We Keep Coding

Disable postgres from listening on IPv6

I created a postgres docker image on top of the official image to copy my own pg_hba.conf into it, because I need to disable listening on IPv6 :
FROM postgres:13
COPY pg_hba.conf /etc/
Afterwards I run the container using the following docker-compose.yaml:
postgres:
image: custom-postgres
command: postgres -c hba_file="/etc/pg_hba.conf"
But postgres still tries listening on the none existent IPv6 socket. What am I doing wrong? This is my pg_hba.conf:
# TYPE DATABASE USER ADDRESS METHOD
# "local" is for Unix domain socket connections only
local all all trust
# IPv4 local connections:
host all all 127.0.0.1/32 trust
# Allow replication connections from localhost, by a user with the
# replication privilege.
local replication all trust
host replication all 127.0.0.1/32 trust
But I get the feeling it is not beeing used as I can see that the default pg_hba.conf is still created in /var/lib/postgresql/data

If you want to shape what interface(s) the Postgres server listens on you need to use the listen_addresses in postgresql.conf. To restrict to IPv4 then set to 0.0.0.0. See documentation link for more options. pg_hba.conf is used to control client access to a server. It does not control what interface the server listens on.

can not connect to postgres from Docker

I have a docker image in which i have hadoop cluster composed fo one master and two slaves. On this cluster, I have HBase.
I'm trying to migrate my postgres Database which is installed on my local machine to HBase Database which is on the Docker image using scoop .
For postgres, this is my postgresql.conf configuration file:
#------------------------------------------------------------------------------
# CONNECTIONS AND AUTHENTICATION
#------------------------------------------------------------------------------
# - Connection Settings -
listen_addresses = '*' # what IP address(es) to listen on;
# comma-separated list of addresses;
# defaults to 'localhost'; use '*' for all
# (change requires restart) port = 5432 # (change requires restart)
max_connections = 100 # (change requires restart)
#superuser_reserved_connections = 3 # (change requires restart) unix_socket_directories = '/var/run/postgresql' # comma-separated list
of directories
# (change requires restart)
#unix_socket_group = '' # (change requires restart)
#unix_socket_permissions = 0777 # begin with 0 to use octal notation
# (change requires restart)
#bonjour = off # advertise server via Bonjour
# (change requires restart)
#bonjour_name = '' # defaults to the computer name
# - Security and Authentication -
#authentication_timeout = 1min # 1s-600s ssl = on
#ssl_ciphers = 'HIGH:MEDIUM:+3DES:!aNULL' # allowed SSL ciphers
#ssl_prefer_server_ciphers = on
#ssl_ecdh_curve = 'prime256v1'
#ssl_dh_params_file = '' ssl_cert_file = '/etc/ssl/certs/ssl-cert-snakeoil.pem' ssl_key_file =
'/etc/ssl/private/ssl-cert-snakeoil.key'
#ssl_ca_file = ''
#ssl_crl_file = ''
#password_encryption = md5 # md5 or scram-sha-256
#db_user_namespace = off
#row_security = on
# GSSAPI using Kerberos
#krb_server_keyfile = ''
#krb_caseins_users = off
# - TCP Keepalives -
# see "man 7 tcp" for details
#tcp_keepalives_idle = 0 # TCP_KEEPIDLE, in seconds;
# 0 selects the system default
#tcp_keepalives_interval = 0 # TCP_KEEPINTVL, in seconds;
# 0 selects the system default
#tcp_keepalives_count = 0 # TCP_KEEPCNT;
# 0 selects the system default
Also this is the content of pg_hba.conf file:
# Database administrative login by Unix domain socket local all postgres peer
# TYPE DATABASE USER ADDRESS METHOD
# "local" is for Unix domain socket connections only local all all trust
# IPv4 local connections: host all all 127.0.0.1/32 trust
# IPv6 local connections: host all all ::1/128 trust
# Allow replication connections from localhost, by a user with the
# replication privilege.
local replication all trust
host replication all 127.0.0.1/32 trust
host replication all ::1/128
my problem is when I try to connect to postgres from docker image using scoop using this command:
sqoop import --connect jdbc:postgresql://localhost:5432/mimic --username postgres --password 0000 --table admission_ids --hbase-table mimic --column-family admission_ids --hbase-row-key id -m 1
I just have this problem:
Check that the hostname and port are correct and that the postmaster
is accepting TCP/IP connections. org.postgresql.util.PSQLException:
Connection refused. Check that the hostname and port are correct and
that the postmaster is accepting TCP/IP connections.
After a search, I jsut understand that docker is the origin of this issue, and to confirm that, I just try to connect to postgres using tenlnet from my local machine in the first time and this is the result :
telnet localhost 5432
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
and from the docker for the second time :
telnet localhost 5432
Trying 127.0.0.1...
Trying ::1...
telnet: Unable to connect to remote host: Cannot assign requested address
my docker image is named spark-hadoop.
I tried to trun this command but always not working:
docker run -d --name bridgeToHadoop --publish=127.0.0.1:5432:5432 -p 172.18.0.2:5432:5432 spark-hadoop

Postgresql running on host machine and you are trying to connect it from docker container. When you do this, host shouldn't be localhost in connection string. Here localhost means docker container.
Replace localhost with IP address, it should be following
sqoop import --connect jdbc:postgresql://host-pi-addr:5432/mimic --username postgres --password 0000 --table admission_ids --hbase-table mimic --column-family admission_ids --hbase-row-key id -m 1

Docker uses a default 172.17.0.0/16 subnet IP range for container networking. You need to allow non-local connections because your container network is no longer seen as local with respect to the postgres server. To permit external connections in the appropriate range add the following to pg_hba.conf (with appropriate choices for DATABASE, USER AND METHOD).
#TYPE DATABASE USER ADDRESS METHOD
host all all 172.17.0.0/16 scram-sha-256`
Also, by default the postgres server only listens on localhost, so you also need to tell postgres to listen on other IP addresses by adding the following to postgresql.conf.
listen_addresses = '*'

Postgres remote connection - Windows server

I have the following lines in pg_hba.conf. Postgres is installed on a Windows server.
# TYPE DATABASE USER ADDRESS METHOD
# IPv4 local connections:
host all all 127.0.0.1/32 md5
#host all all myip md5
# IPv6 local connections:
host all all ::1/128 md5
# Allow replication connections from localhost, by a user with the
# replication privilege.
host replication all 127.0.0.1/32 md5
host replication all ::1/128 md5
I would like to allow connection only from one more public IP address. How can I achieve that? As soon as I enable the above line IP: Postgres doesn't start.
Looking for some guidance.

To open the port 5432 edit your /Program Files/PostgreSQL/10/data/postgresql.conf and change
# Connection Settings -
listen_addresses = '*' # what IP address(es) to listen on;
In /Program Files/PostgreSQL/10/data/pg_hba.conf
# IPv4 local connections:
host all all 0.0.0.0/0 md5
Now restate the Postgres server use cmd
pg_ctl -D "C:\Program Files\PostgreSQL\10\data" restart

I run postgres on several Windows servers (Windows Server 2012 R2, Windows Server 2016) as a part of a commercial framework running on an Apache tomcat webserver. The local connection worked fine. However, I want the same postgres server to be accessible for another framework (Cakephp) on another server (Red Hat Enterprise Linux) on the same server farm. This used to work until I upgraded to postgres 9. Now I had to upgrade to postgres 10. No matter what I tried, I failed.
Here is what I did to solve the problem:
Find your local postgres configuration files. They are usually in the same directory as the postgres tablespace, in my case:
d:\PG10Data\postgresql.conf.
This file has to contain the following lines:
# - Connection Settings:
listen_addresses = '*' # what IP addresses/interfaces to listen on
port = 5432
The next file to be modified is the pg_hba.conf (hba = host based access):
# TYPE DATABASE USER ADDRESS METHOD
# some sample entries:
# this will open UP ALL REMOTE IPv4 connections, do not open up permanently
host all all 0.0.0.0/0 md5
# only 1 database for 1 user from 1 IPv4 address:
host yourdatabasename yourusername 10.15.17.13/32 md5
# don not forget the "/32", otherwise the postgres server will not start up!
After editing these files, restart the postgres server.
You can run
netstat -a -n | findstr 5432
to see if the postgres listener is running.
You can also run the following to test connectivity from the Windows command prompt:
psql -Uyourusername -dyourdatabasename -p5432 -hlocalhost
This should work at any time. The next level will be to use your computer's local IPv4 address. This you can find out with
ipconfig
This will tell you your local IPv4 address. Use this in the following command:
psql -Uyourusername -dyourdatabasename -p5432 -hyourlocalip
My problem was, this command failed. Since I ran it directly on my server, it could not be the local Windows firewall.
The solution:
There is a 2nd configuration file:
d:\PG10Data\postgresql.auto.conf
The file starts ominously with the following 2 lines:
# Do not edit this file manually!
# It will be overwritten by the ALTER SYSTEM command
And it ends:
listen_addresses = 'localhost'
I tried the ALTER SYSTEM command when I was logged on locally as postgres via psql, but no success.
In the end I turned cheeky and changed the entry in d:\PG10Data\postgresql.auto.conf to;
listen_addresses = '*'
Bingo! After a postgres restart, remote access worked like a charm on both Windows servers.
N. B. Don't forget the Windows Firewall: Open port 5432 for remote access. Also check there are no firewalls in the network the block access to port 5432 from your remote client.
It would be nice if someone were able to tell me how I should have changed the parameter without editing the postgresql.auto.conf, but at least both of my framesworks - both on the local and the remote server - are working.

That is incorrect syntax: myip is not an IP address, and the /32 after it is missing.

Loss of access to the database after restarting vm

I have this database in a VM, could restart the VM and it could access correctly
But now if I restart the VM when trying to access the DB by pgAdmin III I get the message below
Server doesn't listen
The server doesn't accept connections: the connection library reports
could not connect to server: Connection refused Is the server running on host "127.0.0.1" and accepting TCP/IP connections on port 5432?
If you encounter this message, please check if the server you're
trying to contact is actually running PostgreSQL on the given port.
Test if you have network connectivity from your client to the server
host using ping or equivalent tools. Is your network / VPN / SSH
tunnel / firewall configured correctly?
For security reasons, PostgreSQL does not listen on all available
IP addresses on the server machine initially. In order to access the
server over the network, you need to enable listening on the address
first. For PostgreSQL servers starting with version 8.0, this is
controlled using the "listen_addresses" parameter in the
postgresql.conf file. Here, you can enter a list of IP addresses the
server should listen on, or simply use '*' to listen on all available
IP addresses. For earlier servers (Version 7.3 or 7.4), you'll need to
set the "tcpip_socket" parameter to 'true'.
You can use the postgresql.conf editor that is built into pgAdmin III
to edit the postgresql.conf configuration file. After changing this
file, you need to restart the server process to make the setting
effective.
If you double-checked your configuration but still get this error
message, it's still unlikely that you encounter a fatal PostgreSQL
misbehaviour. You probably have some low level network connectivity
problems (e.g. firewall configuration). Please check this thoroughly
before reporting a bug to the PostgreSQL community.
I did some testing through VM snapshots and noticed that the behavior occurs after the command
sudo a2enmod rewrite
But I did not find anything that could indicate some link or how to solve, since I need to run sudo a2enmod rewrite
postgresql.conf connection settings:
# - Connection Settings -
listen_addresses = '*' # what IP address(es) to listen on;
# comma-separated list of addresses;
# defaults to 'localhost'; use '*' for all
# (change requires restart)
port = 5432 # (change requires restart)
max_connections = 100 # (change requires restart)
#superuser_reserved_connections = 3 # (change requires restart)
unix_socket_directories = '/var/run/postgresql' # comma-separated list of directories
# (change requires restart)
#unix_socket_group = '' # (change requires restart)
#unix_socket_permissions = 0777 # begin with 0 to use octal notation
# (change requires restart)
#bonjour = off # advertise server via Bonjour
# (change requires restart)
#bonjour_name = '' # defaults to the computer name
# (change requires restart)
I already tried to restart the postgres service, and it did not work

This is part of my general procedure for debugging access to any database.
Basic tests
Intended to determine whether or not the services are running properly.
Check if PostgreSQL is running:
pgrep -fl postgres
service postgresql status
(If status is available in your Linux then you should see something like this):
mortiz#florida:~/.mozilla/firefox/hlmpduzp.default$ sudo service postgresql status
● postgresql.service - PostgreSQL RDBMS
Loaded: loaded (/lib/systemd/system/postgresql.service; enabled; vendor preset: enabled)
Active: active (exited) since Mon 2018-06-11 14:05:04 -03; 3s ago
Process: 17522 ExecStart=/bin/true (code=exited, status=0/SUCCESS)
Main PID: 17522 (code=exited, status=0/SUCCESS)
Jun 11 14:05:04 florida systemd[1]: Starting PostgreSQL RDBMS...
Jun 11 14:05:04 florida systemd[1]: Started PostgreSQL RDBMS.
If the service is running, check the basic connectivity to the port:
telnet 127.0.0.1 5432
If you aren't able to connect try with localhost or the ip address (not the loopback):
telnet localhost 5432
telnet <your_ip_address> 5432
If the service isn't running try restoring a postgresql.conf backup.
If the service is running but you aren't able to connect to the port,
it could be a configuration problem, try restoring the configuration
from a backup.
If you were able to connect to the port using telnet, then the service is up and the port is open, anyway there could be configuration problems with the instance or your client.
If telnet didn't work with 127.0.0.1 but it did with localhost or -(your_ip_address / not loopback) then change that in your client settings.
If the service is running, check the basic connectivity to the port:
telnet 127.0.0.1 5432
If you aren't able to connect try with localhost or the ip address (not the loopback):
telnet localhost 5432
telnet <your_ip_address> 5432
If the service isn't running try restoring a postgresql.conf backup.
If the service is running but you aren't able to connect to the port,
it could be a configuration problem, try restoring the configuration
from a backup.
If you were able to connect to the port using telnet, then the service is up and the port is open, anyway there could be configuration problems with the instance or your client.
If the telnet didn't work with 127.0.0.1 but it did with localhost or then change that in your client settings.
Testing functionality
To check the expected behavior of the service. In Linux some services start even with errors and produce undesired behaviors.
Now it's time to see if the service is working properly, we'll use the CLI. Run this command:
psql -h localhost --username=postgres --list
And you should see the list of databases:
mortiz#florida:~/.mozilla/firefox/hlmpduzp.default$ psql -h localhost --username=postgres --list
Password for user postgres:
List of databases
Name | Owner | Encoding | Collate | Ctype | Access privileges
-----------+----------+----------+-------------+-------------+-----------------------
postgres | postgres | UTF8 | en_US.UTF-8 | en_US.UTF-8 |
template0 | postgres | UTF8 | en_US.UTF-8 | en_US.UTF-8 | =c/postgres +
| | | | | postgres=CTc/postgres
template1 | postgres | UTF8 | en_US.UTF-8 | en_US.UTF-8 | =c/postgres +
| | | | | postgres=CTc/postgres
(3 rows)
If this works then your problem may be in the client pgAdmin. Try installing another client or version and try connecting to the database.
Reviewing the configuration of the server
* Maybe someone changed the method of accessing the database.
Be careful, backup your file first. Check the PostgreSQL Client Authentication Configuration File hosts allowed to connect / methods and users -> /etc/postgresql/9.6/main/pg_hba.conf
# This file controls: which hosts are allowed to connect, how clients
# are authenticated, which PostgreSQL user names they can use, which
# databases they can access. Records take one of these forms:
#
# local DATABASE USER METHOD [OPTIONS]
# host DATABASE USER ADDRESS METHOD [OPTIONS]
# hostssl DATABASE USER ADDRESS METHOD [OPTIONS]
# hostnossl DATABASE USER ADDRESS METHOD [OPTIONS]
# METHOD can be "trust", "reject", "md5", "password", "gss", "sspi",
# "ident", "peer", "pam", "ldap", "radius" or "cert". Note that
# "password" sends passwords in clear text; "md5" is preferred since
# it sends encrypted passwords.
Tell me your results of each test if any problem.

Connect to remote postgresql server on amazon ec2

I started an amazon ec2 instance, and installed postgresql 9.1 over it. I then went to the
Security Group: quicklaunch-1(there was one moredefault` which i did not change) and opened the 5432 TCP Port, the table looks like this:
(Service) Source Action
22 0.0.0.0/0 Delete
5432 0.0.0.0/32 Delete
5433 0.0.0.0/32 Delete
6432 0.0.0.0/32 Delete
I have created a database and user .
My /etc/postgresql/9.1/main/pg_hba.conf looks like this:
# Database administrative login by Unix domain socket
local all postgres peer
# TYPE DATABASE USER ADDRESS METHOD
host all all 0.0.0.0/0 md5
host db_name user_name 0.0.0.0/0 md5
# "local" is for Unix domain socket connections only
local all all peer
# IPv4 local connections:
host all all 127.0.0.1/32 md5
# IPv6 local connections:
host all all ::1/128 md5
# Allow replication connections from localhost, by a user with the
# replication privilege.
#local replication postgres peer
host replication postgres 127.0.0.1/32 md5
host replication postgres ::1/128 md5
and /etc/postgresql/9.1/main/postgresql.conf looks like this:
# - Connection Settings -
listen_addresses = '*'
#listen_addresses = 'localhost' # what IP address(es) to listen on;
# comma-separated list of addresses;
# defaults to 'localhost', '*' = all
# (change requires restart)
port = 5432 # (change requires restart)
I then try to connect on to the remote machine as follows:
psql -h ec2-xxx-xx-xxx-xxx.compute-1.amazonaws.com -d <database_name> -U <username>
where ec2-xxx-xx-xxx-xxx.compute-1.amazonaws.com is my Public DNS.
The above command does not result in any connection, how can i connect?

In this table:
5432 0.0.0.0/32 Delete
5433 0.0.0.0/32 Delete
6432 0.0.0.0/32 Delete
the CIDRs look like you're not allowing any IP in. Shouldn't they be 0.0.0.0/0 instead, like what you have for port 22 (ssh)?

I Found the resolution to this problem.
Two things are required.
Use a text editor to modify pg_hba.conf.
Locate the line host all all 127.0.0.1/0 md5.
Immediately below it, add this new line: host all all 0.0.0.0/0 md5
Editing the PostgreSQL postgresql.conf file:
Use a text editor to modify postgresql.conf.
Locate the line that starts with #listen_addresses = 'localhost'.
Uncomment the line by deleting the #, and change localhost to *.
The line should now look like this: listen_addresses = '*' # what IP address(es) to listen on;.
Now Just restart your postgres service and it will connect

your psql command needs a -W option added, which allows you to enter a password for the db user and a -p option followed by the postgres port number (5432 per default)
cheers!