Discussion:
psql connection issue
Stephen Davies
2014-10-08 03:51:51 UTC
Permalink
I am in the process of migrating a bunch of databases and associated CGI
scripts from 9.1.4 to 9.3 (and from 32-bit to 64-bit).

The database migration has been successful but I have an issue with psql
connections from CGI scripts.

I can connect to the 9.3 server locally with psql from the command line, with
psql from other boxes on the LAN via TCP, via JDBC from programs and servlets
but cannot connect locally via CGI.

If I run any of the CGI scripts from the command line they work but when
invoked by Apache, they fail with the usual question as to whether anything is
listening on socket /tmp/.s.PGSQL.5432.

Running netstat -an shows:
tcp 0 0 0.0.0.0:5432 0.0.0.0:* LISTEN
tcp6 0 0 :::5432 :::* LISTEN
unix 2 [ ACC ] STREAM LISTENING 29773945 /tmp/.s.PGSQL.5432
unix 3 [ ] STREAM CONNECTED 30139402 /tmp/.s.PGSQL.5432

which I believe confirms that the socket is there and is used by local command
line psql connections.

Why would CGI connections fail?

Cheers and thanks,
Stephen
--
=============================================================================
Stephen Davies Consulting P/L Phone: 08-8177 1595
Adelaide, South Australia. Mobile:040 304 0583
Records & Collections Management.
--
Sent via pgsql-general mailing list (pgsql-***@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-general
Tom Lane
2014-10-08 04:02:10 UTC
Permalink
Post by Stephen Davies
I am in the process of migrating a bunch of databases and associated CGI
scripts from 9.1.4 to 9.3 (and from 32-bit to 64-bit).
The database migration has been successful but I have an issue with psql
connections from CGI scripts.
I can connect to the 9.3 server locally with psql from the command line, with
psql from other boxes on the LAN via TCP, via JDBC from programs and servlets
but cannot connect locally via CGI.
If I run any of the CGI scripts from the command line they work but when
invoked by Apache, they fail with the usual question as to whether anything is
listening on socket /tmp/.s.PGSQL.5432.
Some Linux variants think it improves security to run daemons like apache
in a context where what the daemon sees as /tmp has been mapped somewhere
else.

If you're running one of these platforms, the Postgres server and libpq
distributed by the vendor will have been hacked to cope, typically by
agreeing that the socket location is something like /var/run/postgresql/
rather than /tmp. I'm guessing your 9.3 installation was self-built
and hasn't been configured that way.

regards, tom lane
--
Sent via pgsql-general mailing list (pgsql-***@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-general
Stephen Davies
2014-10-08 04:10:41 UTC
Permalink
The permissions on the socket are 777 owner/group postgres.

I installed the 9.3 onto the Centos 7 server using the repo at postgresql.org.

(http://yum.postgresql.org/9.3/redhat/rhel-$releasever-$basearch)

There is no /var/run/postgresql and find cannot find another socket anywhere else.

Cheers and thanks,
Stephen
Post by Tom Lane
Post by Stephen Davies
I am in the process of migrating a bunch of databases and associated CGI
scripts from 9.1.4 to 9.3 (and from 32-bit to 64-bit).
The database migration has been successful but I have an issue with psql
connections from CGI scripts.
I can connect to the 9.3 server locally with psql from the command line, with
psql from other boxes on the LAN via TCP, via JDBC from programs and servlets
but cannot connect locally via CGI.
If I run any of the CGI scripts from the command line they work but when
invoked by Apache, they fail with the usual question as to whether anything is
listening on socket /tmp/.s.PGSQL.5432.
Some Linux variants think it improves security to run daemons like apache
in a context where what the daemon sees as /tmp has been mapped somewhere
else.
If you're running one of these platforms, the Postgres server and libpq
distributed by the vendor will have been hacked to cope, typically by
agreeing that the socket location is something like /var/run/postgresql/
rather than /tmp. I'm guessing your 9.3 installation was self-built
and hasn't been configured that way.
regards, tom lane
--
=============================================================================
Stephen Davies Consulting P/L Phone: 08-8177 1595
Adelaide, South Australia. Mobile:040 304 0583
Records & Collections Management.
--
Sent via pgsql-general mailing list (pgsql-***@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-general
Adrian Klaver
2014-10-08 13:19:18 UTC
Permalink
Post by Stephen Davies
The permissions on the socket are 777 owner/group postgres.
I installed the 9.3 onto the Centos 7 server using the repo at
postgresql.org.
(http://yum.postgresql.org/9.3/redhat/rhel-$releasever-$basearch)
There is no /var/run/postgresql and find cannot find another socket anywhere else.
Sounds similar to this:

Long version:

http://serverfault.com/questions/609947/database-connection-to-postgresql-refused-for-flask-app-under-mod-wsgi-when-start

Short version:

Disable SELinux
Post by Stephen Davies
Cheers and thanks,
Stephen
Post by Tom Lane
Post by Stephen Davies
I am in the process of migrating a bunch of databases and associated CGI
scripts from 9.1.4 to 9.3 (and from 32-bit to 64-bit).
The database migration has been successful but I have an issue with psql
connections from CGI scripts.
I can connect to the 9.3 server locally with psql from the command line, with
psql from other boxes on the LAN via TCP, via JDBC from programs and servlets
but cannot connect locally via CGI.
If I run any of the CGI scripts from the command line they work but when
invoked by Apache, they fail with the usual question as to whether anything is
listening on socket /tmp/.s.PGSQL.5432.
Some Linux variants think it improves security to run daemons like apache
in a context where what the daemon sees as /tmp has been mapped somewhere
else.
If you're running one of these platforms, the Postgres server and libpq
distributed by the vendor will have been hacked to cope, typically by
agreeing that the socket location is something like /var/run/postgresql/
rather than /tmp. I'm guessing your 9.3 installation was self-built
and hasn't been configured that way.
regards, tom lane
--
Adrian Klaver
***@aklaver.com
--
Sent via pgsql-general mailing list (pgsql-***@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-general
Stephen Davies
2014-10-08 23:34:50 UTC
Permalink
This is not the same issue.
However, I had already disabled SELinux for other reasons.

The actual cause of my issue was the "new" private tmp facility in systemd
startup of httpd. This makes the PostgreSQL socket invisible to CGI scripts.

We have survived for many years without this before migrating to CentOS 7 so I
simply disabled this too and all came good.

Cheers and thanks,
Stephen
Post by Adrian Klaver
Post by Stephen Davies
The permissions on the socket are 777 owner/group postgres.
I installed the 9.3 onto the Centos 7 server using the repo at postgresql.org.
(http://yum.postgresql.org/9.3/redhat/rhel-$releasever-$basearch)
There is no /var/run/postgresql and find cannot find another socket anywhere else.
http://serverfault.com/questions/609947/database-connection-to-postgresql-refused-for-flask-app-under-mod-wsgi-when-start
Disable SELinux
Post by Stephen Davies
Cheers and thanks,
Stephen
Post by Tom Lane
Post by Stephen Davies
I am in the process of migrating a bunch of databases and associated CGI
scripts from 9.1.4 to 9.3 (and from 32-bit to 64-bit).
The database migration has been successful but I have an issue with psql
connections from CGI scripts.
I can connect to the 9.3 server locally with psql from the command line, with
psql from other boxes on the LAN via TCP, via JDBC from programs and servlets
but cannot connect locally via CGI.
If I run any of the CGI scripts from the command line they work but when
invoked by Apache, they fail with the usual question as to whether anything is
listening on socket /tmp/.s.PGSQL.5432.
Some Linux variants think it improves security to run daemons like apache
in a context where what the daemon sees as /tmp has been mapped somewhere
else.
If you're running one of these platforms, the Postgres server and libpq
distributed by the vendor will have been hacked to cope, typically by
agreeing that the socket location is something like /var/run/postgresql/
rather than /tmp. I'm guessing your 9.3 installation was self-built
and hasn't been configured that way.
regards, tom lane
--
=============================================================================
Stephen Davies Consulting P/L Phone: 08-8177 1595
Adelaide, South Australia. Mobile:040 304 0583
Records & Collections Management.
--
Sent via pgsql-general mailing list (pgsql-***@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-general
Jim Nasby
2014-10-10 20:31:38 UTC
Permalink
FWIW, you could also use an IP connection to Postgres instead of the local socket.
Post by Stephen Davies
This is not the same issue.
However, I had already disabled SELinux for other reasons.
The actual cause of my issue was the "new" private tmp facility in systemd startup of httpd. This makes the PostgreSQL socket invisible to CGI scripts.
We have survived for many years without this before migrating to CentOS 7 so I simply disabled this too and all came good.
Cheers and thanks,
Stephen
Post by Adrian Klaver
Post by Stephen Davies
The permissions on the socket are 777 owner/group postgres.
I installed the 9.3 onto the Centos 7 server using the repo at postgresql.org.
(http://yum.postgresql.org/9.3/redhat/rhel-$releasever-$basearch)
There is no /var/run/postgresql and find cannot find another socket anywhere else.
http://serverfault.com/questions/609947/database-connection-to-postgresql-refused-for-flask-app-under-mod-wsgi-when-start
Disable SELinux
Post by Stephen Davies
Cheers and thanks,
Stephen
Post by Tom Lane
Post by Stephen Davies
I am in the process of migrating a bunch of databases and associated CGI
scripts from 9.1.4 to 9.3 (and from 32-bit to 64-bit).
The database migration has been successful but I have an issue with psql
connections from CGI scripts.
I can connect to the 9.3 server locally with psql from the command line, with
psql from other boxes on the LAN via TCP, via JDBC from programs and servlets
but cannot connect locally via CGI.
If I run any of the CGI scripts from the command line they work but when
invoked by Apache, they fail with the usual question as to whether anything is
listening on socket /tmp/.s.PGSQL.5432.
Some Linux variants think it improves security to run daemons like apache
in a context where what the daemon sees as /tmp has been mapped somewhere
else.
If you're running one of these platforms, the Postgres server and libpq
distributed by the vendor will have been hacked to cope, typically by
agreeing that the socket location is something like /var/run/postgresql/
rather than /tmp. I'm guessing your 9.3 installation was self-built
and hasn't been configured that way.
regards, tom lane
--
Jim Nasby, Data Architect, Blue Treble Consulting
Data in Trouble? Get it in Treble! http://BlueTreble.com
--
Sent via pgsql-general mailing list (pgsql-***@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-general
Stephen Davies
2014-10-11 00:19:04 UTC
Permalink
Yes but that would have involved changing hundreds of CGI scripts. Dropping
the private tmp was easier.
Post by Jim Nasby
FWIW, you could also use an IP connection to Postgres instead of the local socket.
Post by Stephen Davies
This is not the same issue.
However, I had already disabled SELinux for other reasons.
The actual cause of my issue was the "new" private tmp facility in systemd
startup of httpd. This makes the PostgreSQL socket invisible to CGI scripts.
We have survived for many years without this before migrating to CentOS 7 so
I simply disabled this too and all came good.
Cheers and thanks,
Stephen
Post by Adrian Klaver
Post by Stephen Davies
The permissions on the socket are 777 owner/group postgres.
I installed the 9.3 onto the Centos 7 server using the repo at postgresql.org.
(http://yum.postgresql.org/9.3/redhat/rhel-$releasever-$basearch)
There is no /var/run/postgresql and find cannot find another socket anywhere else.
http://serverfault.com/questions/609947/database-connection-to-postgresql-refused-for-flask-app-under-mod-wsgi-when-start
Disable SELinux
Post by Stephen Davies
Cheers and thanks,
Stephen
Post by Tom Lane
Post by Stephen Davies
I am in the process of migrating a bunch of databases and associated CGI
scripts from 9.1.4 to 9.3 (and from 32-bit to 64-bit).
The database migration has been successful but I have an issue with psql
connections from CGI scripts.
I can connect to the 9.3 server locally with psql from the command line, with
psql from other boxes on the LAN via TCP, via JDBC from programs and servlets
but cannot connect locally via CGI.
If I run any of the CGI scripts from the command line they work but when
invoked by Apache, they fail with the usual question as to whether anything is
listening on socket /tmp/.s.PGSQL.5432.
Some Linux variants think it improves security to run daemons like apache
in a context where what the daemon sees as /tmp has been mapped somewhere
else.
If you're running one of these platforms, the Postgres server and libpq
distributed by the vendor will have been hacked to cope, typically by
agreeing that the socket location is something like /var/run/postgresql/
rather than /tmp. I'm guessing your 9.3 installation was self-built
and hasn't been configured that way.
regards, tom lane
--
=============================================================================
Stephen Davies Consulting P/L Phone: 08-8177 1595
Adelaide, South Australia. Mobile:040 304 0583
Records & Collections Management.
--
Sent via pgsql-general mailing list (pgsql-***@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-general
Ian Barwick
2014-10-08 04:05:16 UTC
Permalink
I am in the process of migrating a bunch of databases and associated CGI scripts from
9.1.4 to 9.3 (and from 32-bit to 64-bit).
The database migration has been successful but I have an issue with psql
connections from CGI scripts.
I can connect to the 9.3 server locally with psql from the command line,
with psql from other boxes on the LAN via TCP, via JDBC from programs and
servlets but cannot connect locally via CGI.
If I run any of the CGI scripts from the command line they work but when
invoked by Apache, they fail with the usual question as to whether anything is
listening on socket /tmp/.s.PGSQL.5432.
tcp 0 0 0.0.0.0:5432 0.0.0.0:* LISTEN
tcp6 0 0 :::5432 :::* LISTEN
unix 2 [ ACC ] STREAM LISTENING 29773945 /tmp/.s.PGSQL.5432
unix 3 [ ] STREAM CONNECTED 30139402 /tmp/.s.PGSQL.5432
which I believe confirms that the socket is there and is used by local command
line psql connections.
Why would CGI connections fail?
It's possible that whatever driver the CGI scripts use is expecting to find
the socket in another directory, e.g. /var/run/postgresql/.


Regards

Ian Barwick
--
Ian Barwick http://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Training & Services
--
Sent via pgsql-general mailing list (pgsql-***@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-general
Loading...