第二天,如果我使用auth_type = hba
,我将无法通过pgbouncer解决连接错误:
postgres=# create user monitoring with password 'monitoring';
postgres=# create database monitoring owner monitoring;
postgres=# \du+ monitoring
List of roles
Role name | Attributes | Member of | Description
------------+------------+-----------+-------------
monitoring | | {} |
postgres=# \l+ monitoring
List of databases
Name | Owner | Encoding | Collate | Ctype | Access privileges | Size | Tablespace | Description
------------+------------+----------+-------------+-------------+-------------------+---------+------------+-------------
monitoring | monitoring | UTF8 | en_US.UTF-8 | en_US.UTF-8 | | 7861 kB | pg_default |
/var/lib/pgsql/10/data/pg_hba.conf
:
# TYPE DATABASE USER ADDRESS METHOD
host monitoring monitoring 0.0.0.0/0 trust
local monitoring monitoring trust
/etc/pgbouncer/pgbouncer.ini
:
pidfile = /var/run/pgbouncer/pgbouncer.pid
reserve_pool_size = 5
reserve_pool_timeout = 2
listen_port = 6432
listen_addr = *
auth_type = hba
auth_hba_file = /etc/pgbouncer/hba_bouncer.conf
auth_file = /etc/pgbouncer/userlist.txt
logfile = /var/log/pgbouncer/pgbouncer.log
log_connections = 0
log_disconnections = 0
log_pooler_errors = 1
max_client_conn = 5000
server_idle_timeout = 30
pool_mode = transaction
server_reset_query =
admin_users = root
stats_users = root,monitoring
[databases]
* = client_encoding=UTF8 host=localhost port=5432 pool_size=1000
在pgbouncer的pg_hba.conf
中,我还尝试使用掩码/ 32,掩码/ 8,/ 16(我的网段的真实掩码)指定服务器接口的特定地址。
结果只有一个:登录被拒绝!
/etc/pgbouncer/hba_bouncer.conf
:
host monitoring monitoring 0.0.0.0/0 trust
host monitoring monitoring 127.0.0.1/32 trust
/etc/pgbouncer/userlist.txt
:
"monitoring" "monitoring"
尝试连接:
# psql -U monitoring -p 5432 -h 127.0.0.1
psql (10.1)
Type "help" for help.
monitoring=>
# psql -U monitoring -p 6432 -h 127.0.0.1
psql: ERROR: login rejected
答案 0 :(得分:0)
我们有一个与您相似的用例。我们正在运行1.12.0版本,并且遇到了同样的问题,我们也收到“错误:登录被拒绝”消息。
经调查后发现,我们对pg_bouncer的pg_hba.conf的权限不正确。一旦我们授予pgbouncer读取权限,它就会按预期工作。不幸的是,在我们打开的更高级别的日志记录中,没有任何东西揭示了这一点,并且我们偶然通过自己的测试偶然发现了该解决方案。
Ps。我们在连接上使用信任时,在pgbouncer配置中保留的密码哈希为“”。我认为我们的配置与您发布的其他内容没有什么不同。