[pgpool-general: 7305] Re: No TCP/IP connection to Pgpool on RHEL 8.2

Bo Peng pengbo at sraoss.co.jp
Tue Sep 22 23:27:46 JST 2020 

Hi,

On Tue, 22 Sep 2020 17:17:04 +0300 (FLE Daylight Time)
Anssi Kanninen <anssi at iki.fi> wrote:

> This is resolved now for pgpool. Thank you very much again!
> 
> Does anybody know how to disable GSSAPI authentication of psql client?

A workaround is to set an environment variable to disable GSSAPI in the client.

  export PGGSSENCMODE=disable

> Cheers,
>    - Anssi
> 
> On Tue, 22 Sep 2020, Anssi Kanninen wrote:
> 
> > Oh yes...
> > Thank you very much, this may solve the whole problem.
> >
> >
> > On Tue, 22 Sep 2020, Tatsuo Ishii wrote:
> >
> >> Yes, Major = 1234, Minor = 5680 means GSSAPI authentication request.
> >> Unfortunately Pgpool-II does not support GSSAPI (yet).
> >> 
> >> Best regards,
> >> --
> >> Tatsuo Ishii
> >> SRA OSS, Inc. Japan
> >> English: http://www.sraoss.co.jp/index_en.php
> >> Japanese:http://www.sraoss.co.jp
> >> 
> >>> Could it be something to do with GSSAPI authentication? We are not
> >>> using it with DB connections. With root user, it doesn't inform about
> >>> it. As a regular user, psql gives us a GSSAPI authentication error.
> >>> 
> >>> On Tue, 22 Sep 2020, Anssi Kanninen wrote:
> >>> 
> >>>> Update: It works if the client running psql is root or postgres. If it
> >>>> is a regular user, the connection fails.
> >>>> 
> >>>> On Sun, 20 Sep 2020, Anssi Kanninen wrote:
> >>>> 
> >>>>> Customer's network engineers are also investigating this for a
> >>>>> possible firewall rule problem.
> >>>>> On 18 September 2020 11:31:41 EEST, Anssi Kanninen <anssi at iki.fi>
> >>>>> wrote:
> >>>>> Thank you!
> >>>>> Here is some more info. I made some comparison of the TCP traffic when
> >>>>> connected to Pgpool or straight to PostgreSQL.
> >>>>> See attachments:
> >>>>> * cmd-pgpool.txt
> >>>>> The command and response when connected to Pgpool.
> >>>>> * tcpdump-pgpool.txt
> >>>>> A dump of TCP traffic to/from PgPool port when executed the command
> >>>>> above.
> >>>>> * cmd-postgres.txt
> >>>>> The command and response when connected straight to PostgreSQL.
> >>>>> * tcpdump-postgres.txt
> >>>>> A dump of TCP traffic to/from PostgreSQL port when executed the
> >>>>> command above.
> >>>>> Strangely, it seems that the database name and user name never reached
> >>>>> Pgpool.
> >>>>> Hope this helps,
> >>>>>    - Anssi
> >>>>> On Fri, 18 Sep 2020, Bo Peng wrote:
> >>>>>  Hi,
> >>>>>  Thank you for reporting this issue.
> >>>>>  I am going to look into this one.
> >>>>>  On Fri, 18 Sep 2020 02:47:24 +0300
> >>>>>  Anssi Kanninen <anssi at iki.fi> wrote:
> >>>>>  Software versions are the same on both systems:
> >>>>>  PostgreSQL 12.2
> >>>>>  Pgpool 4.1.3
> >>>>>  On 18 September 2020 02:31:11 EEST, Anssi Kanninen <anssi at iki.fi>
> >>>>>  wrote:
> >>>>>  Hello,
> >>>>>  My Pgpool doesn't work on RHEL 8.2.
> >>>>>  Eveythins runs smoothly on my Centos 8.1.1911 virtual machines but
> >>>>>  when
> >>>>>  I
> >>>>>  transfer the same Pgpool/PostgreSQL configuration to customer's RHEL
> >>>>>  8.2,
> >>>>>  I can not connect to Pgpool via TCP/IP.
> >>>>>  Here is a clip of my log on Centos when I successfully fail to
> >>>>>  authenticate (x.x.x.x is a wrong interface, so this error is
> >>>>>  expected).
> >>>>>  So, "user" and "database" are show in the log.
> >>>>>  Sep 16 16:04:35 centos8i1 pgpool[6616]: [33-1] pid 6616: ERROR: failed
> >>>>>  to authenticate
> >>>>>  Sep 16 16:04:35 centos8i1 pgpool[6616]: [33-2] pid 6616: DETAIL:  no
> >>>>>  pg_hba.conf entry for host "x.x.x.x", user "pgpool", database
> >>>>>  "postgres", SSL off
> >>>>>  Here is log of successful connection. Protocol Major is 3 and Minor is
> >>>>>  0.
> >>>>>  Sep 18 02:07:28 centos8i1 pgpool[27853]: [26-1] pid 27853: DEBUG:
> >>>>>  reading startup packet
> >>>>>  Sep 18 02:07:28 centos8i1 pgpool[27853]: [26-2] pid 27853: DETAIL:
> >>>>>  application_name: psql
> >>>>>  Sep 18 02:07:28 centos8i1 pgpool[27853]: [27-1] pid 27853: DEBUG:
> >>>>>  reading startup packet
> >>>>>  Sep 18 02:07:28 centos8i1 pgpool[27853]: [27-2] pid 27853: DETAIL:
> >>>>>  Protocol Major: 3 Minor: 0 database: postgres user: pgpool
> >>>>>  Sep 18 02:07:28 centos8i1 pgpool[27853]: [28-1] pid 27853: DEBUG:
> >>>>>  creating new connection to backend
> >>>>>  Sep 18 02:07:28 centos8i1 pgpool[27853]: [28-2] pid 27853: DETAIL:
> >>>>>  connecting 0 backend
> >>>>>  Sep 18 02:07:28 centos8i1 pgpool[27853]: [29-1] pid 27853: DEBUG:
> >>>>>  creating new connection to backend
> >>>>>  Sep 18 02:07:28 centos8i1 pgpool[27853]: [29-2] pid 27853: DETAIL:
> >>>>>  connecting 1 backend
> >>>>>  Sep 18 02:07:28 centos8i1 pgpool[27853]: [30-1] pid 27853: DEBUG:
> >>>>>  creating new connection to backend
> >>>>>  Sep 18 02:07:28 centos8i1 pgpool[27853]: [30-2] pid 27853: DETAIL:
> >>>>>  connecting 2 backend
> >>>>>  Sep 18 02:07:28 centos8i1 pgpool[27853]: [31-1] pid 27853: DEBUG:
> >>>>>  authentication backend
> >>>>>  Sep 18 02:07:28 centos8i1 pgpool[27853]: [31-2] pid 27853: DETAIL:
> >>>>>  auth kind:10
> >>>>>  Sep 18 02:07:28 centos8i1 pgpool[27853]: [32-1] pid 27853: DEBUG:
> >>>>>  authentication backend 0
> >>>>>  Sep 18 02:07:28 centos8i1 pgpool[27853]: [32-2] pid 27853: DETAIL:
> >>>>>  trying SCRAM authentication
> >>>>>  Sep 18 02:07:28 centos8i1 pgpool[27853]: [33-1] pid 27853: DEBUG:
> >>>>>  SCRAM authentication successful for backend 0
> >>>>>  So, the above works.
> >>>>>  But then I transfer the same configuration to the customer's RHEL 8.2,
> >>>>>  the
> >>>>>  same connection attempt shows this:
> >>>>>  Sep 18 01:48:31 haketikuqadb01 pgpool[348681]: [262-1] pid 348681:
> >>>>>  DEBUG:  I am 348681 accept fd 8
> >>>>>  Sep 18 01:48:31 haketikuqadb01 pgpool[348681]: [263-1] pid 348681:
> >>>>>  DEBUG:  reading startup packet
> >>>>>  Sep 18 01:48:31 haketikuqadb01 pgpool[348681]: [263-2] pid 348681:
> >>>>>  DETAIL:  Protocol Major: 1234 Minor: 5680 database:  user:
> >>>>>  Sep 18 01:48:31 haketikuqadb01 pgpool[348681]: [264-1] pid 348681:
> >>>>>  FATAL:  client authentication failed
> >>>>>  Sep 18 01:48:31 haketikuqadb01 pgpool[348681]: [264-2] pid 348681:
> >>>>>  DETAIL:  no pool_hba.conf entry for host "x.x.x.x", user "", database
> >>>>>  "", SSL off
> >>>>>  Sep 18 01:48:31 haketikuqadb01 pgpool[348681]: [264-3] pid 348681:
> >>>>>  HINT:  see pgpool log for details
> >>>>>  Sep 18 01:48:31 haketikuqadb01 pgpool[348612]: [46-1] pid 348612:
> >>>>>  DEBUG:  reaper handler
> >>>>>  Sep 18 01:48:31 haketikuqadb01 pgpool[348612]: [47-1] pid 348612: LOG:
> >>>>>  child process with pid: 348681 exits with status 512
> >>>>>  Protocol Major and Minor numbers look strange and why the database
> >>>>>  name
> >>>>>  and user name are empty? Did it fail to read the incoming packet for
> >>>>>  some
> >>>>>  reason? The connection was local but thru TCP/IP network interface.
> >>>>>  Linux
> >>>>>  firewall was used but same ports were open on both clusters. SELinux
> >>>>>  is
> >>>>>  in
> >>>>>  use.
> >>>>>  Psql client responds like this:
> >>>>>  psql: error: could not connect to server: server closed the connection
> >>>>>  unexpectedly
> >>>>>          This propably means the server terminated abnormally
> >>>>>          before or while processing the request.
> >>>>>  Here is my pool_hba.conf:
> >>>>>  local   all         all                               trust
> >>>>>  host    all         all         127.0.0.1/32          trust
> >>>>>  host    all         all         ::1/128               trust
> >>>>>  host    all         pgpool      samenet               scram-sha-256
> >>>>>  host    all         postgres    samenet               scram-sha-256
> >>>>>  My pool_passwd looks like this:
> >>>>>  postgres:AESmyencryptedpassword==
> >>>>>  pgpool:AESmyencryptedpassword==
> >>>>>  The psql command was as follows and the password was correct:
> >>>>>  $ psql -h x.x.x.x postgres pgpool -w
> >>>>>  So, something is different on our RHEL but what?
> >>>>>  Best regards,
> >>>>>    Anssi
> >>>>> ______________________________________________________________________________________________________________
> >>>>>  pgpool-general mailing list
> >>>>>  pgpool-general at pgpool.net
> >>>>>  http://www.pgpool.net/mailman/listinfo/pgpool-general
> >>>>>  --
> >>>>>  Bo Peng <pengbo at sraoss.co.jp>
> >>>>>  SRA OSS, Inc. Japan
> >>>>> 
> >>>> 
> >>>> --
> >>>> anssi at iki.fi
> >>>> _______________________________________________
> >>>> pgpool-general mailing list
> >>>> pgpool-general at pgpool.net
> >>>> http://www.pgpool.net/mailman/listinfo/pgpool-general
> >>>> 
> >>> 
> >>> --
> >>> anssi at iki.fi
> >>> _______________________________________________
> >>> pgpool-general mailing list
> >>> pgpool-general at pgpool.net
> >>> http://www.pgpool.net/mailman/listinfo/pgpool-general
> >> 
> >
> > -- 
> > anssi at iki.fi
> > _______________________________________________
> > pgpool-general mailing list
> > pgpool-general at pgpool.net
> > http://www.pgpool.net/mailman/listinfo/pgpool-general
> >
> 
> -- 
> anssi at iki.fi
> _______________________________________________
> pgpool-general mailing list
> pgpool-general at pgpool.net
> http://www.pgpool.net/mailman/listinfo/pgpool-general


-- 
Bo Peng <pengbo at sraoss.co.jp>
SRA OSS, Inc. Japan

More information about the pgpool-general mailing list