[Pkg-nagios-devel] Bug#678221: icinga-web: database setup fails: tries to connect via TCP though socket was selected
Christoph Anton Mitterer
calestyo at scientia.net
Wed Jun 20 23:38:26 UTC 2012
tags 678221 - moreinfo
thanks
Hi Markus.
Attached is the desired information.
I guess the following happens:
1) unix/socket fails because some parts of the DB are
initialised/upgraded as a non-postgres user, for which the
default-allow-all rule would be in place.
My rules:
local icinga icinga peer map=icinga
local icinga_web icinga_web peer map=icinga_web
don't apply, as there is no matching user (I guess dbconfig, runs as
root).
So a "workaround" might be, if I simply add root as a mapping user to
icinga_web in my pg_ident.conf.
But given that there may be arbitrary DB access configs out there, I'd
rather suggest to evaluate, whether it's possible to upgrade solely by
using the postgres user.
That one is everywhere expected to be there and have global access
rights to the postgres cluster.
And if a user misconfigured the cluster, not to allow the postgres user,
it's really his own fault.
2) Once unix/socket has failed, tcp is probably tried as fallback.
I'm not sure whether this is a general dbconfig-common procedure or
whether you just use it like that.
But I think it's a bad idea to blindly do this, and could even be a
security issue.
So if that's a dbconfig-common thing, I'd open a bug there, wishing to
only try the specified method.
On Wed, 2012-06-20 at 15:15 +0200, Markus Frosch wrote:
> Could you please do the following:
> * update this bug with reportbug to include paket dep version info and
> debconf values
-- System Information:
Debian Release: 6.0.5
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable'), (1, 'testing')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.32-5-amd64 (SMP w/1 CPU core)
Locale: LANG=en_DE.UTF-8, LC_CTYPE=en_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages icinga-web depends on:
ii dbconfig-common 1.8.46+squeeze.0 common framework for packaging dat
ii debconf [debconf-2.0] 1.5.36.1 Debian configuration management sy
ii icinga-core 1.7.0-4 host and network monitoring system
ii icinga-idoutils 1.7.0-4 host and network monitoring system
ii php5 5.4.4~rc2-1 server-side, HTML-embedded scripti
ii php5-cli 5.4.4~rc2-1 command-line interpreter for the p
ii php5-gd 5.4.4~rc2-1 GD module for php5
ii php5-pgsql 5.4.4~rc2-1 PostgreSQL module for php5
ii php5-xsl 5.4.4~rc2-1 XSL module for php5
ii ucf 3.0025+nmu1 Update Configuration File: preserv
Versions of packages icinga-web recommends:
ii apache2 2.2.16-6+squeeze7 Apache HTTP Server metapackage
ii apache2-mpm-worker [ht 2.2.16-6+squeeze7 Apache HTTP Server - high speed th
ii postgresql-client 9.1+130 front-end programs for PostgreSQL
ii postgresql-client-9.1 9.1.4-1 front-end programs for PostgreSQL
icinga-web suggests no packages.
-- debconf information:
* icinga-web/rootpassword-repeat: (password omitted)
icinga-web/app-password-confirm: (password omitted)
icinga-web/mysql/app-pass: (password omitted)
icinga-web/password-confirm: (password omitted)
* icinga-web/rootpassword: (password omitted)
icinga-web/pgsql/admin-pass: (password omitted)
icinga-web/pgsql/app-pass: (password omitted)
icinga-web/mysql/admin-pass: (password omitted)
icinga-web/install-error: abort
icinga-web/missing-db-package-error: abort
icinga-web/upgrade-error: abort
* icinga-web/db/dbname: icinga_web
icinga-web/dbconfig-reinstall: false
* icinga-web/pgsql/method: unix socket
icinga-web/remote/port:
icinga-web/mysql/method: unix socket
icinga-web/mysql/admin-user: root
icinga-web/pgsql/manualconf:
* icinga-web/httpd:
icinga-web/internal/reconfiguring: false
* icinga-web/pgsql/admin-user: postgres
* icinga-web/database-type: pgsql
icinga-web/remote/host:
icinga-web/pgsql/changeconf: false
icinga-web/dbconfig-upgrade: true
icinga-web/db/basepath:
icinga-web/remote/newhost:
icinga-web/upgrade-backup: true
icinga-web/remove-error: abort
icinga-web/internal/skip-preseed: false
icinga-web/purge: false
* icinga-web/pgsql/authmethod-user: ident
* icinga-web/db/app-user: icinga_web
icinga-web/pgsql/no-empty-passwords:
icinga-web/rootpassword-mismatch:
icinga-web/dbconfig-remove:
* icinga-web/dbconfig-install: true
* icinga-web/pgsql/authmethod-admin: ident
icinga-web/passwords-do-not-match:
> * include your pg_hba.conf
local icinga icinga trust
#host icinga icinga 127.0.0.1/8 trust
#host icinga icinga ::1/128 trust
#local icinga_web icinga_web trust
#host icinga_web icinga_web 127.0.0.1/8 trust
#host icinga_web icinga_web ::1/128 trust
local icinga icinga peer map=icinga
local icinga_web icinga_web peer map=icinga_web
local all postgres peer
Upgrading/installing either icinga-idoutils or icinga-web, works only,
if I uncomment the respective three lines (and listen_addresses below).
> and postgresql.conf
data_directory = '/var/lib/postgresql/9.1/main'
hba_file = '/etc/postgresql/9.1/main/pg_hba.conf'
ident_file = '/etc/postgresql/9.1/main/pg_ident.conf'
external_pid_file = '/var/run/postgresql/9.1-main.pid'
unix_socket_directory = '/var/run/postgresql'
ssl = on
ssl_ciphers = '!FZA:!ADH:!eNULL:!aNULL:!SEED:!IDEA:!RC2:!RC4:!DES:!
3DES:!MD5:HIGH:+DSS:+DH'
log_rotation_age = 0
log_rotation_size = 0
log_connections = on
log_disconnections = on
log_line_prefix = '%t '
DateStyle = 'ISO, YMD'
IntervalStyle = iso_8601
#listen_addresses = 'localhost,localhost.localhost'
> * test this command and include the output if it failed:
> su -c "psql -h /var/run/postgresql postgres postgres" - postgres
> # su -c "psql -h /var/run/postgresql postgres postgres" - postgres
Simply connects to the server...
psql (9.1.4)
Type "help" for help.
postgres=#
Cheers,
Chris.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5677 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-nagios-devel/attachments/20120621/cf825983/attachment.bin>
More information about the Pkg-nagios-devel
mailing list