I'm trying to setup a pmm-agent to monitor my db at GCP but I'm getting this error:
pg_hba.conf rejects connection for host
The user is postgres and I can connect trhough psql, but when I'm using it trought a service in machine, this fails. Already check conections for db and network.
Related
I have an AWS postgres instance and an AWS ec2 instance (running as bastion host). From my local machine I want to connect to that AWS postgres instance via a python script. But it's not working (see below).
My setup is:
with SSHTunnelForwarder(
('internet-adress-of-the-basion-host', 22),
ssh_private_key=r"the-private-key.pem",
ssh_username="ec2-user",
local_bind_address=('localhost', 6543),
remote_bind_address=('internet-adress-of-the-postgres-server', 5432)) as server:
server.start()
print("server connected")
self.conpostgres = psycopg2.connect(host='localhost', port=server.local_bind_port, database="the-database",
user="the-user", password="the-password")
I can sucessfully connect via the sshtunnel (the "server connected" messages is printed to the console), but I get an ERROR in the when excecuting psycopg2.connect.
The connect ERROR is:
could not connect to server: Connection refused (0x0000274D/10061)
Is the server running on host "localhost" (::1) and accepting
TCP/IP connections on port 6543?
FATAL: password authentication failed for user "the-user"
FATAL: no pg_hba.conf entry for host "x.x.x.x", user "the-user", database "the-database", SSL off
Two remarks:
1.) In the line "no pg_hba.conf entry for host "x.x.x.x"". Here the "x.x.x.x" address is NOT localhost (127.0.0.1). It's a normal ip4 internet address. But I have no idea where this address is coming from!
2.) !!!! With the exact same configuration mentioned above I can successfully connect to the database via the database tool built in IntelliJ Idea. So there is a way to connect to the postgres server without changing pg_hba.conf. So maybe I have to configure the tunnel differently?
I have a Linux instance in AWS Lightsail and I have started up a PostgreSQL database on my LightSail hosted Linux server. On my local Windows 10 machine, I have a Postgresql server as well. When I am attempting to connect to the AWS Postgresql server on Lightsail following the steps described here:
https://lightsail.aws.amazon.com/ls/docs/en_us/articles/amazon-lightsail-connecting-to-your-postgres-database
On my pgAdmin (my pgAdmin is acting as the client while the Postgresql database that I have on AWS is the server), I am seeing the following error message:
Error saving properties
Unable to connect to the server:
timeout expired
Please note, my database is hosted by Lightsail and not by AWS RDS.
use SSL tunnel with your ip and pem file under SSH Tunnel Tab
Under connection user the ip 127.0.0.1 with your postgres username and password.
Provisioned an IBM Cloud Compose PostgreSQL instance. Then tried to connect the instance to the Watson Studio.
Although establishing a connection works fine, when I try to save retraining configuration getting the following error message.
Error: Unhandled exception of type PSQLException with message: FATAL: no pg_hba.conf entry for host "", user "", database "", SSL off
I do not think I can ssh to the db host and just change the pg_hba.conf file.
I do not think this is a possibility as the IBM Cloud Compose PostgreSQL is server less instance (I think).
How do I resolve this ?
How do you connect? Do you use a connection asset? Is this connection asset using the "Compose for PostgreSQL" or "PostgreSQL" type of connection? The "Compose for PostgreSQL" type of connection asset uses TLS, so should work.
This error message means you are trying to connect to the Database without TLS. Databases for PostgreSQL will reject unsecured connections.
https://cloud.ibm.com/docs/services/databases-for-postgresql?topic=databases-for-postgresql-security-compliance#protection-against-unauthorized-access
https://cloud.ibm.com/docs/services/databases-for-postgresql?topic=databases-for-postgresql-external-app
You have to add all the nodes accessing Postgres to pg_hba.conf file in the postgres server. For example,if the CIDR for the nodes connecting to Postgres is 192.168.1.0/24, then an entry like the following is required.
# TYPE DATABASE USER ADDRESS METHOD
# "local" is for Unix domain socket connections only local all all peer
# IPv4 local connections:
#host all all 127.0.0.1/32 ident host all all 192.168.1.0/24 trust
You have to find where to do this in IBM Cloud
I've set up a PostgreSQL instance on Google Cloud SQL and have set it up now to only allow SSL connections. I'm able to connect from my workstation via psql and from some apps like R Studio.
However I'm trying to connect via the GCloud Shell and don't seem to see any options to connect with SSL. There are options to manage certifications and I've created another client key and downloaded the files for it in my cloud shell account, I just don't see options for using them to make a connection. Without it just tells me there isn't an HBA for a "No SSL" connection.
Here is what I see (some things obfuscated):
don#cloudshell:~ (xxx)$ gcloud sql connect foo --user=postgres
Whitelisting your IP for incoming connection for 5 minutes...done.
Connecting to database with SQL user [postgres].Password for user postgres:
psql: FATAL: connection requires a valid client certificate
FATAL: pg_hba.conf rejects connection for host "a.b.c.d", user "postgres", database "postgres", SSL off
As per Cloud SQL GCP docs:
Cloud Shell connections do not support SSL. Connections from Cloud
Shell fail if the instance is configured to accept only SSL
connections.
I'm unable to connect to a new PostgreSQL in AWS RDS.
I have a Heroku app and I would like to use Amazon RDS for my database instead of Heroku. For that I've been following this guide: https://www.reinteractive.net/posts/128-heroku-app-backed-by-an-aws-rds-postgres-database
I've made a backup from my current Heroku DB and want to load it on the new database.
My security group for the database allows all inbound connections for port 5432 (0.0.0.0/0) and I've made a new VPC to have my DB set as Publicly Accesible (DNS hostnames and DNS resolution enabled). I created the database on postgres version 9.4.9.
However when I do:
-f latest.sql --host=xxx.xxx.us-west-2.rds.amazonaws.com --port=5432 --username=awsuser --password --dbname=mydatabase
from my computer, I only get a connection time out error:
psql: could not connect to server: Connection timed out
Is the server running on host xxx.xxx.us-west-2.rds.amazonaws.com" (1.2.3.4) and accepting
TCP/IP connections on port 5432?
The server is indeed running. In this case latest.sql is the backup I did. After this I edited the Database security groups to accept all connections (0.0.0.0/0) too.
Database Rules
(from what I've read this should not be necessary because I already have the VPC Security Group), but the result is the same.
Is there any way to trace what's going on / why is my connection getting blocked?