Unable to connect to remote database from slave node

PecanProject / pecan

The Predictive Ecosystem Analyzer (PEcAn) is an integrated ecological bioinformatics toolbox.

www.pecanproject.org

Other

203 stars 235 forks source link

Unable to connect to remote database from slave node #368

Closed dlebauer closed 9 years ago

dlebauer commented 9 years ago

What are the appropriate settings for connecting to a remote instance of bety?

I currently have the following in my settings:

  <database>
    <bety>
      <user>bety</user>
      <password>bety</password>
      <dbname>bety</dbname>
      <host>ebi-forecast.igb.illinois.edu</host>
      <driver>PostgreSQL</driver>
    </bety>
  </database>

And when I run read.settings, I get the following error:

2015-03-05 12:39:14 ERROR  [value[[3]]] : 
   Could not connect to database.  RS-DBI driver: (could not connect 
   bety@ebi-forecast.igb.illinois.edu on dbname "bety" ) 
   postgresqlNewConnection(drv, ...) 
2015-03-05 12:39:14 SEVERE [check.database] : 
   Invalid Database Settings : bety bety bety ebi-forecast.igb.illinois.edu 
   PostgreSQL 
Error in logger.severe("Invalid Database Settings : ", unlist(database)) : 
  Invalid Database Settings :  betyInvalid Database Settings :  betyInvalid Database Settings :  betyInvalid Database Settings :  ebi-forecast.igb.illinois.eduInvalid Database Settings :  PostgreSQL
>

mdietze commented 9 years ago

That looks correct to me. Can you connect successfully from the command line?

dlebauer commented 9 years ago

no. maybe a permissions error:

psql -h ebi-forecast.igb.illinois.edu -U bety -W bety -d bety

gives

psql: warning: extra command-line argument "bety" ignored
Password for user bety: 
psql: fe_sendauth: no password supplied

Maybe how pg_hba.conf is setup - I've sent a note to the sysadmins in cnrg

dlebauer commented 9 years ago

seems to be an issue with trying to connect from slave nodes ... D. Slater says

I can change the settings to allow to the biocluster head node but the slave nodes will not be able to get to it

Not sure if this will be resolved other than working from elsewhere (as I am not allowed to do much on the biocluster head node)

mdietze commented 9 years ago

David, why are slave nodes needing to connect to the database? The general approach in remote execution has been to have the PEcAn server deal with the database and send model executions to the queue in a way that doesn't require those remote jobs to ever talk to the database

dlebauer commented 9 years ago

@mdietze I was debugging, and trying to avoid working on two systems. But apparently will have to come up with a different solution ...

Slater says

The slave nodes are on a private network that can not access the outside world. This is why you have to login to the biocluster headnode to access them. We do not want to open them up to access machines that are on the public network or the internet because then you can login to them without going through the scheduler and also there is potential to launch a bunch of jobs and do a denial of server attack (accidental or real) on another server.

gsrohde commented 9 years ago

@dlebauer I guess this is not longer an issue since you closed this, but the pg_hba.conf file is currently set to only accept connections from addresses in the 128.174.124.1/22 range. So unless you are connecting via ssh this could be the problem. There's no reason we can't reconfigure this, but I was being cautious when I set this up.