I am running a PostgreSQL service with Docker. For some reason, PostgreSQL wants to bind to IPV6 - although I haven't specified that anywhere (at least as far as I'm aware).
As a result of this, I am unable to connect to PG. Relevant details follow below:
Dockerfile
FROM postgres:9.6
RUN apt-get update \
&& apt-get -y install apt-utils \
&& apt-get -y install python3 \
&& apt-get -y install postgresql-plpython3-9.6
COPY sql /docker-entrypoint-initdb.d/
EXPOSE 5432
# Add VOLUMEs to allow backup of config, logs and databases
VOLUME ["/etc/postgresql", "/var/log/postgresql", "/var/lib/postgresql"]
PostgreSQL log file contents
LOG: received fast shutdown request
LOG: aborting any active transactions
waiting for server to shut down....LOG: autovacuum launcher shutting down
LOG: shutting down
LOG: database system is shut down
done
server stopped
PostgreSQL init process complete; ready for start up.
LOG: could not bind IPv6 socket: Cannot assign requested address
HINT: Is another postmaster already running on port 5432? If not, wait a few seconds and retry.
LOG: database system was shut down at 2017-10-09 21:22:22 UTC
LOG: MultiXact member wraparound protections are now enabled
LOG: database system is ready to accept connections
LOG: autovacuum launcher started
I run the container using the following command: docker run --name my_db_service_cntnr image_tag
When I run the following command: docker container port my_db_service_cntnr, I get nothing returned:
me#yourbox:~/path/to/pgdb$ docker container port my_db_service_cntnr
me#yourbox:~/path/to/pgdb$
I know PostgreSQL is running in the container:
me#yourbox:~/path/to/pgdb$ docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
824ffe17c5b9 df:pg "docker-entrypoint..." 16 hours ago Up 5 minutes 5432/tcp my_db_service_cntnr
me#yourbox:/path/to/pgdb$ docker container inspect my_db_service_cntnr | grep Address
"LinkLocalIPv6Address": "",
"SecondaryIPAddresses": null,
"SecondaryIPv6Addresses": null,
"GlobalIPv6Address": "",
"IPAddress": "172.17.0.2",
"MacAddress": "02:42:ac:11:00:02",
"IPAddress": "172.17.0.2",
"GlobalIPv6Address": "",
"MacAddress": "02:42:ac:11:00:02"
Yet when I attempt to connect to PostgreSQL (using default port of 5432), it fails to connect to the database:
Attempting to connect via psql
me#yourbox:~/path/to/pgdb$ psql -h 172.17.0.2 -U postgres -p 5432
psql: could not connect to server: Connection refused
Is the server running on host "172.17.0.2" and accepting
TCP/IP connections on port 5432?
me#yourbox:~/path/to/pgdb$
It seems port 5432 is not being listened to on my machine, despite me specifying that the PG image EXPOSE port 5432:
me#yourbox:~/path/to/pgdb$ sudo lsof -i -P | grep -i "listen"
lighttpd 1477 www-data 4u IPv4 22342 0t0 TCP *:80 (LISTEN)
dnsmasq 1645 nobody 5u IPv4 26954 0t0 TCP CEBERUS:53 (LISTEN)
master 2182 root 12u IPv4 28720 0t0 TCP localhost:25 (LISTEN)
master 2182 root 13u IPv6 28721 0t0 TCP ip6-localhost:25 (LISTEN)
rhythmbox 3149 me 17u IPv4 33925 0t0 TCP *:3689 (LISTEN)
rhythmbox 3149 me 18u IPv6 33926 0t0 TCP *:3689 (LISTEN)
cupsd 8432 root 10u IPv6 87004 0t0 TCP ip6-localhost:631 (LISTEN)
cupsd 8432 root 11u IPv4 87005 0t0 TCP localhost:631 (LISTEN)
What is causing this error, and how do I resolve it?
This isn't a complete answer, but should get you closer to an answer. It covers the dockerism's that are required for your debug steps in the question.
Run a postgres container
$ CID=$(docker run -d postgres)
$ echo $CID
48024dc71aa446...
Get the PID of the container
$ PID=$(docker inspect -f {{.State.Pid}} $CID)
$ echo $PID
7994
Get the logs from the container, check for errors.
$ docker logs $CID
Process list from the container
$ docker exec -ti $CID ps -ef
UID PID PPID C STIME TTY TIME CMD
postgres 1 0 0 23:19 ? 00:00:00 postgres
postgres 49 1 0 23:19 ? 00:00:00 postgres: checkpointer process
postgres 50 1 0 23:19 ? 00:00:00 postgres: writer process
postgres 51 1 0 23:19 ? 00:00:00 postgres: wal writer process
postgres 52 1 0 23:19 ? 00:00:00 postgres: autovacuum launcher pr
postgres 53 1 0 23:19 ? 00:00:00 postgres: stats collector proces
postgres 54 1 0 23:19 ? 00:00:00 postgres: bgworker: logical repl
root 66 0 0 23:26 ? 00:00:00 ps -ef
Run ss in the container looking for listening tcp processes (like lsof)
$ docker exec -ti $CID ss -lntp
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 *:5432 *:*
LISTEN 0 128 :::5432 :::*
Outside the container won't report on ports in container namespaces
$ ss -lntp
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 *:22 *:* users:(("sshd",pid=592,fd=3))
LISTEN 0 128 :::22 :::* users:(("sshd",pid=592,fd=4))
From the host, you can use nsenter to enter the containers namespace and run commands.
$ nsenter -t $PID -n ss -lntp
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 *:5432 *:* users:(("postgres",pid=7994,fd=3))
LISTEN 0 128 :::5432 :::* users:(("postgres",pid=7994,fd=4))
$ nsenter -t $PID -n ip address show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
52: eth0#if53: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
link/ether 02:42:ac:11:00:03 brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet 172.17.0.3/16 scope global eth0
valid_lft forever preferred_lft forever
Get the IP of the container from Docker
$ IP=$(docker inspect -f '{{.NetworkSettings.Networks.bridge.IPAddress}}' $CID)
$ echo $IP
172.17.0.3
Test the connection
$ psql -h $IP -U postgres -p 5432
Mapped ports
With a mapped port, the ports on the host changes slightly
$ CID=$(docker run -d -p 5432:5432 postgres)
$ echo $CID
020f72394fcd...
Now the container has a port configured
$ docker container port $CID
5432/tcp -> 0.0.0.0:5432
$ docker inspect -f {{.NetworkSettings.Ports}} $CID
map[5432/tcp:[{0.0.0.0 5432}]]
The port will also be listening on the host
$ ss -lntp
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 *:22 *:* users:(("sshd",pid=592,fd=3))
LISTEN 0 128 :::22 :::* users:(("sshd",pid=592,fd=4))
LISTEN 0 128 :::5432 :::* users:(("docker-proxy",pid=8571,fd=4))
And you can connect to localhost or your hosts IP now
$ psql -h 127.0.0.1 -U postgres -p 5432
Related
My docker postgres instance can't be connected to from the internet.
I think it is because it is mapped by docker to localhost.
root#VM01:~/docker# docker port postgres
5432/tcp -> 127.0.0.1:5432
I am new to docker and I would like to try remapping that to
5432/tcp -> 0.0.0.0:5432
To see if I can then connect remotely over the internet.
root#VM01:~/docker# netstat -na | grep 5432
tcp 0 0 127.0.0.1:5432 0.0.0.0:* LISTEN
Does anyone have experience doing this or advice on if this might work...?
I have another docker instance on the same host that reflects 0.0.0.0:8000 and using telnet from any machine on the internet shows it is accessible.
Not this one though:
127.0.0.1:5432->5432/tcp
I have PostgreSQL 13 installed on a server running Debian 10 Server. When I want to connect my PostgreSQL server, I should connect on port 5433, because my postgresql.conf file is like this:
# - Connection Settings -
listen_addresses = '*'
port = 5433
max_connections = 100
unix_socket_directories = '/var/run/postgresql'
But along with this port, I can connect on port 5432. While there is no any config file in my /etc/postgresql/13/main directory that contains port 5432. In addition, netstat -na outputs is like this:
For port 5432:
tcp 0 0 127.0.0.1:5432 0.0.0.0:* LISTEN
tcp6 0 0 ::1:5432 :::* LISTEN
unix 2 [ ACC ] STREAM LISTENING 27587 /var/run/postgresql/.s.PGSQL.5432
For port 5433:
tcp 0 0 0.0.0.0:5433 0.0.0.0:* LISTEN
tcp 164 0 192.168.1.100:42766 192.168.1.100:5433 CLOSE_WAIT
tcp 164 0 192.168.1.100:42782 192.168.1.100:5433 CLOSE_WAIT
tcp6 0 0 :::5433 :::* LISTEN
unix 2 [ ACC ] STREAM LISTENING 27607 /var/run/postgresql/.s.PGSQL.5433
That is so amazing that I have two different databases on two different ports, When I run psql command on 5432 and 5433 ports. I can connect from remote machine on port 5433, but I cannot connect on port 5432 from remote machine and just connect locally.
I want to know where is the port 5432 config and How I change it for remote machine connection?
I have just deployed a Postgres / timescaleDB on Ubuntu in AWS.
When I ssh my postgres VM, I can connect pgsql via CLI.
ubuntu#ip-172-31-35-57:~$ psql -U julien -h localhost db
Password for user julien:
psql (12.3 (Ubuntu 12.3-1.pgdg20.04+1))
SSL connection (protocol: TLSv1.3, cipher: TLS_AES_256_GCM_SHA384, bits: 256, compression: off)
Type "help" for help.
db=>
I can also see postgres is listening
ubuntu#ip-172-31-35-57:~$ sudo netstat -nlpute
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State User Inode PID/Program name
tcp 0 0 127.0.0.53:53 0.0.0.0:* LISTEN 101 46086 6152/systemd-resolv
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 0 20033 700/sshd: /usr/sbin
tcp 0 0 127.0.0.1:5432 0.0.0.0:* LISTEN 113 62083 20332/postgres
tcp6 0 0 :::80 :::* LISTEN 0 68924 23549/apache2
tcp6 0 0 :::22 :::* LISTEN 0 20044 700/sshd: /usr/sbin
udp 0 0 127.0.0.53:53 0.0.0.0:* 101 46085 6152/systemd-resolv
udp 0 0 172.31.35.57:68 0.0.0.0:* 100 651337 6134/systemd-networ
I checked ufw:
ubuntu#ip-172-31-35-57:~$ sudo ufw status
Status: inactive
I also opened fully Security Groups.
But still, I cannot connect my postgres DB from local.
With a local Postgres DB, I have no problem ( my app works )
What did I forget ???
Check listen_addresses in postgresql.conf file allowed remote connections. It should be
listen_addresses = '*'
In pg_hba.conf file you need to add following entry
host all all 0.0.0.0/0 md5
Be sure it is not a firewall issue.
I have an error with PostgreSQL:
SQLSTATE[08006] [7] could not connect to server: Connection refused
Is the server running on host "localhost" (::1) and
accepting TCP/IP connections on port 5432? could not connect to server: Connection refused
Is the server running on host "localhost" (127.0.0.1) and accepting TCP/IP connections on port 5432?
The following command doesn't show 5432 port is open:
sudo netstat -plunt |grep postgres
I guess that the problem is 5432 port so as I don't see it at netstat. How to open port for PostgreSQL?
The postgresql.conf and pg_hba.conf files are okay (see below).
postgres server is running
My postgresql.conf file:
listen_addresses = '*'
port = 5432
My pg_hba.conf file:
local all postgres md5
local all all md5
host all all 0.0.0.0/0 trust
host all all 127.0.0.1/32 trust
host all all ::1/128 trust
local replication all peer
host replication all 127.0.0.1/32 md5
host replication all ::1/128 md5
I ran the command: $ netstat -atu
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 localhost:6379 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:http 0.0.0.0:* LISTEN
tcp 0 0 localhost:domain 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:ssh 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:https 0.0.0.0:* LISTEN
tcp 0 0 30secondboomer.com:ssh 109-252-90-59.nat:11807 ESTABLISHED
tcp 0 0 30secondboomer.com:ssh 109-252-90-59.nat:11258 ESTABLISHED
tcp 0 0 30secondboomer.com:ssh 109-252-90-59.nat:11797 ESTABLISHED
tcp6 0 0 localhost:6379 [::]:* LISTEN
tcp6 0 0 [::]:http [::]:* LISTEN
tcp6 0 0 [::]:ssh [::]:* LISTEN
tcp6 0 0 [::]:https [::]:* LISTEN
udp 0 0 localhost:domain 0.0.0.0:*
udp 0 0 30secondboomer.c:bootpc 0.0.0.0:*
Got a similar error while settings up PostgreSQL to work with a Python/Django project.
Try to stop and restart the server again.
If indeed the challenge is port 5432 as you suspect, you can try to start postgres on another port say 5433 and see what happens.
For those, whose database server is not running at all, this solution worked for me, after reading the official PostgreSQL-9.6.16 documentation.
In your pg_hba.conf, you have :
host all all 127.0.0.1/32 trust
But this should probably contain the actual IP address of the machine from which the requests are coming (even if it is localhost, it should still contain the remote IP address as a connection from another machine would refer to it.
So I'm having issues with minikube mount command while on Big-IP VPN. Basically, the command looks like it's able to ssh into the minikube VM, but for whatever reason, minikube can't mount the host folder.
$ minikube mount --v=10 app_shared_sec:/app/shared/sec
Mounting app_shared_sec into /app/shared/sec on the minikube VM
This daemon process needs to stay alive for the mount to still be accessible...
ufs starting
Using SSH client type: native
&{{{<nil> 0 [] [] []} docker [0x140f940] 0x140f910 [] 0s} 127.0.0.1 57930 <nil> <nil>}
About to run SSH command:
sudo umount /app/shared/sec;
SSH cmd err, output: Process exited with status 32: umount: /app/shared/sec: not mounted.
Using SSH client type: native
&{{{<nil> 0 [] [] []} docker [0x140f940] 0x140f910 [] 0s} 127.0.0.1 57930 <nil> <nil>}
About to run SSH command:
sudo mkdir -p /app/shared/sec || true;
sudo mount -t 9p -o trans=tcp,port=51501,dfltuid=1001,dfltgid=1001,version=9p2000.u,msize=262144 192.168.99.1 /app/shared/sec;
sudo chmod 775 /app/shared/sec || true;
SSH cmd err, output: <nil>: mount: /app/shared/sec: mount(2) system call failed: Connection timed out.
Running netstat within the minikube VM seems to point to it being able to read the host.
$ netstat -nr
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
0.0.0.0 10.0.2.2 0.0.0.0 UG 0 0 0 eth0
10.0.2.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
10.0.2.2 0.0.0.0 255.255.255.255 UH 0 0 0 eth0
172.17.0.0 0.0.0.0 255.255.0.0 U 0 0 0 docker0
192.168.99.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
The issue appears to be because VPN blows away the vboxnet interface on the host, minikube VM has no way of communicating with it, causing the mount to fail. When trying to re-create the route, Big-IP seems to watch for changes and removes it. Not sure what else to do at this point.