PgBouncer 和 PostgreSQL 的身份验证
Posted
技术标签:
【中文标题】PgBouncer 和 PostgreSQL 的身份验证【英文标题】:PgBouncer and auth to PostgreSQL 【发布时间】:2017-09-08 08:39:15 【问题描述】:pgbouncer 版本 1.7.2
psql (9.5.6)
我尝试在 PgBouncer 中使用 auth_hba_file (/var/lib/pgsql/9.5/data/pg_hba.conf)。
配置 pgbouncer.ini
postgres = host=localhost port=5432 dbname=postgres user=postgres
test = host=localhost port=5432 dbname=test user=test
[pgbouncer]
logfile = /var/log/pgbouncer/pgbouncer.log
pidfile = /var/run/pgbouncer/pgbouncer.pid
listen_addr = *
listen_port = 6432
auth_type = hba
auth_hba_file = /var/lib/pgsql/9.5/data/pg_hba.conf
admin_users = postgres
stats_users = stats, postgres
pool_mode = session
server_reset_query = DISCARD ALL
max_client_conn = 100
default_pool_size = 20
cat pg_hba.conf | grep -v "#" | grep -v "^$"
local all all trust
host all all 127.0.0.1/32 trust
host all all ::1/128 trust
host test test 10.255.4.0/24 md5
psql -h 10.233.4.16 -p 5432 -U 测试
Password for user test:
psql (9.5.6)
Type "help" for help.
test=> \q
psql -h 10.233.4.16 -p 6432 -U 测试
psql: ERROR: No such user: test
tail -fn10 /var/log/pgbouncer/pgbouncer.log
LOG C-0x78f7e0: (nodb)/(nouser)@10.255.4.245:8963 closing because: No such user: test (age=0)
WARNING C-0x78f7e0: (nodb)/(nouser)@10.255.4.245:8963 Pooler Error: No such user: test
LOG C-0x78f7e0: (nodb)/(nouser)@10.255.4.245:8963 login failed: db=test user=test
但我无法使用 pg_hba.conf 连接到 postgresql(使用 PgBouncer)
有人可以帮忙吗? 愿你有使用 auth_hba_file 的例子。 谢谢
我改变了配置:
[root@dev-metrics2 pgbouncer]# cat pgbouncer.ini | grep -v ";" | grep -v "^$" | grep -v "#"
[databases]
postgres = host=localhost port=5432 dbname=postgres user=postgres
test = host=localhost port=5432 dbname=test auth_user=test
[pgbouncer]
logfile = /var/log/pgbouncer/pgbouncer.log
pidfile = /var/run/pgbouncer/pgbouncer.pid
listen_addr = *
listen_port = 6432
auth_query = SELECT usename, passwd FROM pg_shadow WHERE usename=$1
admin_users = postgres
stats_users = stats, postgres
pool_mode = session
server_reset_query = DISCARD ALL
max_client_conn = 100
default_pool_size = 20
删除并创建用户和数据库
[local]:5432 postgres@postgres # DROP DATABASE test;
DROP DATABASE
[local]:5432 postgres@postgres # DROP USER test ;
DROP ROLE
[local]:5432 postgres@postgres # CREATE USER test with password 'test';
CREATE ROLE
[local]:5432 postgres@postgres # CREATE DATABASE test with owner test;
CREATE DATABASE
PGPASSWORD=test psql -h 10.233.4.16 -p 6432 -U test
Password for user test:
psql: ERROR: Auth failed
tail -fn1 /var/log/pgbouncer/pgbouncer.log
LOG Stats: 0 req/s, in 0 b/s, out 0 b/s,query 0 us
LOG C-0x17b57a0: test/test@10.255.4.245:3069 login attempt: db=test user=test tls=no
LOG C-0x17b57a0: test/test@10.255.4.245:3069 closing because: client unexpected eof (age=0)
LOG C-0x17b57a0: test/test@10.255.4.245:3070 login attempt: db=test user=test tls=no
LOG C-0x17b57a0: test/test@10.255.4.245:3070 closing because: Auth failed (age=0)
WARNING C-0x17b57a0: test/test@10.255.4.245:3070 Pooler Error: Auth failed
工作配置:
猫 pgbouncer.ini | grep -v ";" | grep -v "^$" | grep -v "#"
[databases]
*= port=5432 auth_user=postgres
[pgbouncer]
logfile = /var/log/pgbouncer/pgbouncer.log
pidfile = /var/run/pgbouncer/pgbouncer.pid
listen_addr = *
listen_port = 6432
auth_query = SELECT usename, passwd FROM pg_shadow WHERE usename=$1
admin_users = postgres
stats_users = stats, postgres
pool_mode = session
server_reset_query = DISCARD ALL
max_client_conn = 100
default_pool_size = 20
【问题讨论】:
为 pgbouncer 使用数据库 hba 非常好。告诉我们你的错误(来自/var/log/pgbouncer/pgbouncer.log)
米!好多了。请检查用户测试是否在文件中,指定在auth_file,如果没有(必须是这种情况)添加它,就像"test" "md564b76e462e88c4fa6898960d067845b8" - 你可以从select passwd from pg_shadow where usename = 'test';找到哈希
我更新帖子。我使用了 auth_query,但无法连接到 PostgreSQL :(
重启 pgbouncer?显示日志 - 当您无法连接时,您会收到消息和生成的日志行 - 它们对于了解问题至关重要
我更改了配置,他正在工作。 :)
【参考方案1】:
试试放空格
*= port=5432 auth_user=postgres # old string
* = port=5432 auth_user=postgres # new string
为我工作
【讨论】:
以上是关于PgBouncer 和 PostgreSQL 的身份验证的主要内容,如果未能解决你的问题,请参考以下文章
带有重试行为的 Go sql 包、PostgreSQL 和 PgBouncer
气流 2.1.3 使用 pgbouncer 解决 postgresql 问题