From: | Aleksey Tsalolikhin <atsaloli(dot)tech(at)gmail(dot)com> |
---|---|
To: | pgsql-general(at)postgresql(dot)org |
Subject: | SELinux problem rsync'ing WAL logs |
Date: | 2009-04-01 01:18:47 |
Message-ID: | d17c5b140903311818j33849c7ci7a60ecf8fbe721ef@mail.gmail.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-general |
Ok, this is not strictly a PostgreSQL issue,
but I am trying to enable WAL log shipping on our PostgreSQL 8.1.10
(upgrade to 8.3.7 is in the works).
My archive_command is 'rsync %p postgres(at)node2:/file/to/$f </dev/null'
This works fine only if and only if SE Linux is disabled on node 1
(the source node).
I am running Fedora Core 6 on node 1. (Upgrade to CentOS 5.2 is in the works.)
I used audit2allow on the SELinux messages, and generated an SE Linux
module to allow
Postgres to rsync the files out...
allow postgresql_t ssh_exec_t:file { read execute execute_no_trans };
allow postgresql_t ssh_port_t:tcp_socket name_connect;
allow postgresql_t user_home_t:dir { search getattr };
allow postgresql_t user_home_t:file { read getattr };
But this still does now work. (Works fine if I disable SELinux, by the way.)
The error I get is:
LOG: archive command "/usr/local/bin/rsync -e /usr/bin/ssh
pg_xlog/000000010000001D00000015
postgres(at)node2:WAL/000000010000001D00000015 </dev/null" failed: return
code 65280
Could not create directory '/home/postgres/.ssh'.
Host key verification failed.
rsync: connection unexpectedly closed (0 bytes received so far) [sender]
rsync error: unexplained error (code 255) at io.c(632) [sender=3.0.4]
If anybody has any clue as to whats going on here, I would sure
appreciate your help.
"ssh node2" works fine from node1, I log in using key-based authentication
What stumps me is there are no further complaints from SELinux, but
clearly SELinux is blocking the connection.
I think I'll ask on the SELinux list as well. But if anybody here
has a clue, please give me a shout.
Best,
-at
--
Aleksey Tsalolikhin
UNIX System Administrator
"I get stuff done!"
http://www.verticalsysadmin.com/
LinkedIn - http://www.linkedin.com/in/atsaloli
From | Date | Subject | |
---|---|---|---|
Next Message | David Wilson | 2009-04-01 01:35:38 | Re: SELinux problem rsync'ing WAL logs |
Previous Message | Scott Marlowe | 2009-04-01 00:30:45 | Re: High consumns memory |