From: | Adrian Klaver <adrian(dot)klaver(at)aklaver(dot)com> |
---|---|
To: | Marco Ippolito <ippolito(dot)marco(at)gmail(dot)com>, pgsql-general(at)lists(dot)postgresql(dot)org |
Subject: | Re: "Failed to connect to Postgres database" |
Date: | 2019-09-28 21:49:07 |
Message-ID: | c6b313be-f971-1cc4-2814-05caaab17c75@aklaver.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-general |
On 9/28/19 12:07 AM, Marco Ippolito wrote:
> Hi Adrian,
>
> Il giorno ven 27 set 2019 alle ore 21:39 Adrian Klaver
> <adrian(dot)klaver(at)aklaver(dot)com <mailto:adrian(dot)klaver(at)aklaver(dot)com>> ha scritto:
>
> On 9/27/19 11:02 AM, Marco Ippolito wrote:
> > Thank you very much Adrian.
> > Two things:
> >
> > 1)
> > Why if I just specify through port the cluster and the host
> connection
> > I connect correctly with SSL,
> > but if I specify also the database and the user it connects it
> doesn't
> > usel SSL connection, or at least it doesn't say it uses SSL? :
>
>
> Can you show the contents of pg_hba.conf file for the 11/fabmnet
> cluster. The file will be in:
>
> /etc/postgresql/11/fabmnet/
>
>
>
>
> /etc/postgresql/11/fabmnet/pg_hba.conf :
>
> # Database administrative login by Unix domain socket
> local all postgres peer
>
> # TYPE DATABASE USER ADDRESS METHOD
>
> # "local" is for Unix domain socket connections only
> local all all peer
> # IPv4 local connections:
> host all all 127.0.0.1/32 <http://127.0.0.1/32>
> md5
>
> # Allow connections from localhost only to fabmnet_ca for postgres user
> hostssl fabmnet_ca postgres localhost cert
>
> # IPv6 local connections:
> host all all ::1/128 md5
> # Allow replication connections from localhost, by a user with the
> # replication privilege.
> local replication all peer
> host replication all 127.0.0.1/32 <http://127.0.0.1/32>
> md5
> host replication all ::1/128 md5
>
> fabric-ca-server-config.yaml : sslmode=require
> db:
> type: postgres
> datasource: host=localhost port=5433 user=postgres password=1234
> dbname=fabmnet_ca sslmode=require
> tls:
> enabled: false
> certfiles:
> client:
> certfile:
> keyfile:
You are not including the certs or setting tls.enabled: true. Not sure
that is the root cause at the moment.
I would try just going through psql for the time being to take the
fabric server out of the loop. Something like:
psql "host=localhost port=5433 dbname=fabmnet_ca user=postgres
sslmode=require"
From below I am guessing you do not have the SSL certs setup properly
for the fabmnet Postgres instance(the one on port 5433) and/or on the
client. Take a look at:
https://www.postgresql.org/docs/11/libpq-ssl.html
>
>
> (base) marco(at)pc:~/fabric/fabric-ca$ fabric-ca-server init -b admin:adminpw
> 2019/09/28 09:00:08 [INFO] Configuration file location:
> /home/marco/fabric/fabric-ca/fabric-ca-server-config.yaml
> 2019/09/28 09:00:08 [INFO] Server Version: 1.4.4
> 2019/09/28 09:00:08 [INFO] Server Levels: &{Identity:2 Affiliation:1
> Certificate:1 Credential:1 RAInfo:1 Nonce:1}
> 2019/09/28 09:00:08 [INFO] The CA key and certificate already exist
> 2019/09/28 09:00:08 [INFO] The key is stored by BCCSP provider 'SW'
> 2019/09/28 09:00:08 [INFO] The certificate is at:
> /home/marco/fabric/fabric-ca/ca-cert.pem
> 2019/09/28 09:00:08 [WARNING] Failed to connect to database 'fabmnet_ca'
> 2019/09/28 09:00:08 [ERROR] Error occurred initializing database: Failed
> to create Postgres tables: Error creating users table: pq: client
> certificates can only be checked if a root certificate store is available
> 2019/09/28 09:00:08 [INFO] Home directory for default CA:
> /home/marco/fabric/fabric-ca
> 2019/09/28 09:00:08 [INFO] Initialization was successful
>
>
> /var/log/postgresql/postgresql-11-fabmnet.log :
>
> 2019-09-28 09:00:08.634 CEST [4226] postgres(at)fabmnet_ca FATAL: client
> certificates can only be checked if a root certificate store is available
> 2019-09-28 09:00:08.641 CEST [4227] postgres(at)postgres ERROR: database
> "fabmnet_ca" already exists
> 2019-09-28 09:00:08.641 CEST [4227] postgres(at)postgres STATEMENT: CREATE
> DATABASE fabmnet_ca
> 2019-09-28 09:00:08.644 CEST [4228] postgres(at)fabmnet_ca FATAL: client
> certificates can only be checked if a root certificate store is available
> 2019-09-28 09:00:08.650 CEST [4227] postgres(at)postgres LOG: could not
> receive data from client: Connection reset by peer
>
--
Adrian Klaver
adrian(dot)klaver(at)aklaver(dot)com
From | Date | Subject | |
---|---|---|---|
Next Message | Tom Lane | 2019-09-28 23:10:42 | Re: Possible bug: SQL function parameter in window frame definition |
Previous Message | Andrew Gierth | 2019-09-28 21:30:59 | Re: Possible bug: SQL function parameter in window frame definition |