Обсуждение: Postgres IDENT auth problems...

Поиск
Список
Период
Сортировка

Postgres IDENT auth problems...

От
Jens Porup
Дата:
G'day,

I am trying to install Request Tracker (using Postgres) on a user-mode
linux server running Debian testing.

Installation (including database setup) runs flawlessly on my desktop
machine, but the postgres database setup fails on the server.

Correspondence on the Request Tracker mailing list seems to have
narrowed the problem to a postgres problem--if you can help me, it would
be much appreciated.

Here's the problem:

The request tracker database setup script dies trying to connect to
the database:

        DBI connect('dbname=template1;host=localhost','rtuser',...) failed: could not
        connect to server: Connection refused at /usr/sbin/rt-setup-database line 110

So I wrote a little Perl script to test this:

        my $dsn = "dbi:Pg:dbname=template1";

        ###
        ### But this dies!!!
        ### my $dsn = "dbi:Pg:dbname=template1:host=localhost;";
        ###

        my $dbh = DBI->connect($dsn, "rtuser", "wibble") or die "doh!\n";

For some reason specifying "host=localhost" in the $dsn causes everything to
die.

I can connect manually to the database, like so:

        root@request-tracker:~# psql -d template1 -U rtuser -W
        Password:
        Welcome to psql 7.4.2, the PostgreSQL interactive terminal.

But it fails if I specify the host:

        root@request-tracker:~# psql -d template1 -U rtuser -h localhost -W
        Password:
        psql: could not connect to server: Connection refused
        Is the server running on host "localhost" and accepting
        TCP/IP connections on port 5432?

Now before you ask:

Yes, the following lines appear uncommented in my
/etc/postgresql/postgresql.conf:

        tcpip_socket = true
        port = 5432

But then:

        root@request-tracker:~# netstat -auntp

shows postmaster running on a udp port???

        udp        0      0 127.0.0.1:1042          127.0.0.1:1042 ESTABLISHED18375/postmaster

A server restart shows:

        root@request-tracker:~# /etc/init.d/postgresql restart
        Stopping PostgreSQL database server: autovacuumNo pg_autovacuum found running;
        none killed.
        postmaster.
        Starting PostgreSQL database server: postmaster autovacuum.

What is pg_autovacuum anyway? I dunno....

And finally, I *do* have lines in my pg_hba.conf file (and yes, in the correct
order) to allow my user 'rtuser' to connect to template1:

        host    template1   rtuser    127.0.0.1    255.255.255.255   password
        local   template1   rtuser                                   password
        host    rtdb        rtuser    127.0.0.1    255.255.255.255   password
        local   rtdb        rtuser                                   password

The above four lines are the first uncommented lines in the file, as directed by
request tracker's INSTALL.Debian.

I should note that for whatever reason, Debian testing seems to
mistakenly read from /var/lib/postgres/data/pg_hba.conf instead of
/etc/postgresql/pg_hba.conf. I've symlinked the two, so this is not a
cause of the problem.

I have thoroughly and completely exhausted everything I can think of for
this problem. Request Tracker using postgres is up and running
fine--straight out of the box--on my Debian testing desktop, but not the
uml server.

Something about that host=localhost thing....

Any ideas?

Thanks,

Jens

Re: Postgres IDENT auth problems...

От
Jens Porup
Дата:
On Wed, Jun 30, 2004 at 11:33:04PM -0600, Scott Marlowe wrote:
> On Wed, 2004-06-30 at 21:38, Jens Porup wrote:
>
> > The request tracker database setup script dies trying to connect to
> > the database:
> >
> >         DBI connect('dbname=template1;host=localhost','rtuser',...) failed: could not
> >         connect to server: Connection refused at /usr/sbin/rt-setup-database line 110
> >
<snip>
> >
> > Now before you ask:
> >
> > Yes, the following lines appear uncommented in my
> > /etc/postgresql/postgresql.conf:
> >
> >         tcpip_socket = true
> >         port = 5432
> >
> > But then:
> >
> >         root@request-tracker:~# netstat -auntp
> >
> > shows postmaster running on a udp port???
> >
> >         udp        0      0 127.0.0.1:1042          127.0.0.1:1042 ESTABLISHED18375/postmaster
> >
>
> But can you nmap it?   And that's not the right default port 5432...
> Maybe it's some new feature I'm familiar with, or you've changed it.

Trust me, I am a postgres newbie... I'm not trying to do anything but a *very*
ordinary install!

>
> What does nmap <ip> show?

    root@request-tracker:~# nmap localhost

    Starting nmap 3.50 ( http://www.insecure.org/nmap/ ) at 2004-07-01 15:39 EST
    Interesting ports on localhost (127.0.0.1):
    (The 1654 ports scanned but not shown below are in state: closed)
    PORT    STATE SERVICE
    22/tcp  open  ssh
    25/tcp  open  smtp
    80/tcp  open  http
    113/tcp open  auth
    515/tcp open  printer

    Nmap run completed -- 1 IP address (1 host up) scanned in 1.735 seconds
    root@request-tracker:~#

> > A server restart shows:
> >
> >         root@request-tracker:~# /etc/init.d/postgresql restart
> >         Stopping PostgreSQL database server: autovacuumNo pg_autovacuum found running;
> >         none killed.
> >         postmaster.
> >         Starting PostgreSQL database server: postmaster autovacuum.
>
> Sounds like a firewall to me.
>
My colleague here at work who built the user mode linux image I'm using
(the virtual "box") assures me there's no firewall installed.... how
would I check if there were?

> > And finally, I *do* have lines in my pg_hba.conf file (and yes, in the correct
> > order) to allow my user 'rtuser' to connect to template1:
> >
>
> Yeah, you'd see it as a different error, one about not having permission
> to connect, like:
>
> psql: FATAL:  no pg_hba.conf entry for host "10.0.0.2", user "postgres",
> database "postgres", SSL off

Well, that helps eliminate one possibility anyway. Any more ideas?

Thanks,

Jens

>
> Hope that helps.

Re: Postgres IDENT auth problems...

От
"Scott Marlowe"
Дата:
On Wed, 2004-06-30 at 21:38, Jens Porup wrote:

> The request tracker database setup script dies trying to connect to
> the database:
>
>         DBI connect('dbname=template1;host=localhost','rtuser',...) failed: could not
>         connect to server: Connection refused at /usr/sbin/rt-setup-database line 110
>
> I can connect manually to the database, like so:
>
>         root@request-tracker:~# psql -d template1 -U rtuser -W
>         Password:
>         Welcome to psql 7.4.2, the PostgreSQL interactive terminal.
>
> But it fails if I specify the host:
>
>         root@request-tracker:~# psql -d template1 -U rtuser -h localhost -W
>         Password:
>         psql: could not connect to server: Connection refused
>         Is the server running on host "localhost" and accepting
>         TCP/IP connections on port 5432?
> Now before you ask:
>
> Yes, the following lines appear uncommented in my
> /etc/postgresql/postgresql.conf:
>
>         tcpip_socket = true
>         port = 5432
>
> But then:
>
>         root@request-tracker:~# netstat -auntp
>
> shows postmaster running on a udp port???
>
>         udp        0      0 127.0.0.1:1042          127.0.0.1:1042 ESTABLISHED18375/postmaster
>

But can you nmap it?   And that's not the right default port 5432...
Maybe it's some new feature I'm familiar with, or you've changed it.

What does nmap <ip> show?

> A server restart shows:
>
>         root@request-tracker:~# /etc/init.d/postgresql restart
>         Stopping PostgreSQL database server: autovacuumNo pg_autovacuum found running;
>         none killed.
>         postmaster.
>         Starting PostgreSQL database server: postmaster autovacuum.

Sounds like a firewall to me.

> What is pg_autovacuum anyway? I dunno....

Coolest thing since sliced bread?  It's a process that comes along and
cleans house in the back ground, without putting the onus of keeping the
database well cleaned on the average user.

> And finally, I *do* have lines in my pg_hba.conf file (and yes, in the correct
> order) to allow my user 'rtuser' to connect to template1:
>
>         host    template1   rtuser    127.0.0.1    255.255.255.255   password
>         local   template1   rtuser                                   password
>         host    rtdb        rtuser    127.0.0.1    255.255.255.255   password
>         local   rtdb        rtuser                                   password

Yeah, you'd see it as a different error, one about not having permission
to connect, like:

psql: FATAL:  no pg_hba.conf entry for host "10.0.0.2", user "postgres",
database "postgres", SSL off

Hope that helps.


Re: Postgres IDENT auth problems...

От
Jens Porup
Дата:
Oh, almost forgot:

Some log errors that might help:

From /var/log/postgresql/autovacuum_log:

    [2004-07-01 01:31:59 PM] Error: GUC variable stats_row_level must be enabled.
    [2004-07-01 01:31:59 PM]        Please fix the problems and try again.

After doing a server restart, this line always appends itself to the
/var/log/postgresql/postgres.log:

    LOG:  unexpected EOF on client connection

Do these help to clarify my problem at all?

Thanks,

Jens


Re: Postgres IDENT auth problems...

От
Tom Lane
Дата:
Jens Porup <jens@cyber.com.au> writes:
> I can connect manually to the database, like so:

>         root@request-tracker:~# psql -d template1 -U rtuser -W
>         Password:
>         Welcome to psql 7.4.2, the PostgreSQL interactive terminal.

> But it fails if I specify the host:

>         root@request-tracker:~# psql -d template1 -U rtuser -h localhost -W
>         Password:
>         psql: could not connect to server: Connection refused
>         Is the server running on host "localhost" and accepting
>         TCP/IP connections on port 5432?

"Connection refused" means that you got a kernel-level rejection; the
postmaster never saw your request at all.  AFAICS you did everything
right to ensure that the postmaster is listening on TCP port 5432
(though you may want to use netstat to reconfirm this).  So that
leaves firewall-type problems.  There is of course no separate firewall
box to blame, but there definitely can be kernel packet filters
getting in the way.

I know that recent Red Hat releases default to blocking port-5432
traffic (along with most other ports).  I don't know Debian but I'd
bet it's the same story.  You need to look to your ipchains or iptables
configuration.

            regards, tom lane

Re: Postgres IDENT auth problems...

От
"Scott Marlowe"
Дата:
On Wed, 2004-06-30 at 23:46, Jens Porup wrote:
> On Wed, Jun 30, 2004 at 11:33:04PM -0600, Scott Marlowe wrote:
> > On Wed, 2004-06-30 at 21:38, Jens Porup wrote:
> >
> > > The request tracker database setup script dies trying to connect to
> > > the database:
> > >
> > >         DBI connect('dbname=template1;host=localhost','rtuser',...) failed: could not
> > >         connect to server: Connection refused at /usr/sbin/rt-setup-database line 110
> > >
> <snip>
> > >
> > > Now before you ask:
> > >
> > > Yes, the following lines appear uncommented in my
> > > /etc/postgresql/postgresql.conf:
> > >
> > >         tcpip_socket = true
> > >         port = 5432
> > >
> > > But then:
> > >
> > >         root@request-tracker:~# netstat -auntp
> > >
> > > shows postmaster running on a udp port???
> > >
> > >         udp        0      0 127.0.0.1:1042          127.0.0.1:1042 ESTABLISHED18375/postmaster
> > >
> >
> > But can you nmap it?   And that's not the right default port 5432...
> > Maybe it's some new feature I'm familiar with, or you've changed it.
>
> Trust me, I am a postgres newbie... I'm not trying to do anything but a *very*
> ordinary install!

Well, something is quite wrong then.  Find your postgresql.conf file and
see what port it is set to there.  port 1042 is definitely not the
default port.

Also, try two things:

nmap -p 1042
psql -h 127.0.0.1 -p 1042

If nmap can see the port open, and psql can open it, then you can just
use it like that by specifying that port each time in your connect
string.

> >
> > What does nmap <ip> show?
>
>     root@request-tracker:~# nmap localhost
>
>     Starting nmap 3.50 ( http://www.insecure.org/nmap/ ) at 2004-07-01 15:39 EST
>     Interesting ports on localhost (127.0.0.1):
>     (The 1654 ports scanned but not shown below are in state: closed)
>     PORT    STATE SERVICE
>     22/tcp  open  ssh
>     25/tcp  open  smtp
>     80/tcp  open  http
>     113/tcp open  auth
>     515/tcp open  printer
>
>     Nmap run completed -- 1 IP address (1 host up) scanned in 1.735 seconds
>     root@request-tracker:~#
>
> > > A server restart shows:
> > >
> > >         root@request-tracker:~# /etc/init.d/postgresql restart
> > >         Stopping PostgreSQL database server: autovacuumNo pg_autovacuum found running;
> > >         none killed.
> > >         postmaster.
> > >         Starting PostgreSQL database server: postmaster autovacuum.
> >
> > Sounds like a firewall to me.
> >
> My colleague here at work who built the user mode linux image I'm using
> (the virtual "box") assures me there's no firewall installed.... how
> would I check if there were?

IF the database is configured for port 1042, then it might not be a
firewall, just a misconfiguration of the database.



Re: Postgres IDENT auth problems...

От
Jens Porup
Дата:
On Thu, Jul 01, 2004 at 09:25:29AM -0600, Scott Marlowe wrote:
> > > > Yes, the following lines appear uncommented in my
> > > > /etc/postgresql/postgresql.conf:
> > > >
> > > >         tcpip_socket = true
> > > >         port = 5432
> > > >
> > > > But then:
> > > >
> > > >         root@request-tracker:~# netstat -auntp
> > > >
> > > > shows postmaster running on a udp port???
> > > >
> > > >         udp        0      0 127.0.0.1:1042          127.0.0.1:1042 ESTABLISHED18375/postmaster
> > > >
> > >
> > > But can you nmap it?   And that's not the right default port 5432...
> > > Maybe it's some new feature I'm familiar with, or you've changed it.
> >
> > Trust me, I am a postgres newbie... I'm not trying to do anything but a *very*
> > ordinary install!
>
> Well, something is quite wrong then.  Find your postgresql.conf file and
> see what port it is set to there.  port 1042 is definitely not the
> default port.
>
> Also, try two things:
>
> nmap -p 1042
> psql -h 127.0.0.1 -p 1042
>
    root@request-tracker:~# nmap -p 1042

    Starting nmap 3.50 ( http://www.insecure.org/nmap/ ) at 2004-07-02 12:36 EST
    WARNING: No targets were specified, so 0 hosts scanned.
    Nmap run completed -- 0 IP addresses (0 hosts up) scanned in 0.003 seconds

    root@request-tracker:~# psql -h 127.0.0.1 -p 1042
    No database specified
    root@request-tracker:~#

*sigh*

I am beginning to think this is probably a build issue with the user mode linux
kernel I'm using. I'll look into that now.

Thanks,

Jens



> If nmap can see the port open, and psql can open it, then you can just
> use it like that by specifying that port each time in your connect
> string.
>
> > >
> > > What does nmap <ip> show?
> >
> >     root@request-tracker:~# nmap localhost
> >
> >     Starting nmap 3.50 ( http://www.insecure.org/nmap/ ) at 2004-07-01 15:39 EST
> >     Interesting ports on localhost (127.0.0.1):
> >     (The 1654 ports scanned but not shown below are in state: closed)
> >     PORT    STATE SERVICE
> >     22/tcp  open  ssh
> >     25/tcp  open  smtp
> >     80/tcp  open  http
> >     113/tcp open  auth
> >     515/tcp open  printer
> >
> >     Nmap run completed -- 1 IP address (1 host up) scanned in 1.735 seconds
> >     root@request-tracker:~#
> >
> > > > A server restart shows:
> > > >
> > > >         root@request-tracker:~# /etc/init.d/postgresql restart
> > > >         Stopping PostgreSQL database server: autovacuumNo pg_autovacuum found running;
> > > >         none killed.
> > > >         postmaster.
> > > >         Starting PostgreSQL database server: postmaster autovacuum.
> > >
> > > Sounds like a firewall to me.
> > >
> > My colleague here at work who built the user mode linux image I'm using
> > (the virtual "box") assures me there's no firewall installed.... how
> > would I check if there were?
>
> IF the database is configured for port 1042, then it might not be a
> firewall, just a misconfiguration of the database.
>

Re: Postgres IDENT auth problems...

От
Oliver Elphick
Дата:
On Thu, 2004-07-01 at 07:25, Jens Porup wrote:
> Oh, almost forgot:
>
> Some log errors that might help:
>
> From /var/log/postgresql/autovacuum_log:
>
>     [2004-07-01 01:31:59 PM] Error: GUC variable stats_row_level must be enabled.
>     [2004-07-01 01:31:59 PM]        Please fix the problems and try again.


This is not relevant.  Add:

stats_row_level = true

in /etc/postgresql/postgresql/conf


Autovacuum needs those statistics to work out what to vacuum.

--
Oliver Elphick                                          olly@lfix.co.uk
Isle of Wight                              http://www.lfix.co.uk/oliver
GPG: 1024D/A54310EA  92C8 39E7 280E 3631 3F0E  1EC0 5664 7A2F A543 10EA
                 ========================================
     "Therefore being justified by faith, we have peace with
      God through our Lord Jesus Christ."       Romans 5:1