[pgpool-general: 7306] Re: No TCP/IP connection to Pgpool on RHEL 8.2
Anssi Kanninen
anssi at iki.fi
Tue Sep 22 23:46:19 JST 2020
This is just what I was looking for, thank you very much!
- Anssi
On Tue, 22 Sep 2020, Bo Peng wrote:
> Hi,
>
> On Tue, 22 Sep 2020 17:17:04 +0300 (FLE Daylight Time)
> Anssi Kanninen <anssi at iki.fi> wrote:
>
>> This is resolved now for pgpool. Thank you very much again!
>>
>> Does anybody know how to disable GSSAPI authentication of psql client?
>
> A workaround is to set an environment variable to disable GSSAPI in the client.
>
> export PGGSSENCMODE=disable
>
>> Cheers,
>> - Anssi
>>
>> On Tue, 22 Sep 2020, Anssi Kanninen wrote:
>>
>>> Oh yes...
>>> Thank you very much, this may solve the whole problem.
>>>
>>>
>>> On Tue, 22 Sep 2020, Tatsuo Ishii wrote:
>>>
>>>> Yes, Major = 1234, Minor = 5680 means GSSAPI authentication request.
>>>> Unfortunately Pgpool-II does not support GSSAPI (yet).
>>>>
>>>> Best regards,
>>>> --
>>>> Tatsuo Ishii
>>>> SRA OSS, Inc. Japan
>>>> English: http://www.sraoss.co.jp/index_en.php
>>>> Japanese:http://www.sraoss.co.jp
>>>>
>>>>> Could it be something to do with GSSAPI authentication? We are not
>>>>> using it with DB connections. With root user, it doesn't inform about
>>>>> it. As a regular user, psql gives us a GSSAPI authentication error.
>>>>>
>>>>> On Tue, 22 Sep 2020, Anssi Kanninen wrote:
>>>>>
>>>>>> Update: It works if the client running psql is root or postgres. If it
>>>>>> is a regular user, the connection fails.
>>>>>>
>>>>>> On Sun, 20 Sep 2020, Anssi Kanninen wrote:
>>>>>>
>>>>>>> Customer's network engineers are also investigating this for a
>>>>>>> possible firewall rule problem.
>>>>>>> On 18 September 2020 11:31:41 EEST, Anssi Kanninen <anssi at iki.fi>
>>>>>>> wrote:
>>>>>>> Thank you!
>>>>>>> Here is some more info. I made some comparison of the TCP traffic when
>>>>>>> connected to Pgpool or straight to PostgreSQL.
>>>>>>> See attachments:
>>>>>>> * cmd-pgpool.txt
>>>>>>> The command and response when connected to Pgpool.
>>>>>>> * tcpdump-pgpool.txt
>>>>>>> A dump of TCP traffic to/from PgPool port when executed the command
>>>>>>> above.
>>>>>>> * cmd-postgres.txt
>>>>>>> The command and response when connected straight to PostgreSQL.
>>>>>>> * tcpdump-postgres.txt
>>>>>>> A dump of TCP traffic to/from PostgreSQL port when executed the
>>>>>>> command above.
>>>>>>> Strangely, it seems that the database name and user name never reached
>>>>>>> Pgpool.
>>>>>>> Hope this helps,
>>>>>>> - Anssi
>>>>>>> On Fri, 18 Sep 2020, Bo Peng wrote:
>>>>>>> Hi,
>>>>>>> Thank you for reporting this issue.
>>>>>>> I am going to look into this one.
>>>>>>> On Fri, 18 Sep 2020 02:47:24 +0300
>>>>>>> Anssi Kanninen <anssi at iki.fi> wrote:
>>>>>>> Software versions are the same on both systems:
>>>>>>> PostgreSQL 12.2
>>>>>>> Pgpool 4.1.3
>>>>>>> On 18 September 2020 02:31:11 EEST, Anssi Kanninen <anssi at iki.fi>
>>>>>>> wrote:
>>>>>>> Hello,
>>>>>>> My Pgpool doesn't work on RHEL 8.2.
>>>>>>> Eveythins runs smoothly on my Centos 8.1.1911 virtual machines but
>>>>>>> when
>>>>>>> I
>>>>>>> transfer the same Pgpool/PostgreSQL configuration to customer's RHEL
>>>>>>> 8.2,
>>>>>>> I can not connect to Pgpool via TCP/IP.
>>>>>>> Here is a clip of my log on Centos when I successfully fail to
>>>>>>> authenticate (x.x.x.x is a wrong interface, so this error is
>>>>>>> expected).
>>>>>>> So, "user" and "database" are show in the log.
>>>>>>> Sep 16 16:04:35 centos8i1 pgpool[6616]: [33-1] pid 6616: ERROR: failed
>>>>>>> to authenticate
>>>>>>> Sep 16 16:04:35 centos8i1 pgpool[6616]: [33-2] pid 6616: DETAIL: no
>>>>>>> pg_hba.conf entry for host "x.x.x.x", user "pgpool", database
>>>>>>> "postgres", SSL off
>>>>>>> Here is log of successful connection. Protocol Major is 3 and Minor is
>>>>>>> 0.
>>>>>>> Sep 18 02:07:28 centos8i1 pgpool[27853]: [26-1] pid 27853: DEBUG:
>>>>>>> reading startup packet
>>>>>>> Sep 18 02:07:28 centos8i1 pgpool[27853]: [26-2] pid 27853: DETAIL:
>>>>>>> application_name: psql
>>>>>>> Sep 18 02:07:28 centos8i1 pgpool[27853]: [27-1] pid 27853: DEBUG:
>>>>>>> reading startup packet
>>>>>>> Sep 18 02:07:28 centos8i1 pgpool[27853]: [27-2] pid 27853: DETAIL:
>>>>>>> Protocol Major: 3 Minor: 0 database: postgres user: pgpool
>>>>>>> Sep 18 02:07:28 centos8i1 pgpool[27853]: [28-1] pid 27853: DEBUG:
>>>>>>> creating new connection to backend
>>>>>>> Sep 18 02:07:28 centos8i1 pgpool[27853]: [28-2] pid 27853: DETAIL:
>>>>>>> connecting 0 backend
>>>>>>> Sep 18 02:07:28 centos8i1 pgpool[27853]: [29-1] pid 27853: DEBUG:
>>>>>>> creating new connection to backend
>>>>>>> Sep 18 02:07:28 centos8i1 pgpool[27853]: [29-2] pid 27853: DETAIL:
>>>>>>> connecting 1 backend
>>>>>>> Sep 18 02:07:28 centos8i1 pgpool[27853]: [30-1] pid 27853: DEBUG:
>>>>>>> creating new connection to backend
>>>>>>> Sep 18 02:07:28 centos8i1 pgpool[27853]: [30-2] pid 27853: DETAIL:
>>>>>>> connecting 2 backend
>>>>>>> Sep 18 02:07:28 centos8i1 pgpool[27853]: [31-1] pid 27853: DEBUG:
>>>>>>> authentication backend
>>>>>>> Sep 18 02:07:28 centos8i1 pgpool[27853]: [31-2] pid 27853: DETAIL:
>>>>>>> auth kind:10
>>>>>>> Sep 18 02:07:28 centos8i1 pgpool[27853]: [32-1] pid 27853: DEBUG:
>>>>>>> authentication backend 0
>>>>>>> Sep 18 02:07:28 centos8i1 pgpool[27853]: [32-2] pid 27853: DETAIL:
>>>>>>> trying SCRAM authentication
>>>>>>> Sep 18 02:07:28 centos8i1 pgpool[27853]: [33-1] pid 27853: DEBUG:
>>>>>>> SCRAM authentication successful for backend 0
>>>>>>> So, the above works.
>>>>>>> But then I transfer the same configuration to the customer's RHEL 8.2,
>>>>>>> the
>>>>>>> same connection attempt shows this:
>>>>>>> Sep 18 01:48:31 haketikuqadb01 pgpool[348681]: [262-1] pid 348681:
>>>>>>> DEBUG: I am 348681 accept fd 8
>>>>>>> Sep 18 01:48:31 haketikuqadb01 pgpool[348681]: [263-1] pid 348681:
>>>>>>> DEBUG: reading startup packet
>>>>>>> Sep 18 01:48:31 haketikuqadb01 pgpool[348681]: [263-2] pid 348681:
>>>>>>> DETAIL: Protocol Major: 1234 Minor: 5680 database: user:
>>>>>>> Sep 18 01:48:31 haketikuqadb01 pgpool[348681]: [264-1] pid 348681:
>>>>>>> FATAL: client authentication failed
>>>>>>> Sep 18 01:48:31 haketikuqadb01 pgpool[348681]: [264-2] pid 348681:
>>>>>>> DETAIL: no pool_hba.conf entry for host "x.x.x.x", user "", database
>>>>>>> "", SSL off
>>>>>>> Sep 18 01:48:31 haketikuqadb01 pgpool[348681]: [264-3] pid 348681:
>>>>>>> HINT: see pgpool log for details
>>>>>>> Sep 18 01:48:31 haketikuqadb01 pgpool[348612]: [46-1] pid 348612:
>>>>>>> DEBUG: reaper handler
>>>>>>> Sep 18 01:48:31 haketikuqadb01 pgpool[348612]: [47-1] pid 348612: LOG:
>>>>>>> child process with pid: 348681 exits with status 512
>>>>>>> Protocol Major and Minor numbers look strange and why the database
>>>>>>> name
>>>>>>> and user name are empty? Did it fail to read the incoming packet for
>>>>>>> some
>>>>>>> reason? The connection was local but thru TCP/IP network interface.
>>>>>>> Linux
>>>>>>> firewall was used but same ports were open on both clusters. SELinux
>>>>>>> is
>>>>>>> in
>>>>>>> use.
>>>>>>> Psql client responds like this:
>>>>>>> psql: error: could not connect to server: server closed the connection
>>>>>>> unexpectedly
>>>>>>> This propably means the server terminated abnormally
>>>>>>> before or while processing the request.
>>>>>>> Here is my pool_hba.conf:
>>>>>>> local all all trust
>>>>>>> host all all 127.0.0.1/32 trust
>>>>>>> host all all ::1/128 trust
>>>>>>> host all pgpool samenet scram-sha-256
>>>>>>> host all postgres samenet scram-sha-256
>>>>>>> My pool_passwd looks like this:
>>>>>>> postgres:AESmyencryptedpassword==
>>>>>>> pgpool:AESmyencryptedpassword==
>>>>>>> The psql command was as follows and the password was correct:
>>>>>>> $ psql -h x.x.x.x postgres pgpool -w
>>>>>>> So, something is different on our RHEL but what?
>>>>>>> Best regards,
>>>>>>> Anssi
>>>>>>> ______________________________________________________________________________________________________________
>>>>>>> pgpool-general mailing list
>>>>>>> pgpool-general at pgpool.net
>>>>>>> http://www.pgpool.net/mailman/listinfo/pgpool-general
>>>>>>> --
>>>>>>> Bo Peng <pengbo at sraoss.co.jp>
>>>>>>> SRA OSS, Inc. Japan
>>>>>>>
>>>>>>
>>>>>> --
>>>>>> anssi at iki.fi
>>>>>> _______________________________________________
>>>>>> pgpool-general mailing list
>>>>>> pgpool-general at pgpool.net
>>>>>> http://www.pgpool.net/mailman/listinfo/pgpool-general
>>>>>>
>>>>>
>>>>> --
>>>>> anssi at iki.fi
>>>>> _______________________________________________
>>>>> pgpool-general mailing list
>>>>> pgpool-general at pgpool.net
>>>>> http://www.pgpool.net/mailman/listinfo/pgpool-general
>>>>
>>>
>>> --
>>> anssi at iki.fi
>>> _______________________________________________
>>> pgpool-general mailing list
>>> pgpool-general at pgpool.net
>>> http://www.pgpool.net/mailman/listinfo/pgpool-general
>>>
>>
>> --
>> anssi at iki.fi
>> _______________________________________________
>> pgpool-general mailing list
>> pgpool-general at pgpool.net
>> http://www.pgpool.net/mailman/listinfo/pgpool-general
>
>
> --
> Bo Peng <pengbo at sraoss.co.jp>
> SRA OSS, Inc. Japan
> _______________________________________________
> pgpool-general mailing list
> pgpool-general at pgpool.net
> http://www.pgpool.net/mailman/listinfo/pgpool-general
>
--
anssi at iki.fi
More information about the pgpool-general
mailing list