[pgpool-general: 7306] Re: No TCP/IP connection to Pgpool on RHEL 8.2

Anssi Kanninen anssi at iki.fi
Tue Sep 22 23:46:19 JST 2020 

This is just what I was looking for, thank you very much!
- Anssi

On Tue, 22 Sep 2020, Bo Peng wrote:

> Hi,
>
> On Tue, 22 Sep 2020 17:17:04 +0300 (FLE Daylight Time)
> Anssi Kanninen <anssi at iki.fi> wrote:
>
>> This is resolved now for pgpool. Thank you very much again!
>>
>> Does anybody know how to disable GSSAPI authentication of psql client?
>
> A workaround is to set an environment variable to disable GSSAPI in the client.
>
>  export PGGSSENCMODE=disable
>
>> Cheers,
>>    - Anssi
>>
>> On Tue, 22 Sep 2020, Anssi Kanninen wrote:
>>
>>> Oh yes...
>>> Thank you very much, this may solve the whole problem.
>>>
>>>
>>> On Tue, 22 Sep 2020, Tatsuo Ishii wrote:
>>>
>>>> Yes, Major = 1234, Minor = 5680 means GSSAPI authentication request.
>>>> Unfortunately Pgpool-II does not support GSSAPI (yet).
>>>>
>>>> Best regards,
>>>> --
>>>> Tatsuo Ishii
>>>> SRA OSS, Inc. Japan
>>>> English: http://www.sraoss.co.jp/index_en.php
>>>> Japanese:http://www.sraoss.co.jp
>>>>
>>>>> Could it be something to do with GSSAPI authentication? We are not
>>>>> using it with DB connections. With root user, it doesn't inform about
>>>>> it. As a regular user, psql gives us a GSSAPI authentication error.
>>>>>
>>>>> On Tue, 22 Sep 2020, Anssi Kanninen wrote:
>>>>>
>>>>>> Update: It works if the client running psql is root or postgres. If it
>>>>>> is a regular user, the connection fails.
>>>>>>
>>>>>> On Sun, 20 Sep 2020, Anssi Kanninen wrote:
>>>>>>
>>>>>>> Customer's network engineers are also investigating this for a
>>>>>>> possible firewall rule problem.
>>>>>>> On 18 September 2020 11:31:41 EEST, Anssi Kanninen <anssi at iki.fi>
>>>>>>> wrote:
>>>>>>> Thank you!
>>>>>>> Here is some more info. I made some comparison of the TCP traffic when
>>>>>>> connected to Pgpool or straight to PostgreSQL.
>>>>>>> See attachments:
>>>>>>> * cmd-pgpool.txt
>>>>>>> The command and response when connected to Pgpool.
>>>>>>> * tcpdump-pgpool.txt
>>>>>>> A dump of TCP traffic to/from PgPool port when executed the command
>>>>>>> above.
>>>>>>> * cmd-postgres.txt
>>>>>>> The command and response when connected straight to PostgreSQL.
>>>>>>> * tcpdump-postgres.txt
>>>>>>> A dump of TCP traffic to/from PostgreSQL port when executed the
>>>>>>> command above.
>>>>>>> Strangely, it seems that the database name and user name never reached
>>>>>>> Pgpool.
>>>>>>> Hope this helps,
>>>>>>>    - Anssi
>>>>>>> On Fri, 18 Sep 2020, Bo Peng wrote:
>>>>>>>  Hi,
>>>>>>>  Thank you for reporting this issue.
>>>>>>>  I am going to look into this one.
>>>>>>>  On Fri, 18 Sep 2020 02:47:24 +0300
>>>>>>>  Anssi Kanninen <anssi at iki.fi> wrote:
>>>>>>>  Software versions are the same on both systems:
>>>>>>>  PostgreSQL 12.2
>>>>>>>  Pgpool 4.1.3
>>>>>>>  On 18 September 2020 02:31:11 EEST, Anssi Kanninen <anssi at iki.fi>
>>>>>>>  wrote:
>>>>>>>  Hello,
>>>>>>>  My Pgpool doesn't work on RHEL 8.2.
>>>>>>>  Eveythins runs smoothly on my Centos 8.1.1911 virtual machines but
>>>>>>>  when
>>>>>>>  I
>>>>>>>  transfer the same Pgpool/PostgreSQL configuration to customer's RHEL
>>>>>>>  8.2,
>>>>>>>  I can not connect to Pgpool via TCP/IP.
>>>>>>>  Here is a clip of my log on Centos when I successfully fail to
>>>>>>>  authenticate (x.x.x.x is a wrong interface, so this error is
>>>>>>>  expected).
>>>>>>>  So, "user" and "database" are show in the log.
>>>>>>>  Sep 16 16:04:35 centos8i1 pgpool[6616]: [33-1] pid 6616: ERROR: failed
>>>>>>>  to authenticate
>>>>>>>  Sep 16 16:04:35 centos8i1 pgpool[6616]: [33-2] pid 6616: DETAIL:  no
>>>>>>>  pg_hba.conf entry for host "x.x.x.x", user "pgpool", database
>>>>>>>  "postgres", SSL off
>>>>>>>  Here is log of successful connection. Protocol Major is 3 and Minor is
>>>>>>>  0.
>>>>>>>  Sep 18 02:07:28 centos8i1 pgpool[27853]: [26-1] pid 27853: DEBUG:
>>>>>>>  reading startup packet
>>>>>>>  Sep 18 02:07:28 centos8i1 pgpool[27853]: [26-2] pid 27853: DETAIL:
>>>>>>>  application_name: psql
>>>>>>>  Sep 18 02:07:28 centos8i1 pgpool[27853]: [27-1] pid 27853: DEBUG:
>>>>>>>  reading startup packet
>>>>>>>  Sep 18 02:07:28 centos8i1 pgpool[27853]: [27-2] pid 27853: DETAIL:
>>>>>>>  Protocol Major: 3 Minor: 0 database: postgres user: pgpool
>>>>>>>  Sep 18 02:07:28 centos8i1 pgpool[27853]: [28-1] pid 27853: DEBUG:
>>>>>>>  creating new connection to backend
>>>>>>>  Sep 18 02:07:28 centos8i1 pgpool[27853]: [28-2] pid 27853: DETAIL:
>>>>>>>  connecting 0 backend
>>>>>>>  Sep 18 02:07:28 centos8i1 pgpool[27853]: [29-1] pid 27853: DEBUG:
>>>>>>>  creating new connection to backend
>>>>>>>  Sep 18 02:07:28 centos8i1 pgpool[27853]: [29-2] pid 27853: DETAIL:
>>>>>>>  connecting 1 backend
>>>>>>>  Sep 18 02:07:28 centos8i1 pgpool[27853]: [30-1] pid 27853: DEBUG:
>>>>>>>  creating new connection to backend
>>>>>>>  Sep 18 02:07:28 centos8i1 pgpool[27853]: [30-2] pid 27853: DETAIL:
>>>>>>>  connecting 2 backend
>>>>>>>  Sep 18 02:07:28 centos8i1 pgpool[27853]: [31-1] pid 27853: DEBUG:
>>>>>>>  authentication backend
>>>>>>>  Sep 18 02:07:28 centos8i1 pgpool[27853]: [31-2] pid 27853: DETAIL:
>>>>>>>  auth kind:10
>>>>>>>  Sep 18 02:07:28 centos8i1 pgpool[27853]: [32-1] pid 27853: DEBUG:
>>>>>>>  authentication backend 0
>>>>>>>  Sep 18 02:07:28 centos8i1 pgpool[27853]: [32-2] pid 27853: DETAIL:
>>>>>>>  trying SCRAM authentication
>>>>>>>  Sep 18 02:07:28 centos8i1 pgpool[27853]: [33-1] pid 27853: DEBUG:
>>>>>>>  SCRAM authentication successful for backend 0
>>>>>>>  So, the above works.
>>>>>>>  But then I transfer the same configuration to the customer's RHEL 8.2,
>>>>>>>  the
>>>>>>>  same connection attempt shows this:
>>>>>>>  Sep 18 01:48:31 haketikuqadb01 pgpool[348681]: [262-1] pid 348681:
>>>>>>>  DEBUG:  I am 348681 accept fd 8
>>>>>>>  Sep 18 01:48:31 haketikuqadb01 pgpool[348681]: [263-1] pid 348681:
>>>>>>>  DEBUG:  reading startup packet
>>>>>>>  Sep 18 01:48:31 haketikuqadb01 pgpool[348681]: [263-2] pid 348681:
>>>>>>>  DETAIL:  Protocol Major: 1234 Minor: 5680 database:  user:
>>>>>>>  Sep 18 01:48:31 haketikuqadb01 pgpool[348681]: [264-1] pid 348681:
>>>>>>>  FATAL:  client authentication failed
>>>>>>>  Sep 18 01:48:31 haketikuqadb01 pgpool[348681]: [264-2] pid 348681:
>>>>>>>  DETAIL:  no pool_hba.conf entry for host "x.x.x.x", user "", database
>>>>>>>  "", SSL off
>>>>>>>  Sep 18 01:48:31 haketikuqadb01 pgpool[348681]: [264-3] pid 348681:
>>>>>>>  HINT:  see pgpool log for details
>>>>>>>  Sep 18 01:48:31 haketikuqadb01 pgpool[348612]: [46-1] pid 348612:
>>>>>>>  DEBUG:  reaper handler
>>>>>>>  Sep 18 01:48:31 haketikuqadb01 pgpool[348612]: [47-1] pid 348612: LOG:
>>>>>>>  child process with pid: 348681 exits with status 512
>>>>>>>  Protocol Major and Minor numbers look strange and why the database
>>>>>>>  name
>>>>>>>  and user name are empty? Did it fail to read the incoming packet for
>>>>>>>  some
>>>>>>>  reason? The connection was local but thru TCP/IP network interface.
>>>>>>>  Linux
>>>>>>>  firewall was used but same ports were open on both clusters. SELinux
>>>>>>>  is
>>>>>>>  in
>>>>>>>  use.
>>>>>>>  Psql client responds like this:
>>>>>>>  psql: error: could not connect to server: server closed the connection
>>>>>>>  unexpectedly
>>>>>>>          This propably means the server terminated abnormally
>>>>>>>          before or while processing the request.
>>>>>>>  Here is my pool_hba.conf:
>>>>>>>  local   all         all                               trust
>>>>>>>  host    all         all         127.0.0.1/32          trust
>>>>>>>  host    all         all         ::1/128               trust
>>>>>>>  host    all         pgpool      samenet               scram-sha-256
>>>>>>>  host    all         postgres    samenet               scram-sha-256
>>>>>>>  My pool_passwd looks like this:
>>>>>>>  postgres:AESmyencryptedpassword==
>>>>>>>  pgpool:AESmyencryptedpassword==
>>>>>>>  The psql command was as follows and the password was correct:
>>>>>>>  $ psql -h x.x.x.x postgres pgpool -w
>>>>>>>  So, something is different on our RHEL but what?
>>>>>>>  Best regards,
>>>>>>>    Anssi
>>>>>>> ______________________________________________________________________________________________________________
>>>>>>>  pgpool-general mailing list
>>>>>>>  pgpool-general at pgpool.net
>>>>>>>  http://www.pgpool.net/mailman/listinfo/pgpool-general
>>>>>>>  --
>>>>>>>  Bo Peng <pengbo at sraoss.co.jp>
>>>>>>>  SRA OSS, Inc. Japan
>>>>>>>
>>>>>>
>>>>>> --
>>>>>> anssi at iki.fi
>>>>>> _______________________________________________
>>>>>> pgpool-general mailing list
>>>>>> pgpool-general at pgpool.net
>>>>>> http://www.pgpool.net/mailman/listinfo/pgpool-general
>>>>>>
>>>>>
>>>>> --
>>>>> anssi at iki.fi
>>>>> _______________________________________________
>>>>> pgpool-general mailing list
>>>>> pgpool-general at pgpool.net
>>>>> http://www.pgpool.net/mailman/listinfo/pgpool-general
>>>>
>>>
>>> --
>>> anssi at iki.fi
>>> _______________________________________________
>>> pgpool-general mailing list
>>> pgpool-general at pgpool.net
>>> http://www.pgpool.net/mailman/listinfo/pgpool-general
>>>
>>
>> --
>> anssi at iki.fi
>> _______________________________________________
>> pgpool-general mailing list
>> pgpool-general at pgpool.net
>> http://www.pgpool.net/mailman/listinfo/pgpool-general
>
>
> -- 
> Bo Peng <pengbo at sraoss.co.jp>
> SRA OSS, Inc. Japan
> _______________________________________________
> pgpool-general mailing list
> pgpool-general at pgpool.net
> http://www.pgpool.net/mailman/listinfo/pgpool-general
>

-- 
anssi at iki.fi

More information about the pgpool-general mailing list