Обсуждение: Postgres IDENT auth problems...
G'day, I am trying to install Request Tracker (using Postgres) on a user-mode linux server running Debian testing. Installation (including database setup) runs flawlessly on my desktop machine, but the postgres database setup fails on the server. Correspondence on the Request Tracker mailing list seems to have narrowed the problem to a postgres problem--if you can help me, it would be much appreciated. Here's the problem: The request tracker database setup script dies trying to connect to the database: DBI connect('dbname=template1;host=localhost','rtuser',...) failed: could not connect to server: Connection refused at /usr/sbin/rt-setup-database line 110 So I wrote a little Perl script to test this: my $dsn = "dbi:Pg:dbname=template1"; ### ### But this dies!!! ### my $dsn = "dbi:Pg:dbname=template1:host=localhost;"; ### my $dbh = DBI->connect($dsn, "rtuser", "wibble") or die "doh!\n"; For some reason specifying "host=localhost" in the $dsn causes everything to die. I can connect manually to the database, like so: root@request-tracker:~# psql -d template1 -U rtuser -W Password: Welcome to psql 7.4.2, the PostgreSQL interactive terminal. But it fails if I specify the host: root@request-tracker:~# psql -d template1 -U rtuser -h localhost -W Password: psql: could not connect to server: Connection refused Is the server running on host "localhost" and accepting TCP/IP connections on port 5432? Now before you ask: Yes, the following lines appear uncommented in my /etc/postgresql/postgresql.conf: tcpip_socket = true port = 5432 But then: root@request-tracker:~# netstat -auntp shows postmaster running on a udp port??? udp 0 0 127.0.0.1:1042 127.0.0.1:1042 ESTABLISHED18375/postmaster A server restart shows: root@request-tracker:~# /etc/init.d/postgresql restart Stopping PostgreSQL database server: autovacuumNo pg_autovacuum found running; none killed. postmaster. Starting PostgreSQL database server: postmaster autovacuum. What is pg_autovacuum anyway? I dunno.... And finally, I *do* have lines in my pg_hba.conf file (and yes, in the correct order) to allow my user 'rtuser' to connect to template1: host template1 rtuser 127.0.0.1 255.255.255.255 password local template1 rtuser password host rtdb rtuser 127.0.0.1 255.255.255.255 password local rtdb rtuser password The above four lines are the first uncommented lines in the file, as directed by request tracker's INSTALL.Debian. I should note that for whatever reason, Debian testing seems to mistakenly read from /var/lib/postgres/data/pg_hba.conf instead of /etc/postgresql/pg_hba.conf. I've symlinked the two, so this is not a cause of the problem. I have thoroughly and completely exhausted everything I can think of for this problem. Request Tracker using postgres is up and running fine--straight out of the box--on my Debian testing desktop, but not the uml server. Something about that host=localhost thing.... Any ideas? Thanks, Jens
On Wed, Jun 30, 2004 at 11:33:04PM -0600, Scott Marlowe wrote: > On Wed, 2004-06-30 at 21:38, Jens Porup wrote: > > > The request tracker database setup script dies trying to connect to > > the database: > > > > DBI connect('dbname=template1;host=localhost','rtuser',...) failed: could not > > connect to server: Connection refused at /usr/sbin/rt-setup-database line 110 > > <snip> > > > > Now before you ask: > > > > Yes, the following lines appear uncommented in my > > /etc/postgresql/postgresql.conf: > > > > tcpip_socket = true > > port = 5432 > > > > But then: > > > > root@request-tracker:~# netstat -auntp > > > > shows postmaster running on a udp port??? > > > > udp 0 0 127.0.0.1:1042 127.0.0.1:1042 ESTABLISHED18375/postmaster > > > > But can you nmap it? And that's not the right default port 5432... > Maybe it's some new feature I'm familiar with, or you've changed it. Trust me, I am a postgres newbie... I'm not trying to do anything but a *very* ordinary install! > > What does nmap <ip> show? root@request-tracker:~# nmap localhost Starting nmap 3.50 ( http://www.insecure.org/nmap/ ) at 2004-07-01 15:39 EST Interesting ports on localhost (127.0.0.1): (The 1654 ports scanned but not shown below are in state: closed) PORT STATE SERVICE 22/tcp open ssh 25/tcp open smtp 80/tcp open http 113/tcp open auth 515/tcp open printer Nmap run completed -- 1 IP address (1 host up) scanned in 1.735 seconds root@request-tracker:~# > > A server restart shows: > > > > root@request-tracker:~# /etc/init.d/postgresql restart > > Stopping PostgreSQL database server: autovacuumNo pg_autovacuum found running; > > none killed. > > postmaster. > > Starting PostgreSQL database server: postmaster autovacuum. > > Sounds like a firewall to me. > My colleague here at work who built the user mode linux image I'm using (the virtual "box") assures me there's no firewall installed.... how would I check if there were? > > And finally, I *do* have lines in my pg_hba.conf file (and yes, in the correct > > order) to allow my user 'rtuser' to connect to template1: > > > > Yeah, you'd see it as a different error, one about not having permission > to connect, like: > > psql: FATAL: no pg_hba.conf entry for host "10.0.0.2", user "postgres", > database "postgres", SSL off Well, that helps eliminate one possibility anyway. Any more ideas? Thanks, Jens > > Hope that helps.
On Wed, 2004-06-30 at 21:38, Jens Porup wrote: > The request tracker database setup script dies trying to connect to > the database: > > DBI connect('dbname=template1;host=localhost','rtuser',...) failed: could not > connect to server: Connection refused at /usr/sbin/rt-setup-database line 110 > > I can connect manually to the database, like so: > > root@request-tracker:~# psql -d template1 -U rtuser -W > Password: > Welcome to psql 7.4.2, the PostgreSQL interactive terminal. > > But it fails if I specify the host: > > root@request-tracker:~# psql -d template1 -U rtuser -h localhost -W > Password: > psql: could not connect to server: Connection refused > Is the server running on host "localhost" and accepting > TCP/IP connections on port 5432? > Now before you ask: > > Yes, the following lines appear uncommented in my > /etc/postgresql/postgresql.conf: > > tcpip_socket = true > port = 5432 > > But then: > > root@request-tracker:~# netstat -auntp > > shows postmaster running on a udp port??? > > udp 0 0 127.0.0.1:1042 127.0.0.1:1042 ESTABLISHED18375/postmaster > But can you nmap it? And that's not the right default port 5432... Maybe it's some new feature I'm familiar with, or you've changed it. What does nmap <ip> show? > A server restart shows: > > root@request-tracker:~# /etc/init.d/postgresql restart > Stopping PostgreSQL database server: autovacuumNo pg_autovacuum found running; > none killed. > postmaster. > Starting PostgreSQL database server: postmaster autovacuum. Sounds like a firewall to me. > What is pg_autovacuum anyway? I dunno.... Coolest thing since sliced bread? It's a process that comes along and cleans house in the back ground, without putting the onus of keeping the database well cleaned on the average user. > And finally, I *do* have lines in my pg_hba.conf file (and yes, in the correct > order) to allow my user 'rtuser' to connect to template1: > > host template1 rtuser 127.0.0.1 255.255.255.255 password > local template1 rtuser password > host rtdb rtuser 127.0.0.1 255.255.255.255 password > local rtdb rtuser password Yeah, you'd see it as a different error, one about not having permission to connect, like: psql: FATAL: no pg_hba.conf entry for host "10.0.0.2", user "postgres", database "postgres", SSL off Hope that helps.
Oh, almost forgot: Some log errors that might help: From /var/log/postgresql/autovacuum_log: [2004-07-01 01:31:59 PM] Error: GUC variable stats_row_level must be enabled. [2004-07-01 01:31:59 PM] Please fix the problems and try again. After doing a server restart, this line always appends itself to the /var/log/postgresql/postgres.log: LOG: unexpected EOF on client connection Do these help to clarify my problem at all? Thanks, Jens
Jens Porup <jens@cyber.com.au> writes: > I can connect manually to the database, like so: > root@request-tracker:~# psql -d template1 -U rtuser -W > Password: > Welcome to psql 7.4.2, the PostgreSQL interactive terminal. > But it fails if I specify the host: > root@request-tracker:~# psql -d template1 -U rtuser -h localhost -W > Password: > psql: could not connect to server: Connection refused > Is the server running on host "localhost" and accepting > TCP/IP connections on port 5432? "Connection refused" means that you got a kernel-level rejection; the postmaster never saw your request at all. AFAICS you did everything right to ensure that the postmaster is listening on TCP port 5432 (though you may want to use netstat to reconfirm this). So that leaves firewall-type problems. There is of course no separate firewall box to blame, but there definitely can be kernel packet filters getting in the way. I know that recent Red Hat releases default to blocking port-5432 traffic (along with most other ports). I don't know Debian but I'd bet it's the same story. You need to look to your ipchains or iptables configuration. regards, tom lane
On Wed, 2004-06-30 at 23:46, Jens Porup wrote: > On Wed, Jun 30, 2004 at 11:33:04PM -0600, Scott Marlowe wrote: > > On Wed, 2004-06-30 at 21:38, Jens Porup wrote: > > > > > The request tracker database setup script dies trying to connect to > > > the database: > > > > > > DBI connect('dbname=template1;host=localhost','rtuser',...) failed: could not > > > connect to server: Connection refused at /usr/sbin/rt-setup-database line 110 > > > > <snip> > > > > > > Now before you ask: > > > > > > Yes, the following lines appear uncommented in my > > > /etc/postgresql/postgresql.conf: > > > > > > tcpip_socket = true > > > port = 5432 > > > > > > But then: > > > > > > root@request-tracker:~# netstat -auntp > > > > > > shows postmaster running on a udp port??? > > > > > > udp 0 0 127.0.0.1:1042 127.0.0.1:1042 ESTABLISHED18375/postmaster > > > > > > > But can you nmap it? And that's not the right default port 5432... > > Maybe it's some new feature I'm familiar with, or you've changed it. > > Trust me, I am a postgres newbie... I'm not trying to do anything but a *very* > ordinary install! Well, something is quite wrong then. Find your postgresql.conf file and see what port it is set to there. port 1042 is definitely not the default port. Also, try two things: nmap -p 1042 psql -h 127.0.0.1 -p 1042 If nmap can see the port open, and psql can open it, then you can just use it like that by specifying that port each time in your connect string. > > > > What does nmap <ip> show? > > root@request-tracker:~# nmap localhost > > Starting nmap 3.50 ( http://www.insecure.org/nmap/ ) at 2004-07-01 15:39 EST > Interesting ports on localhost (127.0.0.1): > (The 1654 ports scanned but not shown below are in state: closed) > PORT STATE SERVICE > 22/tcp open ssh > 25/tcp open smtp > 80/tcp open http > 113/tcp open auth > 515/tcp open printer > > Nmap run completed -- 1 IP address (1 host up) scanned in 1.735 seconds > root@request-tracker:~# > > > > A server restart shows: > > > > > > root@request-tracker:~# /etc/init.d/postgresql restart > > > Stopping PostgreSQL database server: autovacuumNo pg_autovacuum found running; > > > none killed. > > > postmaster. > > > Starting PostgreSQL database server: postmaster autovacuum. > > > > Sounds like a firewall to me. > > > My colleague here at work who built the user mode linux image I'm using > (the virtual "box") assures me there's no firewall installed.... how > would I check if there were? IF the database is configured for port 1042, then it might not be a firewall, just a misconfiguration of the database.
On Thu, Jul 01, 2004 at 09:25:29AM -0600, Scott Marlowe wrote: > > > > Yes, the following lines appear uncommented in my > > > > /etc/postgresql/postgresql.conf: > > > > > > > > tcpip_socket = true > > > > port = 5432 > > > > > > > > But then: > > > > > > > > root@request-tracker:~# netstat -auntp > > > > > > > > shows postmaster running on a udp port??? > > > > > > > > udp 0 0 127.0.0.1:1042 127.0.0.1:1042 ESTABLISHED18375/postmaster > > > > > > > > > > But can you nmap it? And that's not the right default port 5432... > > > Maybe it's some new feature I'm familiar with, or you've changed it. > > > > Trust me, I am a postgres newbie... I'm not trying to do anything but a *very* > > ordinary install! > > Well, something is quite wrong then. Find your postgresql.conf file and > see what port it is set to there. port 1042 is definitely not the > default port. > > Also, try two things: > > nmap -p 1042 > psql -h 127.0.0.1 -p 1042 > root@request-tracker:~# nmap -p 1042 Starting nmap 3.50 ( http://www.insecure.org/nmap/ ) at 2004-07-02 12:36 EST WARNING: No targets were specified, so 0 hosts scanned. Nmap run completed -- 0 IP addresses (0 hosts up) scanned in 0.003 seconds root@request-tracker:~# psql -h 127.0.0.1 -p 1042 No database specified root@request-tracker:~# *sigh* I am beginning to think this is probably a build issue with the user mode linux kernel I'm using. I'll look into that now. Thanks, Jens > If nmap can see the port open, and psql can open it, then you can just > use it like that by specifying that port each time in your connect > string. > > > > > > > What does nmap <ip> show? > > > > root@request-tracker:~# nmap localhost > > > > Starting nmap 3.50 ( http://www.insecure.org/nmap/ ) at 2004-07-01 15:39 EST > > Interesting ports on localhost (127.0.0.1): > > (The 1654 ports scanned but not shown below are in state: closed) > > PORT STATE SERVICE > > 22/tcp open ssh > > 25/tcp open smtp > > 80/tcp open http > > 113/tcp open auth > > 515/tcp open printer > > > > Nmap run completed -- 1 IP address (1 host up) scanned in 1.735 seconds > > root@request-tracker:~# > > > > > > A server restart shows: > > > > > > > > root@request-tracker:~# /etc/init.d/postgresql restart > > > > Stopping PostgreSQL database server: autovacuumNo pg_autovacuum found running; > > > > none killed. > > > > postmaster. > > > > Starting PostgreSQL database server: postmaster autovacuum. > > > > > > Sounds like a firewall to me. > > > > > My colleague here at work who built the user mode linux image I'm using > > (the virtual "box") assures me there's no firewall installed.... how > > would I check if there were? > > IF the database is configured for port 1042, then it might not be a > firewall, just a misconfiguration of the database. >
On Thu, 2004-07-01 at 07:25, Jens Porup wrote: > Oh, almost forgot: > > Some log errors that might help: > > From /var/log/postgresql/autovacuum_log: > > [2004-07-01 01:31:59 PM] Error: GUC variable stats_row_level must be enabled. > [2004-07-01 01:31:59 PM] Please fix the problems and try again. This is not relevant. Add: stats_row_level = true in /etc/postgresql/postgresql/conf Autovacuum needs those statistics to work out what to vacuum. -- Oliver Elphick olly@lfix.co.uk Isle of Wight http://www.lfix.co.uk/oliver GPG: 1024D/A54310EA 92C8 39E7 280E 3631 3F0E 1EC0 5664 7A2F A543 10EA ======================================== "Therefore being justified by faith, we have peace with God through our Lord Jesus Christ." Romans 5:1