256
> >>>>> My pool_passwd looks like this:
> >>>>> postgres:AESmyencryptedpassword==
> >>>>> pgpool:AESmyencryptedpassword==
> >>>>> The psql command was as follows and the password was correct:
> >>>>> $ psql -h x.x.x.x postgres pgpool -w
> >>>>> So, something is different on our RHEL but what?
> >>>>> Best regards,
> >>>>> Anssi
> >>>>> ______________________________________________________________________________________________________________
> >>>>> pgpool-general mailing list
> >>>>> pgpool-general at pgpool.net
> >>>>> http://www.pgpool.net/mailman/listinfo/pgpool-general
> >>>>> --
> >>>>> Bo Peng <pengbo at sraoss.co.jp>
> >>>>> SRA OSS, Inc. Japan
> >>>>>
> >>>>
> >>>> --
> >>>> anssi at iki.fi
> >>>> _______________________________________________
> >>>> pgpool-general mailing list
> >>>> pgpool-general at pgpool.net
> >>>> http://www.pgpool.net/mailman/listinfo/pgpool-general
> >>>>
> >>>
> >>> --
> >>> anssi at iki.fi
> >>> _______________________________________________
> >>> pgpool-general mailing list
> >>> pgpool-general at pgpool.net
> >>> http://www.pgpool.net/mailman/listinfo/pgpool-general
> >>
> >
> > --
> > anssi at iki.fi
> > _______________________________________________
> > pgpool-general mailing list
> > pgpool-general at pgpool.net
> > http://www.pgpool.net/mailman/listinfo/pgpool-general
> >
>
> --
> anssi at iki.fi
> _______________________________________________
> pgpool-general mailing list
> pgpool-general at pgpool.net
> http://www.pgpool.net/mailman/listinfo/pgpool-general
--
Bo Peng <pengbo at sraoss.co.jp>
SRA OSS, Inc. Japan
More information about the pgpool-general
mailing list