Postgresql 使用puppet脚本修复postgres 10中用户的对等验证失败
我一直在尝试在RHEL7虚拟机中设置Postgres服务器,Puppet处于独立模式。问题是,我无法与用户连接,所有表都已正确创建,并且在尝试连接到用户时得到:Postgresql 使用puppet脚本修复postgres 10中用户的对等验证失败,postgresql,puppet,rhel7,Postgresql,Puppet,Rhel7,我一直在尝试在RHEL7虚拟机中设置Postgres服务器,Puppet处于独立模式。问题是,我无法与用户连接,所有表都已正确创建,并且在尝试连接到用户时得到: psql: FATAL: Peer authentication failed for user 即使在阅读并尝试了hba_配置的几种不同配置之后,也无法使其正常工作 木偶文件: class profile::tdms::postgresql ( String $pgsql_password, String $pg_
psql: FATAL: Peer authentication failed for user
即使在阅读并尝试了hba_配置的几种不同配置之后,也无法使其正常工作
木偶文件:
class profile::tdms::postgresql (
String $pgsql_password,
String $pg_db_username,
String $pg_db_password,
String $emsa_tdm_db = 'emsa_tdms_django',
String $airflow_db = 'emsa_tdms_airflow',
String $celery_db = 'emsa_tdms_celery',
) {
include epel
class { 'postgresql::globals':
manage_package_repo => true,
version => '10',
}
class { 'postgresql::server':
postgres_password => $pgsql_password,
}
notice("PSQL PASS: ${pgsql_password}, PGSQL DB PASS: ${pg_db_password}, PSQL USER: ${pg_db_username}")
# Postgis instalation. Not working
# class { 'postgresql::server::postgis':
# package_name => 'postgis25_10'
# }
postgresql::server::role { $pg_db_username:
username => $pg_db_username,
#password_hash => postgresql_password($pg_db_username, $pg_db_password),
update_password => $pg_db_password,
replication => true
}
postgresql::server::db { $airflow_db:
user => $pg_db_username,
password => postgresql_password($pg_db_username, $pg_db_password),
owner => $pg_db_username
#password => $pg_db_password
}
-> postgresql::server::db { $emsa_tdm_db:
user => $pg_db_username,
password => postgresql_password($pg_db_username, $pg_db_password),
#password => $pg_db_password
owner => $pg_db_username
}
-> postgresql::server::db { $celery_db:
user => $pg_db_username,
password => postgresql_password($pg_db_username, $pg_db_password),
#password => $pg_db_password
owner => $pg_db_username
}
-> postgresql::server::extension { 'airflow_postgis':
database => $airflow_db,
extension => 'postgis',
}
-> postgresql::server::extension { 'tdm_postgis':
database => $emsa_tdm_db,
extension => 'postgis',
}
# postgresql::server::pg_hba_rule { 'local unix sockets':
# description => 'local is for Unix domain socket connections only',
# type => 'local',
# database => 'all',
# user => 'all',
# address => '',
# auth_method => 'peer',
# }
postgresql::server::pg_hba_rule { 'IPv4 local 1':
description => 'IPv4 local connections',
type => 'host',
database => 'all',
user => $pg_db_username,
address => '0.0.0.0/0',
auth_method => 'md5',
}
postgresql::server::pg_hba_rule { 'IPv4 local 2':
type => 'host',
database => 'all',
user => 'all',
address => '127.0.0.1/32',
auth_method => 'ident',
}
postgresql::server::pg_hba_rule { 'Replication 1':
description => 'Allow replication connections from localhost, by a user with the replication privilege',
type => 'local',
database => 'replication',
user => 'all',
address => '',
auth_method => 'peer',
}
postgresql::server::pg_hba_rule { 'Replication 2':
type => 'host',
database => 'replication',
user => 'all',
address => '127.0.0.1/32',
auth_method => 'ident',
}
postgresql::server::pg_hba_rule { 'Replication 3':
type => 'host',
database => 'replication',
user => 'all',
address => '::1/128',
auth_method => 'ident',
}
postgresql_conn_validator { 'validate my postgres connection':
host => '127.0.0.1',
db_username => $pg_db_username,
db_password => $pg_db_password,
db_name => 'postgres',
}
}
这是pg_hba.conf:
# This file is managed by Puppet. DO NOT EDIT.
# Rule Name: local access as postgres user
# Description: none
# Order: 1
local all postgres ident
# Rule Name: local access to database with same name
# Description: none
# Order: 2
local all all ident
# Rule Name: allow localhost TCP access to postgresql user
# Description: none
# Order: 3
host all postgres 127.0.0.1/32 md5
# Rule Name: deny access to postgresql user
# Description: none
# Order: 4
host all postgres 0.0.0.0/0 reject
# Rule Name: allow access to all users
# Description: none
# Order: 100
host all all 127.0.0.1/32 md5
# Rule Name: allow access to ipv6 localhost
# Description: none
# Order: 101
host all all ::1/128 md5
# Rule Name: IPv4 local 1
# Description: IPv4 local connections
# Order: 150
host all emsa_tdms 0.0.0.0/0 md5
# Rule Name: IPv4 local 2
# Description: none
# Order: 150
host all all 127.0.0.1/32 ident
# Rule Name: Replication 1
# Description: Allow replication connections from localhost, by a user with the replication privilege
# Order: 150
local replication all peer
# Rule Name: Replication 2
# Description: none
# Order: 150
host replication all 127.0.0.1/32 ident
# Rule Name: Replication 3
# Description: none
# Order: 150
host replication all ::1/128 ident
更新:
要从同一台计算机和Django应用程序中连接吗
日志:
拆下线路后:
local all all ident
错误:
psql: FATAL: no pg_hba.conf entry for host "[local]", user "emsa_tdms", database "emsa_tdms_django", SSL off
local
pg_hba.conf行上的ident
被解释为peer
通过简单的标识或对等身份验证,它将验证连接到数据库服务器的Linux用户是否与试图连接的PostgreSQL用户同名。但在你的例子中,它们并不相同,“emsa_tdms”和“流浪汉”。这里基本上有4个选项,将运行puppet脚本的Linux用户名从“vagrant”更改为“emsa_tdms”;将您的PostgreSQL用户名从“emsa_tdms”更改为“vagrant”;添加一个用户映射(在pg_ident.conf中),表示允许“vagrant”以“emsa_tdms”身份登录,并在pg_hba.conf中激活此映射;或者选择不同的身份验证方法,如md5
看起来您也尝试使用密码身份验证,但也失败了,但是您过早地切断了日志,不知道它失败的原因。不过,这种尝试可能不是来自傀儡。请详细说明:哪个用户名?从哪台计算机?您希望使用什么身份验证方法?来自django应用程序的同一台计算机,用户emsa_tdms查看数据库服务器的日志文件以获取更完整的错误消息。在该计算机上,sec将再次更新问题。解决问题的行是:local all Identity,问题是我怎样才能用木偶去激活它?如果我对它进行注释并再次运行脚本,它就会出现,并且我无法再次连接到dbSorry,我只知道PostgreSQL方面,而不知道Puppet方面。也许您是从您要扩展的某个类继承条目,或者类似的东西。也许在整个代码库中搜索“本地访问同名数据库”会找到它。
psql: FATAL: no pg_hba.conf entry for host "[local]", user "emsa_tdms", database "emsa_tdms_django", SSL off