<div dir="ltr">Hi Tatsuo<div><br></div><div>At least it works.</div><div><br></div><div>I've changed backend_hostname0 to its IP address, then again I've attached manually the secondary server and I could connect to pgpool</div><div><br></div><div><span style="font-family:monospace"><b>[postgres@buda pgpool-II]$ pcp_attach_node -p 9898 -h 192.168.1.160 -n 1 -U maufer -W</b></span></div><div><font face="monospace">Password: <br>pcp_attach_node -- Command Successful<br>[postgres@buda pgpool-II]$ <br><b>[postgres@buda pgpool-II]$ psql -p 9999<br></b>Contraseña para usuario postgres: <br>psql (17.2)<br>Digite «help» para obtener ayuda.<br><br>postgres=# </font></div><div><br></div><div>This is the first part, I pretend to test pgpool as a load balancer and connection pooler, after that I would try fail / switch over</div><div><br></div><div>Thank you very much for the support</div><div><br></div><div>Kind regards</div><div><br></div><div>Mauricio</div></div><br><div class="gmail_quote gmail_quote_container"><div dir="ltr" class="gmail_attr">El jue, 13 feb 2025 a las 20:10, Tatsuo Ishii (<<a href="mailto:ishii@postgresql.org">ishii@postgresql.org</a>>) escribió:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">Hi Mauricio,<br>
<br>
> Hi Tatsuo<br>
> <br>
> I'm thinking I'm really near to success. I've decided to use pool_password<br>
> and it works, because pgpool watches the two nodes and I guess<br>
> health checking is working because there is nothing in the log about it.<br>
> <br>
> The configurations files look like this:<br>
> *[postgres@buda pgpool-II]$ vi pgpool.conf*<br>
> #------------------------------------------------------------------------------<br>
> # STREAMING REPLICATION MODE<br>
> #------------------------------------------------------------------------------<br>
> # - Streaming -<br>
> sr_check_period = 10<br>
> sr_check_user = 'postgres'<br>
> sr_check_password = ''<br>
> sr_check_database = 'postgres'<br>
> <br>
> # - Authentication -<br>
> enable_pool_hba = on<br>
> pool_passwd = 'pool_passwd'<br>
> <br>
> #------------------------------------------------------------------------------<br>
> # HEALTH CHECK GLOBAL PARAMETERS<br>
> #------------------------------------------------------------------------------<br>
> health_check_period = 10<br>
> health_check_timeout = 20<br>
> health_check_user = 'postgres'<br>
> health_check_password = ''<br>
> health_check_database = 'postgres'<br>
> <br>
> <br>
> *[postgres@buda pgpool-II]$ cat pool_hba.conf*# "local" is for Unix domain<br>
> socket connections only<br>
> local all all scram-sha-256<br>
> # IPv4 local connections:<br>
> host all all <a href="http://127.0.0.1/32" rel="noreferrer" target="_blank">127.0.0.1/32</a> trust<br>
> host all all ::1/128 trust<br>
> host all all <a href="http://192.168.1.0/24" rel="noreferrer" target="_blank">192.168.1.0/24</a> scram-sha-256<br>
> <br>
> *[postgres@buda pgpool-II]$ cat pool_passwd *<br>
> replicador:AESKXF6Ksr76jXd82/nyf7HPw==<br>
> postgres:AESSW1V5WTuP1xf1xFenoLDhA==<br>
> <br>
> The pool_passwd content was generated executing: pg_enc -m -f<br>
> /etc/pgpool-II/pgpool.conf -k /var/lib/pgsql/.pgpoolkey -i<br>
> /etc/pgpool-II/usr.txt and I have defined environment<br>
> variable PGPOOLKEYFILE=/var/lib/pgsql/.pgpoolkey<br>
> <br>
> Postgres primary and secondary servers are working with scram-sha-256 auth<br>
> method.<br>
> <br>
> Know, when I'm trying to connect to pgpool at least ask for password (pcp<br>
> user postgres and postgres database user have the same password)..<br>
> <br>
> *[postgres@buda ~]$ psql -p 9999*<br>
> Contraseña para usuario *postgres*:<br>
> psql: error: falló la conexión al servidor en el socket<br>
> «/run/postgresql/.s.PGSQL.9999»: ERROR: invalid authentication packet from<br>
> backend<br>
> DETALLE: failed to get the authentication packet length<br>
> SUGERENCIA: This is likely caused by the inconsistency of auth method<br>
> among DB nodes.<br>
> Please check the previous error messages (hint: length field) from<br>
> pool_read_message_length and recheck the pg_hba.conf settings.<br>
> <br>
> I presume *postgres *is the user declared in pcp.conf wich password is md5<br>
<br>
The password in pcp.conf is only used for using pcp commands. They are<br>
irrelevant to PostgreSQL authentication.<br>
<br>
> *[postgres@buda pgpool-II]$ cat pcp.conf*<br>
> # USERID:MD5PASSWD<br>
> postgres:ad9dfc895ce42200ba6e1127aacc7873<br>
> <br>
> I don't know who is rejecting the authentication, pgpool or postgresql.<br>
<br>
>From the log it must be postgresql.<br>
<br>
> Both primary and secondary have the same pg_hba.conf<br>
> local all all<br>
> scram-sha-256<br>
> host all all <a href="http://192.168.1.0/24" rel="noreferrer" target="_blank">192.168.1.0/24</a><br>
> scram-sha-256<br>
> # replication privilege.<br>
> local replication all trust<br>
> host replication all <a href="http://127.0.0.1/32" rel="noreferrer" target="_blank">127.0.0.1/32</a> trust<br>
> host replication all ::1/128 trust<br>
> host replication replicador <a href="http://192.168.1.0/24" rel="noreferrer" target="_blank">192.168.1.0/24</a> scram-sha-256<br>
<br>
> BTW you seem to set backend_hostname0 = 'localhost', which is not<br>
> recommended. You'd better to set backend_hostname0 = '192.169.0.160'<br>
> instead.<br>
<br>
Do you still set backend_hostname0 = 'localhost'? Then it could be the<br>
cause of the problem. When backend0 receives the connection request<br>
from pgpool, the client IP is 'localhost' from PostgreSQL's point of<br>
view. So PostgreSQL looks into pg_hba.conf and fails to find matching<br>
entry for IP = 127.0.0.1, database = postgres, user = postgres.<br>
<br>
For standby, there's a matching entry in pg_hba.conf:<br>
<br>
> host all all <a href="http://192.168.1.0/24" rel="noreferrer" target="_blank">192.168.1.0/24</a><br>
<br>
Best reagards,<br>
--<br>
Tatsuo Ishii<br>
SRA OSS K.K.<br>
English: <a href="http://www.sraoss.co.jp/index_en/" rel="noreferrer" target="_blank">http://www.sraoss.co.jp/index_en/</a><br>
Japanese:<a href="http://www.sraoss.co.jp" rel="noreferrer" target="_blank">http://www.sraoss.co.jp</a><br>
</blockquote></div>