search

usegalaxy-eu / infrastructure-playbook

Ansible playbook for managing UseGalaxy.eu infrastructure.
MIT License
16 stars 91 forks source link

Allow hosts stats, sn06, maintenance to access the grafana DB in PG #1237

Closed sj213 closed 2 months ago

sj213 commented 2 months ago

Updates pg_hba.conf to grant access to the grafana DB in PG to all currently Grafana-related hosts.

kysrpex commented 2 months ago

Great! Thanks @sanjaysrikakulam @sj213.

kysrpex commented 2 months ago

Linking this to usegalaxy-eu/issues#588 for future reference.

kysrpex commented 1 month ago

@sj213 Could you check if there is anything wrong with sn05's firewall? I cannot connect from stats.

centos@stats-galaxyproject-eu:~$ psql -h sn05.galaxyproject.eu -p **** -U grafana -d grafana
psql: could not connect to server: Connection timed out
    Is the server running on host "sn05.galaxyproject.eu" (***.***.***.***) and accepting
    TCP/IP connections on port ****?

Connecting from sn06 and maintenance works fine.

sj213 commented 1 month ago

@kysrpex I have a log entry reading

FATAL: password authentication failed for user "grafana"

immediately followed by

DETAIL: Connection matched pg_hba.conf line 39: "host  grafana  grafana  132.230.223.239/32"

Timestamp is today, 14:44

Nothing else wrt authentication in the logs so far.

sj213 commented 1 month ago

But there must have been a network problem of some sort, as my interactive psql(1) shells have reported a connection abort followed by reconnect. Does the problem still persist on your side?

kysrpex commented 1 month ago

@kysrpex I have a log entry reading

FATAL: password authentication failed for user "grafana"

immediately followed by

DETAIL: Connection matched pg_hba.conf line 39: "host  grafana  grafana  132.230.223.239/32"

Timestamp is today, 14:44

Nothing else wrt authentication in the logs so far.

That's sn06 (I entered the password wrong once). Connecting from stats (192.52.32.145) results in the error message I pasted above. A password prompt is never displayed.

sanjaysrikakulam commented 1 month ago

The stats VM is in the new cloud's public network. In the new cloud, the public network cannot communicate with the ones in the University's DMZ. We probably need to switch the stats to the public-extended network to get this working. In the old cloud, this was possible, but not anymore in the new cloud.

sj213 commented 1 month ago

@sanjaysrikakulam Spot on, now that you mention it I remember we've had the exact same problem with NFS before.

sanjaysrikakulam commented 1 month ago

Yup, I tried to ping sn05 from the stats VM and saw 100% packet loss. I immediately remembered something similar we had with the NFS.