[Bucardo-general] Peer authentication error preventing herd creation
Nelson, Alexander J.
alexander.nelson at nist.gov
Mon Jul 20 20:22:40 UTC 2015
Hello all,
I am interested in trying Bucardo for a database-to-database publishing application. Full-on Postgres replication is not semantically appropriate in this application. However, I'm having a pervasive authentication issue with getting Bucardo running and doing anything interesting. It has been somewhat explored on this mailing list before, but I haven't been able to dig up a satisfactory resolution from the archives. If I can't resolve this issue, I'll have to abandon trying to use Bucardo.
Issue:
Bucardo suffers from 'peer' authentication failures, even when the pg_hba.conf authentication mode is 'trust'. Peer authentication ultimately prevents adding a replication herd, though that appears to be an accident requiring two separate bugs, if peer authentication is a bug.
I am seeing the same issue as Marc-Emmanuel Ramage, who did not receive a reply from his message:
<https://mail.endcrypt.com/pipermail/bucardo-general/2015-February/002534.html>
This thread has a resolution, using the 'trust' authentication method to get things set up and then moving on to something more secure:
<https://mail.endcrypt.com/pipermail/bucardo-general/2014-November/002464.html>
That advice worked for me, using this pg_hba.conf line (inserted in the appropriate place):
host bucardo bucardo 127.0.0.1/32 trust
Awkwardly, this is not working:
local bucardo bucardo peer
Shell transcript of trying to use Bucardo in 'peer' authentication mode:
+ sudo -u bucardo bucardo status
DBI connect('dbname=bucardo;host=localhost;port=5432','bucardo',...) failed: FATAL: password authentication failed for user "bucardo"
FATAL: password authentication failed for user "bucardo" at /usr/bin/bucardo line 267.
The .pgpass file exists, with what looks like the right permissions:
+ sudo ls -la ~bucardo/.pgpass
-rw------- 1 bucardo bucardo 68 Jul 20 14:19 /var/lib/bucardo/.pgpass
So, this appears to be a replication of the issue Greg Mullane noted:
<https://mail.endcrypt.com/pipermail/bucardo-general/2014-October/002426.html>
In lieu of coming onto IRC and trying to catch up, I've attached a setup shell script, 'fail-peer.sh', that reproduces the issue in a fresh, patched Ubuntu 14.04 VM. I've added comments explaining the lines.
Unfortunately, using 'trust' only gets me up to, not through, the point of being able to create a herd. I've attached another shell script, 'fail-herd.sh', that tries to bypass authentication issues by just using 'trust', but 'peer' authentication somehow comes up when trying to create a herd from the wiki instructions. If you run 'fail-herd.sh' in a fresh, patched Ubuntu 14.04 VM, you and I will be on the same page.
My Perl knowledge isn't great, so I'm stuck on investigating the issue further. (For one thing, I don't understand why the context function is "validate_goat" while the containing function appears to be "add_all_goats.") However, from the database statement in the error message, could it be that the Postgres server needs to be specified?
I can tell that people are doing useful work with Bucardo, and I'd like to be able to do the same. I hope someone can help with this issue, and I hope further that there is just some elementary Postgres error I'm making. Since I'm not the first person to be making this error, this may warrant a wiki update.
—Alex
-------------- next part --------------
A non-text attachment was scrubbed...
Name: fail-peer.sh
Type: application/octet-stream
Size: 2420 bytes
Desc: fail-peer.sh
URL: <https://mail.endcrypt.com/pipermail/bucardo-general/attachments/20150720/cc946bf8/attachment.obj>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: fail-herd.sh
Type: application/octet-stream
Size: 4462 bytes
Desc: fail-herd.sh
URL: <https://mail.endcrypt.com/pipermail/bucardo-general/attachments/20150720/cc946bf8/attachment-0001.obj>
More information about the Bucardo-general
mailing list