Our production databases are only accessible from the production application servers. I am able to login to production app servers and psql to the db, but I would like to setup a ssh tunnel to allow me to access the production db from my work box.
Ideally, it would be a single command that I could run from my workbox that would set up the tunnel/proxy on the production app server
Here is what I have come up with, but it doesnt work.
user#workbox $ ssh -fNT -L 55555:db.projectX.company.com:5432 app.projectX.company.com
user#workbox $ psql -h app.projectX.company.com -p 55555
psql: could not connect to server: No route to host
Is the server running on host "app.projectX.company.com" (10.1.1.55) and accepting
TCP/IP connections on port 55555?
The reported IP address is incorrect.
When connecting to the tunnel endpoint, the hostname is your local host, since that's where the forwarded port is exposed.
ssh -fNT -L 55555:db.projectX.company.com:5432 app.projectX.company.com
psql -h localhost -p 55555
BTW, PgAdmin-III provides ssh tunnel automation. On the other hand, it's a big GUI app without psql's handy \commands.
It's pretty trivial to write a sshpsql bash script that fires up the ssh tunnel, stores the pid of the ssh process, launches psql, lets you do what you want, and on exit kills the ssh tunnel. You'll also want to TRAP "kill $sshpid" EXIT so you kill the tunnel on unclean exits.
Related
I am trying to do streaming replication between two postgresql servers. Main server is listening on port 5434 and I have to keep it so. When I run "pg_basebackup -h (main server ip) -D /var/lib/postgresql/13/main/ -U replicator -P -v -R -X stream -C -S slaveslot1" on replica server I get the follwing error:
"pg_basebackup: error: could not connect to server: Connection refused. Is the server running on host (main server ip) and accepting TCP/IP connections on port 5432?"
Almost all similar questions that I found in the web are dealing with some other problems as their main server is already using port 5432.
So, could you please let me know how I can keep port 5434 on main server and still run the above command for replication? Thanks in advance!
I was expecting the command to run normally and ask me for password.
I have changed the port to 5432 and in that case it works, so the command itself doesn't have mistakes in it.
But I don't know what/how I can do it if I am keeping port 5434.
You can either use the -p option of pg_basebackup, or you can set the PGPORT environment variable, or you can use the -d option with a connection string that contains port=5434.
I have a Postgres instance under the private subnet, I don't have VPN configured to connect, even it's not allowed with my Bastion ( jump node ).
Is there any way to connect it through my local machine to testing for development?
The default port is 5432.
and I have ssh access to my application server through Bastion node.
Port Forwarding is a process where you can establish a connection from your computer (on the Internet) into the Bastion server, and then forward traffic to the database.
ssh -i key.pem ec2-user#BATION-IP -L 5432:DATABASE-DNS-NAME:5432
Then, in your SQL client, connect to the database via:
localhost:5432
When the SQL client goes to port 5432 on your local computer, the SSH connection will forward that traffic to the bastion server, which will then send it to: DATABASE-DNS-NAME:5432
(You can actually use any port number locally. For example, you could create multiple forwarding connections to different databases, each on a different port.)
As you have ssh access to your application server through Bastion.
Then you may create two-level ssh tunnel proxy. As Postgres is not allowed even though Bastion node, only allowed through the application server.
1: Create a tunnel from the Application Server to the bastion node.
ssh-add ~/.ssh/id_rsa ;ssh -oStrictHostKeyChecking=no -Att -l USER_NAME BASTION IP ssh -oStrictHostKeyChecking=no -Att -l USER_NAME APP_SERVER_IP -L 5432:AWS_POSTGRESS_END_POINT:5432
(keep open this terminal)
2: Create another tunnel from Bastion to local computer:
(open new terminal )
ssh-add ~/.ssh/id_rsa ;ssh -oStrictHostKeyChecking=no -Att -l USER_NAME BASTION_IP -L 5432:localhost:5432
(keep open this terminal)
3: use localhost or 127.0.0.1 with 5432 port in the connection string (to connect from local machine) instead of Postgress endpoint.
Note: replace correct ssh key path and your user name with boldly highlighted text. and keep open both terminal open to maintain the session.
I'm trying to setup postgres cluster of two nodes (primary and standby). In order to activate automatic failover, I'm using pgpool-II.
I followed the following article: https://www.pgpool.net/docs/41/en/html/example-cluster.html
and the only thing difference I did is installing postgresql version 12 instead of version 11.
Knowing that I'm trying it useing two centos7 images on VMware. I faced the following issues:
When I run systemctl status pgpool.service on both nodes, it returned success.
Also I can access postgresql using the watchdog delegate IP.
But what testing failover, everything goes wrong.
Scenario 1:
I accessed my database using watchdog delegate Ip.
I disconnect the standby server.
Result: My session to postgresql continued to work for less than a minute and then it failed. and I'm unable to connect again, until I reconnect the standby node, and restart the pgpool service again.
Scenario 2:
I accessed my database using watchdog delegate Ip.
I disconnect the primary server.
Result: My session stopped directly. and the standby server is not promoted to be master.
I noticed something (might be related to the above described problem): when I try to run the following command
psql 192.168.220.146 -p 9999 -U postgres -c "show pool_nodes"
it fails to work and returned the following:
psql: error: could not connect to server: could not connect to server: No such file or directory
Is the server running locally and accepting
connections on Unix domain socket "/var/run/postgresql/.s.PGSQL.9999"
However if I ran: psql 192.168.220.160 -p 5432 -U postgres
it works fine and I can access the postgres shell.
My pool_hba file:
# "local" is for Unix domain socket connections only
local all all trust
# IPv4 local connections:
host all all 127.0.0.1/32 trust
host all all ::1/128 trust
host all pgpool 0.0.0.0/0 scram-sha-256
host all postgres 0.0.0.0/0 scram-sha-256
Any help would be appreciated.
I followed the following article: https://www.pgpool.net/docs/41/en/html/example-cluster.html and the only thing difference I did is installing postgresql version 11.
I not ping delegate_IP = '192.168.1.233'. May i help you?
Thanks you.
you are not providing -h argument to psql for specifying the IP address. So effectively psql is trying to connect to UNIX domain socket and considering the IP address in the command as the database name.
Try putting -h before the IP address
psql -h 192.168.220.146 -p 9999 -U postgres -c "show pool_nodes"
I have one server machine where PostgreSQL and SSH server is installed. I have another client machine from where i want to connect to the PostgreSQL on the server machine in a secure way. I used SSH tunnel which is working.
I tried to connect the client with server using:
$ ssh -L 3307:localhost:3306 user#Host -N -f
It is working. But now I am thinking whether it is possible to start the ssh tunneling from the server side. It means run a ssh command on server machine so that I get a more secure connection
I'm trying to connect to a psql database on a remote server.
So I ssh tunnel into the remote server with port forwarding as below
ssh -L 7777:psqlServerHost.com:5432 me#remoteServerHost.com
Unfortunately using this method I'm unable to authenticate properly when I try the below command on separate terminal on my local
psql -h localhost -p 7777 -U user database
I would get
FATAL: password authentication failed for user
However if I were to directly ssh into me#remoteServerHost.com I would be able to connect to the database with the same credentials using the below command
psql -h psqlServerHost.com -U user database
I imagine this is probably a configuration file somewhere that I've missed, but I can't seem to find any similar queries that are helpful on the internet.