| From: | Tatsuo Ishii <ishii(at)sraoss(dot)co(dot)jp> |
|---|---|
| To: | tgl(at)sss(dot)pgh(dot)pa(dot)us |
| Cc: | shavikas(at)gmail(dot)com, pgsql-general(at)lists(dot)postgresql(dot)org |
| Subject: | Re: pgpool-II 3.7.5 with ssl |
| Date: | 2019-12-11 00:11:12 |
| Message-ID: | 20191211.091112.475497349028463168.t-ishii@sraoss.co.jp |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
> Vikas Sharma <shavikas(at)gmail(dot)com> writes:
>> We use postgresql 9.6 and pgpool 3.7.5 and we are now asked to enable ssl
>> for 'in transit'. I have setup the ssl server side on the
>> postgresql dbs ( master and slave) and can see in pg_stat_ssl that the
>> master slave communication and connections from the application are showing
>> ssl = 't'
>
>> I have set the parameters in pgpool.conf as well but not sure if the pgpool
>> is working with ssl enabled. because when I try to connect
>> with psql using pgpool I get below:
>
>> [postgres(at)pgool-server ~]$ psql 'host=localhost port=5432 dbname=postgres
>> user=user1 sslmode=require'
>> psql: server does not support SSL, but SSL was required
>
> Hm, is pgpool maybe using Unix-socket connections to the database?
> I'm not sure why pgpool would be trying to pass SSL-ness of the
> connection through to the server in that case, though.
Pgpool-II handles connection between client and Pgpool-II, and between
Pgpool-II and PostgreSQL separately. i.e. it is possible to establish
SSL connection between client and Pgpool-II while the connection
between Pgpool-II and PostgreSQL is established without SSL depending
the configuration of Pgpool-II and PostgreSQL (for example, if
Pgpool-II is configured to connect to PostgreSQL using Unix-socket,
SSL will be disabled between Pgpool-II and PostgreSQL as you said).
I think the error suggests that there's something wrong with Pgpool-II
SSL configuration. For example, if the pass to ssl key is wrong, you
see something like below in the pgpool log while pgpool is starting
up:
2019-12-11 08:53:23: pid 8506: WARNING: could not access private key file "/usr/local/etc/server.keyk": No such file or directory
> Seems like
> something you should discuss with the pgpool people.
True. The issue is almost nothing to do with PostgreSQL. I recommend
to discuss in the pgpool mailing list:
https://www.pgpool.net/mailman/listinfo/pgpool-general
BTW, pgpool 3.7.5 is pretty old (released in 2018). The latest one in
3.7.x series is 3.7.12.
--
Tatsuo Ishii
SRA OSS, Inc. Japan
English: http://www.sraoss.co.jp/index_en.php
Japanese:http://www.sraoss.co.jp
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Thomas Munro | 2019-12-11 04:35:55 | Re: tcp keep alive don't work when the backend is busy |
| Previous Message | Ron | 2019-12-11 00:00:02 | Re: Fast, stable, portable hash function producing 4-byte or 8-byte values? |