postgresql-setup --help outputs:
Usage: /usr/bin/postgresql-setup MODE_OPTION [--unit=UNIT_NAME] [OPTION...]
...
Available operation mode:
--initdb Initialize new PostgreSQL database cluster. This is usually the
first action you perform after PostgreSQL server installation.
...
Environment:
PGSETUP_INITDB_OPTIONS Options carried by this variable are passed to
subsequent call of `initdb` binary (see man
initdb(1)). This variable is used also during
'upgrade' mode because the new cluster is actually
re-initialized from the old one.
However when I run something like:
> export PGSETUP_INITDB_OPTIONS="--auth=scram-sha-256 --username=admin_user --pwprompt /var/lib/pgsql/data";
> sudo postgresql-setup --initdb
It doesn't seem to apply the options in PGSETUP_INITDB_OPTIONS. The auth in /var/lib/pgsql/data/pg_hba.conf still reads:
# TYPE DATABASE USER ADDRESS METHOD
# "local" is for Unix domain socket connections only
local all all peer
# IPv4 local connections:
host all all 127.0.0.1/32 ident
# IPv6 local connections:
host all all ::1/128 ident
# Allow replication connections from localhost, by a user with the
# replication privilege.
local replication all peer
host replication all 127.0.0.1/32 ident
host replication all ::1/128 ident
(None are scram-sha-256)
Also, I wasn't prompted for a password and super user still seems to be postgres.
I'm using:
postgresql 12.11
Os: Rocky Linux release 8.6 (Green Obsidian)
Am I doing something wrong here?
Related
We use PostgreSQL for our database of Speedy Net. I had a production server with PostgreSQL 13, and I backed up my database with the following command:
pg_dump -U postgres -h localhost "speedy_net" | gzip > <file_name>.sql.gz
It worked with PostgreSQL 13, but recently I upgraded my server to Ubuntu 22.04.1 LTS and PostgreSQL 14. I loaded the database from SQL and everything works properly, but now I can't backup the database - I get the following error message:
pg_dump: error: connection to server at "localhost" (::1), port 5432 failed: fe_sendauth: no password supplied
Now, something has changed in the configuration file from PostgreSQL 13 to 14. In PostgreSQL 13, the file /etc/postgresql/13/main/pg_hba.conf was:
# Database administrative login by Unix domain socket
local all postgres peer
# TYPE DATABASE USER ADDRESS METHOD
# "local" is for Unix domain socket connections only
local all all peer
# IPv4 local connections:
host all all 127.0.0.1/32 trust
# IPv6 local connections:
host all all ::1/128 md5
# Allow replication connections from localhost, by a user with the
# replication privilege.
local replication all peer
host replication all 127.0.0.1/32 md5
host replication all ::1/128 md5
And in PostgreSQL 14 the file /etc/postgresql/14/main/pg_hba.conf is:
# Database administrative login by Unix domain socket
local all postgres peer
local all speedy_net trust
# TYPE DATABASE USER ADDRESS METHOD
# "local" is for Unix domain socket connections only
local all all peer
# IPv4 local connections:
host all all 127.0.0.1/32 trust
# IPv6 local connections:
host all all ::1/128 scram-sha-256
# Allow replication connections from localhost, by a user with the
# replication privilege.
local replication all peer
host replication all 127.0.0.1/32 scram-sha-256
host replication all ::1/128 scram-sha-256
Notice, the line local all speedy_net trust is new. Is this line causing problems? I had to add it because otherwise I couldn't load the database from SQL.
Do you know how I fix it so that backups will work? If I run the command pg_dump -U postgres -h localhost "speedy_net" manually I get prompted for password, but there is no password and it worked with PostgreSQL 13.
Maybe I need to change the password? How do I do it?
The line that is causing the problems in the new file is
host all all ::1/128 scram-sha-256
That requires you to supply a password. You have two choices:
Use a different authentication method. trust would allow you to login without a password (since you are using it with “localhost” in IPv4, why not with IPv6?). If you don't want that, certificate authentication would be an option.
Create a password file on the new machine. Since you forced password authentication on the old machine, that's probably what you used there.
I created an EC2 instance and then installed postgresql (version 11) and timescaledb in it. My security group looks as follows:
As of now, I have enabled this instance for all the IP addresses.
My /etc/postgresql/11/main/pg_hba.conf looks like this:
# Database administrative login by Unix domain socket
local all postgres peer
# TYPE DATABASE USER ADDRESS METHOD
# "local" is for Unix domain socket connections only
local all all peer
# IPv4 local connections:
host all all 127.0.0.1/32 md5
# IPv6 local connections:
host all all ::1/128 md5
# Allow replication connections from localhost, by a user with the
# replication privilege.
local replication all peer
host replication all 127.0.0.1/32 md5
host replication all ::1/128 md5
host all all 0.0.0.0/0 md5 #ipv4 range
host all all ::0/0 md5 #ipv6 range
host all all all md5 #all ip
and the /etc/postgresql/11/main/postgresql.conf looks like this:
# - Connection Settings -
listen_addresses = '*' # what IP address(es) to listen on;
# comma-separated list of addresses;
# defaults to 'localhost'; use '*' for all
# (change requires restart)
port = 5432 # (change requires restart)
max_connections = 100 # (change requires restart)
Then, I try to connect to the database via Pgadmin4 using the Public DNS(IPv4):ec2-xx-xxx-xxx-xxx.eu-central-1.compute.amazonaws.com
After I enter the username and password, it throws the following error:
Unable to connect to server:
could not connect to server: Connection refused
Is the server running on host "ec2-xx-xxx-xxx-xxx.eu-central-1.compute.amazonaws.com" (xx.xxx.xxx.xxx) and accepting
TCP/IP connections on port 5432?
I had a look at the following post and followed all the instructions, but to no avail:
connect-to-remote-postgresql-server-on-amazon-ec2
Can anyone please help me out with this?
Edit 1
When I do:
/etc/init.d/postgresql restart
I get:
[....] Restarting postgresql (via systemctl): postgresql.service==== AUTHENTICATING FOR org.freedesktop.systemd1.manage-units ===
Authentication is required to restart 'postgresql.service'.
Authenticating as: Ubuntu (ubuntu)
Password:
I don't know what password to enter here so that the postgresql can get restarted
As pointed out by #jjanes in the comments, I had to restart the postgresql inorder to access it.
Doing
/etc/init.d/postgresql restart
was throwing an error (as shown in the question) that's why I had to use
sudo /etc/init.d/postgresql restart
in order to grant the root access.
Once the db was restarted, I tried connecting to the ec2 instance again via pgadmin4, and this time it worked.
i installed and setup postgresql-12 with the commands from here [https://www.postgresql.org/download/linux/redhat/]
yum install https://download.postgresql.org/pub/repos/yum/reporpms/EL-7-x86_64/pgdg-redhat-repo-latest.noarch.rpm
yum install postgresql12
yum install postgresql12-server
/usr/pgsql-12/bin/postgresql-12-setup initdb
systemctl enable postgresql-12
systemctl start postgresql-12
i then tried to log into the database
psql postgres postgres
i got the error
psql: error: could not connect to server: FATAL: Peer authentication failed for user "postgres"
there are two pg_hba.conf files on my system. i checked the authentication settings, shown below, as recommended here [psql: FATAL: Ident authentication failed for user "postgres"
/data/pg_data_dir/pg_hba.conf
# TYPE DATABASE USER ADDRESS METHOD
host all all 0.0.0.0/0 md5
# "local" is for Unix domain socket connections only
local all all md5
# IPv4 local connections:
host all all 127.0.0.1/32 trust
# IPv6 local connections:
host all all ::1/128 trust
# Allow replication connections from localhost, by a user with the
# replication privilege.
local replication all trust
host replication all 127.0.0.1/32 trust
host replication all ::1/128 trust
/var/lib/pgsql/12/data/pg_hba.conf
# TYPE DATABASE USER ADDRESS METHOD
# "local" is for Unix domain socket connections only
local all all md5
# IPv4 local connections:
host all all 127.0.0.1/32 md5
# IPv6 local connections:
host all all ::1/128 trust
# Allow replication connections from localhost, by a user with the
# replication privilege.
local replication all trust
host replication all 127.0.0.1/32 trust
host replication all ::1/128 trust
the authentication settings look OK, so i'm not sure what to do from here.
EDIT - To make this more structured and usable.
First, you need to understand what each of those authentification methods mean, there is a ton on infromation in here about this. Long story short, at this stage, the one you'll likely be interested in is md5 which is a hashed password, or trust which is no password.
After installing the postgres on your machine, you'll need to become the postgres user and then attempt psql
~# su -l postgres --assume you're postgres
~$ psql --connect
psql (xx.x ))
Type "help" for help.
postgres=#
Once you're in, you can set a new password for that user:
postgres=# \password postgres
To prevent this from happening, you'll need to ask postgres where the hba file is:
postgres=# SHOW hba_file;
Use your favourite text editor and modify it to fulfill your needs.
Also you need to make sure you reload the postgresql service, the command is:
sudo systemctl reload postgresql-12.service
I am trying to run some postgresql commands through a fabric script. When I execute the script I get:
out: psql: FATAL: Peer authentication failed for user "sparc2"
This is how my pg_hba.conf file looks like:
# "local" is for Unix domain socket connections only
local all all peer
# IPv4 local connections:
host all all 127.0.0.1/32 md5
# IPv6 local connections:
host all all ::1/128 md5
# Allow replication connections from localhost, by a user with the
# replication privilege.
#local replication postgres peer
#host replication postgres 127.0.0.1/32 md5
#host replication postgres ::1/128 md5
# added
local sparc2 sparc2 md5
host sparc2 sparc2 127.0.0.1/32 md5
host sparc2 sparc2 10.0.2.2/32 md5
host all all all password
I have also modified the postgresql.conf file with adding this line:
listen_addresses = '*'
After applying the changes I restarted postgresql. But the error is still the same.
PostgreSQL has 2 connection entry points:
TCP/IP (host in pg_hba.conf)
Unix sockets (local in pg_hba.conf)
Your server is configured to use peer auth which works only for Unix sockets, and means - ask the kernel if the OS username matches DB username.
You have following options:
change pg_hba.conf to use md5 auth for local socket connections, or
change connection settings in your script to use IP connection (127.0.0.1 should work) instead of socket connection. [ This may not require editing the files - sometimes setting PGHOST variable is enough ], or
make your script to run from OS user sparc2, not postgres.
Risks / drawbacks
if you change peer to md5, some automation scripts that run from "postgres" OS user, and rely on "peer" auth, will stop working. They will start asking for password
if you change peer to md5, and forget database superuser password, you may have to re-enable peer auth to reset it.
In general, the "peer" auth is OK. Ease and security of kernel-based local auth is the reason why many distributions choose it for local admin connections. It is useful especially on multi-user shell servers. You can disable it for selected accounts only:
#CHANNEL DB USER METHOD
local all sparc2 md5
local all all peer
More details: here and here.
When ever I am trying to run psql in the command line, it is asking for a Password: .
I'm not too sure what the username and password is.
I installed postgresql by brew install postgres
pg_hba.conf
# the database superuser. If you do not trust all your local users,
# use another authentication method.
# TYPE DATABASE USER ADDRESS METHOD
# "local" is for Unix domain socket connections only
local all all trust
# IPv4 local connections:
host all all 127.0.0.1/32 trust
# IPv6 local connections:
host all all ::1/128 trust
# Allow replication connections from localhost, by a user with the
# replication privilege.
#local replication AustinTruong trust
#host replication AustinTruong 127.0.0.1/32 trust
#host replication AustinTruong ::1/128 trust
Let me know if there is any confusion in my question.
Edit
In other posts, it mentions if I change pg_hba.conf file to local all all trust, I shouldn't require a password. But it is still requesting for a password.
When I run brew info postgres
I've followed the steps from Postgresql: password authentication failed for user "postgres", but i'm still having the same issue. I added the line
local all postgres ident
If you want to create a new database account from you own OS account use:
/usr/local/bin/createdb someusername
See if this works.
Also this other SO Question might help.
Edit:
Use brew info postgres for more information about your version.