Connection failed
286 views
Skip to first unread message
David Rosenstrauch
Nov 28, 2016, 11:51:53 AM11/28/16
to citus-users
I'm trying to get a simple proof of concept off the ground with Citus,
but am running into another blocker issue. This time the issue seems to
be with security and/or connectivity.
I have a small cluster set up with 2 workers:
darose=# SELECT * from master_get_active_worker_nodes();
node_name | node_port
----------------+-----------
192.168.70.210 | 5432
192.168.70.144 | 5432
(2 rows)
And I've set up a few simple tables on it:
darose=# \d
List of relations
Schema | Name | Type | Owner
--------+------------------+-------+--------
darose | profile_segments | table | darose
darose | profiles | table | darose
darose | segments | table | darose
And I believe that I have security set up correctly in pg_hba.conf:
On the workers:
host all all 192.168.70.153/32 trust
On the master:
host all all 192.168.70.210/32 trust
host all all 192.168.70.144/32 trust
However, when I try to shard one of my tables, it's an epic fail:
darose=# SELECT create_distributed_table('profiles', 'user_id');
WARNING: connection failed to 192.168.70.144:5432
DETAIL: fe_sendauth: no password supplied
WARNING: could not create shard on "192.168.70.144:5432"
WARNING: connection failed to 192.168.70.210:5432
DETAIL: fe_sendauth: no password supplied
WARNING: could not create shard on "192.168.70.210:5432"
ERROR: could only create 0 of 2 of required shard replicas
Any idea what I might be doing wrong?
Note that I'm logged into pg/citus as user "darose", and that user has a
password assigned. But I would think that shouldn't matter given the
"trust" lines I provided in pg_hba.conf.
Any suggestions on how to fix?
Thanks,
DR
but am running into another blocker issue. This time the issue seems to
be with security and/or connectivity.
I have a small cluster set up with 2 workers:
darose=# SELECT * from master_get_active_worker_nodes();
node_name | node_port
----------------+-----------
192.168.70.210 | 5432
192.168.70.144 | 5432
(2 rows)
And I've set up a few simple tables on it:
darose=# \d
List of relations
Schema | Name | Type | Owner
--------+------------------+-------+--------
darose | profile_segments | table | darose
darose | profiles | table | darose
darose | segments | table | darose
And I believe that I have security set up correctly in pg_hba.conf:
On the workers:
host all all 192.168.70.153/32 trust
On the master:
host all all 192.168.70.210/32 trust
host all all 192.168.70.144/32 trust
However, when I try to shard one of my tables, it's an epic fail:
darose=# SELECT create_distributed_table('profiles', 'user_id');
WARNING: connection failed to 192.168.70.144:5432
DETAIL: fe_sendauth: no password supplied
WARNING: could not create shard on "192.168.70.144:5432"
WARNING: connection failed to 192.168.70.210:5432
DETAIL: fe_sendauth: no password supplied
WARNING: could not create shard on "192.168.70.210:5432"
ERROR: could only create 0 of 2 of required shard replicas
Any idea what I might be doing wrong?
Note that I'm logged into pg/citus as user "darose", and that user has a
password assigned. But I would think that shouldn't matter given the
"trust" lines I provided in pg_hba.conf.
Any suggestions on how to fix?
Thanks,
DR
Murat Tuncer
Nov 28, 2016, 9:30:19 PM11/28/16
to citus-users
Hey David,
Please make sure following
1 - edit configurations and set listen_address to accept connections on ip.
Worker 1 with ip 192.168.70.210 should have line
listen_address = '192.168.70.210, localhost'
Please note that same ip is used. You need to set this up on both master and workers.
2 - verify worker nodes are accessible from master (psql -h 192.168.70.210 -U dorase -d dorase)
if this fails, enable connection logging in configuration.
log_connections = true
3 - remember to restart when you make a change in pg_hba.conf or postgresql.conf
4 - could you use postgres user instead ?
5 - irrelevant to your current problem : worker pg_hba.conf file should also allow other workers to connect. This will be necessary when workers need to communicate to each other.
Could you try these out and let us know ?
thanks
David Rosenstrauch
Nov 29, 2016, 12:03:16 AM11/29/16
to citus...@googlegroups.com
Thanks for responding Murat. I actually was able to figure this one out
myself earlier today: I had 2 entries in my pg_hba.conf that were
contradicting each other. I had one that said use md5 security for the
entire local network, followed by a second one that said trust a
specific host on the network. But the first rule was getting executed
first and so enforcing password security when it shouldn't. Once I
switched the order of the entries, I was able to bypass the password issue.
Thanks,
DR
On 11/28/2016 09:30 PM, Murat Tuncer wrote:
> Hey David,
>
> Please make sure following
>
> 1 - edit configurations and set listen_address to accept connections on ip.
> Worker 1 with ip 192.168.70.210 should have line
>
> *listen_address = '192.168.70.210, localhost'*
> <http://192.168.70.153/32> trust
> <http://192.168.70.210/32> trust
> host all all 192.168.70.144/32
> <http://192.168.70.144/32> trust
> You received this message because you are subscribed to the Google
> Groups "citus-users" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to citus-users...@googlegroups.com
> <mailto:citus-users...@googlegroups.com>.
> To post to this group, send email to citus...@googlegroups.com
> <mailto:citus...@googlegroups.com>.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/citus-users/bcb8d552-454b-408f-8451-948c2b2bd76a%40googlegroups.com
> <https://groups.google.com/d/msgid/citus-users/bcb8d552-454b-408f-8451-948c2b2bd76a%40googlegroups.com?utm_medium=email&utm_source=footer>.
> For more options, visit https://groups.google.com/d/optout.
myself earlier today: I had 2 entries in my pg_hba.conf that were
contradicting each other. I had one that said use md5 security for the
entire local network, followed by a second one that said trust a
specific host on the network. But the first rule was getting executed
first and so enforcing password security when it shouldn't. Once I
switched the order of the entries, I was able to bypass the password issue.
Thanks,
DR
On 11/28/2016 09:30 PM, Murat Tuncer wrote:
> Hey David,
>
> Please make sure following
>
> 1 - edit configurations and set listen_address to accept connections on ip.
> Worker 1 with ip 192.168.70.210 should have line
>
>
> Please note that same ip is used. You need to set this up on both master
> and workers.
>
> 2 - verify worker nodes are accessible from master (psql -h
> 192.168.70.210 -U dorase -d dorase)
> if this fails, enable connection logging in configuration.
>
> *log_connections = true*
> Please note that same ip is used. You need to set this up on both master
> and workers.
>
> 2 - verify worker nodes are accessible from master (psql -h
> 192.168.70.210 -U dorase -d dorase)
> if this fails, enable connection logging in configuration.
>
> <http://192.168.70.210/32> trust
> host all all 192.168.70.144/32
> <http://192.168.70.144/32> trust
>
>
> However, when I try to shard one of my tables, it's an epic fail:
>
> darose=# SELECT create_distributed_table('profiles', 'user_id');
> WARNING: connection failed to 192.168.70.144:5432
> <http://192.168.70.144:5432>
>
> However, when I try to shard one of my tables, it's an epic fail:
>
> darose=# SELECT create_distributed_table('profiles', 'user_id');
> WARNING: connection failed to 192.168.70.144:5432
> DETAIL: fe_sendauth: no password supplied
> WARNING: could not create shard on "192.168.70.144:5432
> <http://192.168.70.144:5432>"
> WARNING: could not create shard on "192.168.70.144:5432
> WARNING: connection failed to 192.168.70.210:5432
> <http://192.168.70.210:5432>
> DETAIL: fe_sendauth: no password supplied
> WARNING: could not create shard on "192.168.70.210:5432
> <http://192.168.70.210:5432>"
> WARNING: could not create shard on "192.168.70.210:5432
> ERROR: could only create 0 of 2 of required shard replicas
>
>
> Any idea what I might be doing wrong?
>
> Note that I'm logged into pg/citus as user "darose", and that user
> has a
> password assigned. But I would think that shouldn't matter given the
> "trust" lines I provided in pg_hba.conf.
>
> Any suggestions on how to fix?
>
> Thanks,
>
> DR
>
> --
>
>
> Any idea what I might be doing wrong?
>
> Note that I'm logged into pg/citus as user "darose", and that user
> has a
> password assigned. But I would think that shouldn't matter given the
> "trust" lines I provided in pg_hba.conf.
>
> Any suggestions on how to fix?
>
> Thanks,
>
> DR
>
> You received this message because you are subscribed to the Google
> Groups "citus-users" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to citus-users...@googlegroups.com
> <mailto:citus-users...@googlegroups.com>.
> To post to this group, send email to citus...@googlegroups.com
> <mailto:citus...@googlegroups.com>.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/citus-users/bcb8d552-454b-408f-8451-948c2b2bd76a%40googlegroups.com
> <https://groups.google.com/d/msgid/citus-users/bcb8d552-454b-408f-8451-948c2b2bd76a%40googlegroups.com?utm_medium=email&utm_source=footer>.
> For more options, visit https://groups.google.com/d/optout.
Reply all
Reply to author
Forward
0 new messages