search

ANXS / postgresql

Fairly full featured Ansible role for Postgresql.
http://anxs.io/
MIT License
849 stars 573 forks source link

fe_sendauth: no password supplied #440

Closed tristanbes closed 4 months ago

tristanbes commented 5 years ago

Hello,

It seems that we cannot connect with the postgres default user without password since few days/weeks.

Each time we get: SQLSTATE[08006] [7] fe_sendauth: no password supplied

I tried:

(PS: It was previously working). We use Debian 9 on the host.

We use default config for your role. The only variable tweaked is:

# Postgresql
postgresql_version: 11
vladp commented 5 years ago

We are running into exact same issue (Ubuntu bionic, PG 11). Has anybody gotten this to work?

vladp commented 5 years ago

I was able to get role to work (at least from what I can see). By adding these variables:

        # start of hba stuff
        # This role does not allow to setup password for postgres (the postgres_admin_user).
        # However, this role relies on ability to connect to database as such user.
        # May be ealier release of PG had hba file set, as a default, to allow local users to login
        # There was no documentation in the role, that clarifies what to do,
        # Therefore, I came up with this workaround

        # This section also allows to setup a login for applications (which rely on md5 )
        # reference: https://www.postgresql.org/docs/11/auth-pg-hba-conf.html
        #
        # Also, note that if there is a failure due to misconfigured hba file, this role
        # will not be able to recover and restart the server, even after an updated hba config is specified
        # therefore, I have to login manually to the host as postgres user, and do:
        # pg_ctlcluster 11 main start
        postgresql_pg_hba_default:
          - { type: local, database: all, user: "{{ postgresql_admin_user }}", address: "", method: "trust", comment: "allows this user to connect without credentials, notice address is empty, so this allowance is for local machine" }

          - { type: host, database: all, user: "{{ postgresql_admin_user }}", address: "127.0.0.1/32", method: "trust", comment: "allows this user to connect without credentials, notice address is the loopback addr, so this allowance is, essentially, also only for the local machine on which PG is running" }

          - { type: local, database: root, user: "root", address: "", method: "trust", comment: "allows  user 'root' to connect without password, notice address is empty, so this allowance is for local machine. Apparently, this ansible role needs this.. may be for monit ?" }

          - { type: host, database: all, user: "{{ postgresql_admin_user }}", address: "10.0.2.2/24", method: "trust", comment: "allows this user to connect without credentials, notice address is what's typically used by VirtualBox for NATed guest VMS , so this allowance is to connect from my dev network to Vagrant VMs running within VirtualBox, via NATing (all natted VMs have 10.0.2.2 ip)" }

          - { type: host, database: all, user: dev01, address: "10.0.1.1/24", method: "md5", comment: "allows this user (dev01) to connect with credentials, that will be md5 encrypted before transmission, notice address is what's typically used by internal network , so this allowance is to connect as user 'd',  from my internal dev network (that use 10.0.1.x IP addresses) to this pg server" }
    # end of hba stuff
Pepan commented 5 years ago

Same problem on Centos 7.

github-actions[bot] commented 6 months ago

This issue has been marked 'stale' due to lack of recent activity. If there is no further activity, the issue will be closed in another 30 days. Thank you for your contribution!

github-actions[bot] commented 4 months ago

This issue has been closed due to inactivity. If you feel this is in error, please reopen the issue or file a new issue with the relevant details.