我一直在尝试在RHEL7 VM中设置Postgres服务器,并在独立模式下使用Puppet。问题是我只是无法与用户连接,所有表都正确创建,并且尝试连接到用户时得到:
psql: FATAL: Peer authentication failed for user
即使在阅读并尝试了几种不同的hba_config配置后,也无法使其正常工作
傀儡档:
class profile::tdms::postgresql (
String $pgsql_password,
String $pg_db_username,
String $pg_db_password,
String $emsa_tdm_db = 'emsa_tdms_django',
String $airflow_db = 'emsa_tdms_airflow',
String $celery_db = 'emsa_tdms_celery',
) {
include epel
class { 'postgresql::globals':
manage_package_repo => true,
version => '10',
}
class { 'postgresql::server':
postgres_password => $pgsql_password,
}
notice("PSQL PASS: ${pgsql_password}, PGSQL DB PASS: ${pg_db_password}, PSQL USER: ${pg_db_username}")
# Postgis instalation. Not working
# class { 'postgresql::server::postgis':
# package_name => 'postgis25_10'
# }
postgresql::server::role { $pg_db_username:
username => $pg_db_username,
#password_hash => postgresql_password($pg_db_username, $pg_db_password),
update_password => $pg_db_password,
replication => true
}
postgresql::server::db { $airflow_db:
user => $pg_db_username,
password => postgresql_password($pg_db_username, $pg_db_password),
owner => $pg_db_username
#password => $pg_db_password
}
-> postgresql::server::db { $emsa_tdm_db:
user => $pg_db_username,
password => postgresql_password($pg_db_username, $pg_db_password),
#password => $pg_db_password
owner => $pg_db_username
}
-> postgresql::server::db { $celery_db:
user => $pg_db_username,
password => postgresql_password($pg_db_username, $pg_db_password),
#password => $pg_db_password
owner => $pg_db_username
}
-> postgresql::server::extension { 'airflow_postgis':
database => $airflow_db,
extension => 'postgis',
}
-> postgresql::server::extension { 'tdm_postgis':
database => $emsa_tdm_db,
extension => 'postgis',
}
# postgresql::server::pg_hba_rule { 'local unix sockets':
# description => 'local is for Unix domain socket connections only',
# type => 'local',
# database => 'all',
# user => 'all',
# address => '',
# auth_method => 'peer',
# }
postgresql::server::pg_hba_rule { 'IPv4 local 1':
description => 'IPv4 local connections',
type => 'host',
database => 'all',
user => $pg_db_username,
address => '0.0.0.0/0',
auth_method => 'md5',
}
postgresql::server::pg_hba_rule { 'IPv4 local 2':
type => 'host',
database => 'all',
user => 'all',
address => '127.0.0.1/32',
auth_method => 'ident',
}
postgresql::server::pg_hba_rule { 'Replication 1':
description => 'Allow replication connections from localhost, by a user with the replication privilege',
type => 'local',
database => 'replication',
user => 'all',
address => '',
auth_method => 'peer',
}
postgresql::server::pg_hba_rule { 'Replication 2':
type => 'host',
database => 'replication',
user => 'all',
address => '127.0.0.1/32',
auth_method => 'ident',
}
postgresql::server::pg_hba_rule { 'Replication 3':
type => 'host',
database => 'replication',
user => 'all',
address => '::1/128',
auth_method => 'ident',
}
postgresql_conn_validator { 'validate my postgres connection':
host => '127.0.0.1',
db_username => $pg_db_username,
db_password => $pg_db_password,
db_name => 'postgres',
}
}
这是 pg_hba.conf:
# This file is managed by Puppet. DO NOT EDIT.
# Rule Name: local access as postgres user
# Description: none
# Order: 1
local all postgres ident
# Rule Name: local access to database with same name
# Description: none
# Order: 2
local all all ident
# Rule Name: allow localhost TCP access to postgresql user
# Description: none
# Order: 3
host all postgres 127.0.0.1/32 md5
# Rule Name: deny access to postgresql user
# Description: none
# Order: 4
host all postgres 0.0.0.0/0 reject
# Rule Name: allow access to all users
# Description: none
# Order: 100
host all all 127.0.0.1/32 md5
# Rule Name: allow access to ipv6 localhost
# Description: none
# Order: 101
host all all ::1/128 md5
# Rule Name: IPv4 local 1
# Description: IPv4 local connections
# Order: 150
host all emsa_tdms 0.0.0.0/0 md5
# Rule Name: IPv4 local 2
# Description: none
# Order: 150
host all all 127.0.0.1/32 ident
# Rule Name: Replication 1
# Description: Allow replication connections from localhost, by a user with the replication privilege
# Order: 150
local replication all peer
# Rule Name: Replication 2
# Description: none
# Order: 150
host replication all 127.0.0.1/32 ident
# Rule Name: Replication 3
# Description: none
# Order: 150
host replication all ::1/128 ident
更新: 想要从同一台机器和 Django 应用程序中连接
原木:
2020-06-12 15:48:47.230 UTC [6945] FATAL: Peer authentication failed for user "emsa_tdms"
2020-06-12 15:48:47.230 UTC [6945] DETAIL: Connection matched pg_hba.conf line 11: "local all all ident "
2020-06-12 15:49:13.951 UTC [7017] LOG: provided user name (emsa_tdms) and authenticated user name (vagrant) do not match
2020-06-12 15:49:13.951 UTC [7017] FATAL: Peer authentication failed for user "emsa_tdms"
2020-06-12 15:49:13.951 UTC [7017] DETAIL: Connection matched pg_hba.conf line 11: "local all all ident "
2020-06-12 15:56:46.559 UTC [8545] FATAL: password authentication failed for user "emsa_tdms"
删除该行后:
local all all ident
错误:
psql: FATAL: no pg_hba.conf entry for host "[local]", user "emsa_tdms", database "emsa_tdms_django", SSL off
local
pg_hba.conf 行上的ident
被解释为peer
。
通过简单的标识或对等身份验证,它验证连接到数据库服务器的 Linux 用户是否与其尝试连接的 PostgreSQL 用户同名。 但在你的情况下,它们是不一样的,"emsa_tdms"与"流浪"。 这里基本上有 4 个选项,将运行木偶脚本的 Linux 用户名从"流浪者"更改为"emsa_tdms";将您的 PostgreSQL 用户名从"emsa_tdms"更改为"vagrant";添加一个用户映射(在 pg_ident.conf 中(,表示允许"vagrant"以"emsa_tdms"身份登录,并在 pg_hba.conf 中激活此映射;或选择其他身份验证方法,如md5
。
看起来您也尝试使用密码身份验证并且也失败了,但是您过早地切断了日志,无法知道它失败的原因。 不过,也许这种尝试来自傀儡以外的其他东西。