logo标签列表

PgBouncer和PostgreSQL的身份验证

postgresqlpgbouncer
12

pgbouncer版本为1.7.2

psql版本为9.5.6

我尝试在PgBouncer中使用auth_hba_file(/var/lib/pgsql/9.5/data/pg_hba.conf)。

pgbouncer.ini配置文件如下:

postgres = host=localhost port=5432 dbname=postgres user=postgres
test = host=localhost port=5432 dbname=test user=test
[pgbouncer]
logfile = /var/log/pgbouncer/pgbouncer.log
pidfile = /var/run/pgbouncer/pgbouncer.pid
listen_addr = *
listen_port = 6432
auth_type = hba
auth_hba_file = /var/lib/pgsql/9.5/data/pg_hba.conf
admin_users = postgres
stats_users = stats, postgres
pool_mode = session
server_reset_query = DISCARD ALL
max_client_conn = 100
default_pool_size = 20

使用 cat 命令读取 pg_hba.conf 文件,过滤掉包含 "#" 的行和空行

local   all             all                              trust
host    all             all             127.0.0.1/32     trust
host    all             all             ::1/128          trust
host    test            test            10.255.4.0/24    md5

psql -h 10.233.4.16 -p 5432 -U test

Password for user test:
psql (9.5.6)
Type "help" for help.

test=> \q

psql -h 10.233.4.16 -p 6432 -U test

psql: ERROR:  No such user: test

使用 tail -fn10 /var/log/pgbouncer/pgbouncer.log 命令来实时监控 Pgbouncer 日志的最后 10 行。


LOG C-0x78f7e0: (nodb)/(nouser)@10.255.4.245:8963 closing because: No such user: test (age=0)
WARNING C-0x78f7e0: (nodb)/(nouser)@10.255.4.245:8963 Pooler Error: No such user: test
LOG C-0x78f7e0: (nodb)/(nouser)@10.255.4.245:8963 login failed: db=test user=test

但是我无法使用pg_hba.conf连接到postgresql(使用PgBouncer)

有人可以帮助吗?您是否有使用auth_hba_file的示例。 谢谢。

我更改了配置:

[root@dev-metrics2 pgbouncer]#cat pgbouncer.ini | grep -v";"| grep -v“^ $”| grep -v“#”

[databases]
postgres = host=localhost port=5432 dbname=postgres user=postgres
test = host=localhost port=5432 dbname=test auth_user=test
[pgbouncer]
logfile = /var/log/pgbouncer/pgbouncer.log
pidfile = /var/run/pgbouncer/pgbouncer.pid
listen_addr = *
listen_port = 6432
auth_query = SELECT usename, passwd FROM pg_shadow WHERE usename=$1
admin_users = postgres
stats_users = stats, postgres
pool_mode = session
server_reset_query = DISCARD ALL
max_client_conn = 100
default_pool_size = 20

删除和创建用户和数据库

[local]:5432 postgres@postgres # DROP DATABASE test;
DROP DATABASE
[local]:5432 postgres@postgres # DROP USER test ;
DROP ROLE
[local]:5432 postgres@postgres # CREATE USER test with password 'test';
CREATE ROLE
[local]:5432 postgres@postgres # CREATE DATABASE test with owner test;
CREATE DATABASE

PGPASSWORD=test psql -h 10.233.4.16 -p 6432 -U test

Password for user test:
psql: ERROR:  Auth failed

tail -fn1 /var/log/pgbouncer/pgbouncer.log

LOG Stats: 0 req/s, in 0 b/s, out 0 b/s,query 0 us
LOG C-0x17b57a0: test/test@10.255.4.245:3069 login attempt: db=test user=test tls=no
LOG C-0x17b57a0: test/test@10.255.4.245:3069 closing because: client unexpected eof (age=0)
LOG C-0x17b57a0: test/test@10.255.4.245:3070 login attempt: db=test user=test tls=no
LOG C-0x17b57a0: test/test@10.255.4.245:3070 closing because: Auth failed (age=0)
WARNING C-0x17b57a0: test/test@10.255.4.245:3070 Pooler Error: Auth failed

工作配置:

cat pgbouncer.ini | grep -v ";" | grep -v "^$" | grep -v "#"

[databases]
*= port=5432 auth_user=postgres
[pgbouncer]
logfile = /var/log/pgbouncer/pgbouncer.log
pidfile = /var/run/pgbouncer/pgbouncer.pid
listen_addr = *
listen_port = 6432
auth_query = SELECT usename, passwd FROM pg_shadow WHERE usename=$1
admin_users = postgres
stats_users = stats, postgres
pool_mode = session
server_reset_query = DISCARD ALL
max_client_conn = 100
default_pool_size = 20
2
m! 更好了。请检查用户测试是否在auth_file指定的文件中,如果不在(必须是这种情况),则添加,例如 "test" "md564b76e462e88c4fa6898960d067845b8" - 您可以从 select passwd from pg_shadow where usename = 'test'; 中找到哈希值。 - Vao Tsun
重新启动Pgbouncer?显示日志-当您无法连接时,会生成消息和日志行-它们对于理解问题的原因至关重要。 - Vao Tsun
我修改了配置,现在它可以工作了。 :) - Anton Patsev
问题是什么? - Vao Tsun
问题 - 我不知道如何使用mkauth.py设置auth_hba_file。但我使用了auth_query,我认为需要关闭这个问题 :) - Anton Patsev
显示剩余2条评论
1个回答
0

尝试加空格

*= port=5432 auth_user=postgres  # old string
* = port=5432 auth_user=postgres # new string

为我工作

网页内容由stack overflow 提供, 点击上面的
可以查看英文原文,
原文链接