Thread: Postgres 13 streaming replication standby not sending password, 'fe_sendauth: no password supplied'
Postgres 13 streaming replication standby not sending password, 'fe_sendauth: no password supplied'
From
"Keaney, Will"
Date:
Hello, I'm building a new 2-node Postgreql 13 streaming replication cluster. I'm able to clone the primary to the standby usingpg_basebackup. However, the standby is unable to authenticate to the primary to begin recovery during startup. It logs an error, "FATAL: could not connect to the primary server: fe_sendauth: no password supplied". I've tried using both .pgpass and passing the password explicitly in the myrecovery.conf primary_conninfo string. Debug logson the primary show the initial connection. but no user provided and no authentication attempt. pg_hba.conf on the primary: host all,replication repl primary-database-server scram-sha-256 host all,replication repl standby-database-server scram-sha-256 myrecovery.conf on the standby: primary_conninfo = 'host=primary-database-server port=5432 user=repl application_name=standby-server-name' recovery_target_timeline = 'latest' primary_slot_name = 'standby_replication_slot' .pgpass on the standby: # hostname:port:database:username:password *:*:replication:repl:repl_user_password I've triple-checked that the password in .pgpass matches the password set for the repl user in the database, and the repluser has REPLICATION access. I'm able to connect to the primary server using the repl user and the psql client, both via .pgpass and providing the passworddirectly. I can't figure out why the standby postgres server is skipping the provided credentials when connecting to the primary. Thank you for your time, Will Keaney ________________________________ This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain informationthat is confidential and protected by law from unauthorized disclosure. Any unauthorized review, use, disclosureor distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mailand destroy all copies of the original message.
Re: Postgres 13 streaming replication standby not sending password, 'fe_sendauth: no password supplied'
From
Ron Johnson
Date:
On Wed, Jan 10, 2024 at 5:51 PM Keaney, Will <will.keaney@kroger.com> wrote:
Hello,
I'm building a new 2-node Postgreql 13 streaming replication cluster. I'm able to clone the primary to the standby using pg_basebackup.
However, the standby is unable to authenticate to the primary to begin recovery during startup. It logs an error, "FATAL: could not connect to the primary server: fe_sendauth: no password supplied".
I've tried using both .pgpass and passing the password explicitly in the myrecovery.conf primary_conninfo string. Debug logs on the primary show the initial connection. but no user provided and no authentication attempt.
pg_hba.conf on the primary:
host all,replication repl primary-database-server scram-sha-256
host all,replication repl standby-database-server scram-sha-256
myrecovery.conf on the standby:
primary_conninfo = 'host=primary-database-server port=5432 user=repl application_name=standby-server-name'
recovery_target_timeline = 'latest'
primary_slot_name = 'standby_replication_slot'
.pgpass on the standby:
# hostname:port:database:username:password
*:*:replication:repl:repl_user_password
I've triple-checked that the password in .pgpass matches the password set for the repl user in the database, and the repl user has REPLICATION access.
I'm able to connect to the primary server using the repl user and the psql client, both via .pgpass and providing the password directly.
I can't figure out why the standby postgres server is skipping the provided credentials when connecting to the primary.
Let pg_basebackup do all the work for you:
$ cat ~postgres/.pg_service.conf
[basebackup]
host=<primary-server>
port=5432
user=replicator
passfile=/var/lib/pgsql/.pgpass
host=<primary-server>
port=5432
user=replicator
passfile=/var/lib/pgsql/.pgpass
$ pg_basebackup \
--pgdata=$PGDATA \
--dbname=service=basebackup \
--verbose --progress \
--checkpoint=fast \
--write-recovery-conf \
--wal-method=stream \
--create-slot --slot=pgstandby1
--pgdata=$PGDATA \
--dbname=service=basebackup \
--verbose --progress \
--checkpoint=fast \
--write-recovery-conf \
--wal-method=stream \
--create-slot --slot=pgstandby1
Re: Postgres 13 streaming replication standby not sending password, 'fe_sendauth: no password supplied'
From
Laurenz Albe
Date:
On Wed, 2024-01-10 at 22:51 +0000, Keaney, Will wrote: > However, the standby is unable to authenticate to the primary to begin recovery during startup. > It logs an error, "FATAL: could not connect to the primary server: fe_sendauth: no password supplied". > > pg_hba.conf on the primary: > host all,replication repl primary-database-server scram-sha-256 > host all,replication repl standby-database-server scram-sha-256 > > myrecovery.conf on the standby: > primary_conninfo = 'host=primary-database-server port=5432 user=repl application_name=standby-server-name' > recovery_target_timeline = 'latest' > primary_slot_name = 'standby_replication_slot' > > .pgpass on the standby: > # hostname:port:database:username:password > *:*:replication:repl:repl_user_password make sure that .pgpass is in the home directory of the PostgreSQL user and has restrictive permissions (0600). Try using it with a manual connection attempt via "psql". Yours, Laurenz Albe
RE: Postgres 13 streaming replication standby not sending password, 'fe_sendauth: no password supplied'
From
"Keaney, Will"
Date:
On Wed, Jan 10, 2024 at 23:22 Ron Johnson <ronljohnsonjr(at)gmail(dot)com> wrote: >> On Wed, Jan 10, 2024 at 5:51 PM Keaney, Will <will(dot)keaney(at)kroger(dot)com> wrote: >> Hello, >> >> I'm building a new 2-node Postgreql 13 streaming replication cluster. I'm able to clone the primary to the standby usingpg_basebackup. >> However, the standby is unable to authenticate to the primary to begin recovery during startup. It logs an error, "FATAL: could not connect to the primary server: fe_sendauth: no password supplied". >> >> I've tried using both .pgpass and passing the password explicitly in the myrecovery.conf primary_conninfo string. Debuglogs on the primary show the initial connection. but no user provided and no authentication attempt. >> >> pg_hba.conf on the primary: >> host all,replication repl primary-database-server scram-sha-256 >> host all,replication repl standby-database-server scram-sha-256 >> >> myrecovery.conf on the standby: >> primary_conninfo = 'host=primary-database-server port=5432 user=repl application_name=standby-server-name' >> recovery_target_timeline = 'latest' >> primary_slot_name = 'standby_replication_slot' >> >> .pgpass on the standby: >> # hostname:port:database:username:password >> *:*:replication:repl:repl_user_password >> >> I've triple-checked that the password in .pgpass matches the password set for the repl user in the database, and the repluser has REPLICATION access. >> I'm able to connect to the primary server using the repl user and the psql client, both via .pgpass and providing thepassword directly. >> I can't figure out why the standby postgres server is skipping the provided credentials when connecting to the primary. >> > Let pg_basebackup do all the work for you: > > $ cat ~postgres/.pg_service.conf > [basebackup] > host=<primary-server> > port=5432 > user=replicator > passfile=/var/lib/pgsql/.pgpass > > $ pg_basebackup \ > --pgdata=$PGDATA \ > --dbname=service=basebackup \ > --verbose --progress \ > --checkpoint=fast \ > --write-recovery-conf \ > --wal-method=stream \ > --create-slot --slot=pgstandby1 Thank you! That's both extremely useful and helped me identify the source of my problem. A previous experiment with repmgr had left a stale primary_conninfo string in postgresql.auto.conf, which was somehow interferingwith my other recovery settings. After cleaning that up, my standby can connect to my primary without issue. Best, Will ________________________________ This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain informationthat is confidential and protected by law from unauthorized disclosure. Any unauthorized review, use, disclosureor distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mailand destroy all copies of the original message.