带密码的 pg_autofailover 设置

编程问答 2022-05-15

问题描述

我已经在一个主节点和一个辅助节点上创建了带有 pg_auto 故障转移的 postgres。 我关注了这个链接https://www.citusdata.com/blog/2019/05/30/introducing-pg-auto-failover/ 我在监视器和 postgres 节点上测试了没有 --auth 标记的故障转移和复制。它在没有任何授权的情况下工作正常。 下面是命令

    export PATH="$PATH:/usr/pgsql-11/bin"
    pg_autoctl create monitor --nodename 10.247.74.66 --pgport 6000
    export PGDATA=/var/lib/pgsql/node_a
    pg_autoctl create postgres --nodename 10.247.74.66 --pgport 6001 --dbname test --monitor postgres://[email protected]:6000/pg_auto_failover
    pg_autoctl run

第二个节点

export PATH="$PATH:/usr/pgsql-11/bin"
export PGDATA=/var/lib/pgsql/node_b
pg_autoctl create postgres --nodename 10.247.74.67 --pgport 6002 --dbname test --monitor postgres://[email protected]:6000/pg_auto_failover
pg_autoctl run

pg_autoctl show state


        Name |   Port | Group |  Node |     Current State |    Assigned State
-------------+--------+-------+-------+-------------------+------------------
10.247.74.66 |   6001 |     0 |     1 |           primary |           primary
10.247.74.67 |   6002 |     0 |     2 |         secondary |         secondary

我将监控节点上的授权添加为 --auth md5 并在此链接后更改了 pg_auto_failover 数据库的 autoctl_node 的密码 https://pg-auto-failover.readthedocs.io/en/latest/security.html 监控节点也可以正常工作。但是当我在主 node_a 和 node_b 中添加 --auth md5 时,节点陷入等待和追赶中。

    export PGDATA=/var/lib/pgsql/monitor
    pg_autoctl create monitor --auth md5 --nodename 10.247.74.66 --pgport 6000
    export PGDATA=/var/lib/pgsql/node_a
    pg_autoctl create postgres --auth md5 --nodename 10.247.74.66 --pgport 6001 --dbname test --monitor postgres://autoctl_node:[email protected]:6000/pg_auto_failover
    pg_autoctl config set replication.password ZUp3aEAy123BEmTb44A
    pg_autoctl run

    export PGPASSWORD=ZUp3aEAy123BEmTb44A
    export PGDATA=/var/lib/pgsql/node_b
    pg_autoctl create postgres --auth md5 --nodename 10.247.74.67 --pgport 6002 --dbname test --monitor postgres://autoctl_node:[email protected]:6000/pg_auto_failover
    pg_autoctl config set replication.password ZUp3aEAy123BEmTb44A
    pg_autoctl run

        Name |   Port | Group |  Node |     Current State |    Assigned State
-------------+--------+-------+-------+-------------------+------------------
10.247.74.66 |   6001 |     0 |     1 |      wait_primary |      wait_primary
10.247.74.67 |   6002 |     0 |     2 |        catchingup |        catchingup

主节点_a的日志

2021-04-02 19:06:32.028 IST [19588] LOG:  connection received: host=10.247.74.66 port=52598
2021-04-02 19:06:32.031 IST [19588] FATAL:  password authentication Failed for user "pgautofailover_monitor"
2021-04-02 19:06:32.031 IST [19588] DETAIL:  User "pgautofailover_monitor" has no password assigned.
        Connection matched pg_hba.conf line 95: "host all "pgautofailover_monitor" 10.247.74.66/32 md5 # Auto-generated by pg_auto_failover"
2021-04-02 19:06:34.034 IST [19609] LOG:  connection received: host=10.247.74.66 port=52618
2021-04-02 19:06:34.036 IST [19609] FATAL:  password authentication Failed for user "pgautofailover_monitor"
2021-04-02 19:06:34.036 IST [19609] DETAIL:  User "pgautofailover_monitor" has no password assigned.
        Connection matched pg_hba.conf line 95: "host all "pgautofailover_monitor" 10.247.74.66/32 md5 # Auto-generated by pg_auto_failover"
2021-04-02 19:06:36.041 IST [19626] LOG:  connection received: host=10.247.74.66 port=52628
2021-04-02 19:06:36.043 IST [19626] FATAL:  password authentication Failed for user "pgautofailover_monitor"
2021-04-02 19:06:36.043 IST [19626] DETAIL:  User "pgautofailover_monitor" has no password assigned.
        Connection matched pg_hba.conf line 95: "host all "pgautofailover_monitor" 10.247.74.66/32 md5 # Auto-generated by pg_auto_failover"

Secondary node_b 的日志

2021-04-02 19:08:32.099 IST [8755] LOG:  connection received: host=10.247.74.66 port=41682
2021-04-02 19:08:32.101 IST [8755] FATAL:  password authentication Failed for user "pgautofailover_monitor"
2021-04-02 19:08:32.101 IST [8755] DETAIL:  User "pgautofailover_monitor" has no password assigned.
        Connection matched pg_hba.conf line 95: "host all "pgautofailover_monitor" 10.247.74.66/32 md5 # Auto-generated by pg_auto_failover"
2021-04-02 19:08:34.105 IST [8758] LOG:  connection received: host=10.247.74.66 port=41732
2021-04-02 19:08:34.107 IST [8758] FATAL:  password authentication Failed for user "pgautofailover_monitor"
2021-04-02 19:08:34.107 IST [8758] DETAIL:  User "pgautofailover_monitor" has no password assigned.
        Connection matched pg_hba.conf line 95: "host all "pgautofailover_monitor" 10.247.74.66/32 md5 # Auto-generated by pg_auto_failover"
2021-04-02 19:08:36.111 IST [8760] LOG:  connection received: host=10.247.74.66 port=41762
2021-04-02 19:08:36.115 IST [8760] FATAL:  password authentication Failed for user "pgautofailover_monitor"
2021-04-02 19:08:36.115 IST [8760] DETAIL:  User "pgautofailover_monitor" has no password assigned.
        Connection matched pg_hba.conf line 95: "host all "pgautofailover_monitor" 10.247.74.66/32 md5 # Auto-generated by pg_auto_failover"

解决方法

(已通过 slack 频道回复,但让我复制并粘贴我的答案)

pg_autoctl 只更改用于连接 postgres 的密码。 这意味着,您需要确保在 postgres 端配置了 HBA 文件和密码设置。 (github https://github.com/citusdata/pg_auto_failover/issues/382 上的相关问题)