tags 678221 - moreinfo thanks Hi Markus.
Attached is the desired information. I guess the following happens: 1) unix/socket fails because some parts of the DB are initialised/upgraded as a non-postgres user, for which the default-allow-all rule would be in place. My rules: local icinga icinga peer map=icinga local icinga_web icinga_web peer map=icinga_web don't apply, as there is no matching user (I guess dbconfig, runs as root). So a "workaround" might be, if I simply add root as a mapping user to icinga_web in my pg_ident.conf. But given that there may be arbitrary DB access configs out there, I'd rather suggest to evaluate, whether it's possible to upgrade solely by using the postgres user. That one is everywhere expected to be there and have global access rights to the postgres cluster. And if a user misconfigured the cluster, not to allow the postgres user, it's really his own fault. 2) Once unix/socket has failed, tcp is probably tried as fallback. I'm not sure whether this is a general dbconfig-common procedure or whether you just use it like that. But I think it's a bad idea to blindly do this, and could even be a security issue. So if that's a dbconfig-common thing, I'd open a bug there, wishing to only try the specified method. On Wed, 2012-06-20 at 15:15 +0200, Markus Frosch wrote: > Could you please do the following: > * update this bug with reportbug to include paket dep version info and > debconf values -- System Information: Debian Release: 6.0.5 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable'), (1, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 2.6.32-5-amd64 (SMP w/1 CPU core) Locale: LANG=en_DE.UTF-8, LC_CTYPE=en_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages icinga-web depends on: ii dbconfig-common 1.8.46+squeeze.0 common framework for packaging dat ii debconf [debconf-2.0] 1.5.36.1 Debian configuration management sy ii icinga-core 1.7.0-4 host and network monitoring system ii icinga-idoutils 1.7.0-4 host and network monitoring system ii php5 5.4.4~rc2-1 server-side, HTML-embedded scripti ii php5-cli 5.4.4~rc2-1 command-line interpreter for the p ii php5-gd 5.4.4~rc2-1 GD module for php5 ii php5-pgsql 5.4.4~rc2-1 PostgreSQL module for php5 ii php5-xsl 5.4.4~rc2-1 XSL module for php5 ii ucf 3.0025+nmu1 Update Configuration File: preserv Versions of packages icinga-web recommends: ii apache2 2.2.16-6+squeeze7 Apache HTTP Server metapackage ii apache2-mpm-worker [ht 2.2.16-6+squeeze7 Apache HTTP Server - high speed th ii postgresql-client 9.1+130 front-end programs for PostgreSQL ii postgresql-client-9.1 9.1.4-1 front-end programs for PostgreSQL icinga-web suggests no packages. -- debconf information: * icinga-web/rootpassword-repeat: (password omitted) icinga-web/app-password-confirm: (password omitted) icinga-web/mysql/app-pass: (password omitted) icinga-web/password-confirm: (password omitted) * icinga-web/rootpassword: (password omitted) icinga-web/pgsql/admin-pass: (password omitted) icinga-web/pgsql/app-pass: (password omitted) icinga-web/mysql/admin-pass: (password omitted) icinga-web/install-error: abort icinga-web/missing-db-package-error: abort icinga-web/upgrade-error: abort * icinga-web/db/dbname: icinga_web icinga-web/dbconfig-reinstall: false * icinga-web/pgsql/method: unix socket icinga-web/remote/port: icinga-web/mysql/method: unix socket icinga-web/mysql/admin-user: root icinga-web/pgsql/manualconf: * icinga-web/httpd: icinga-web/internal/reconfiguring: false * icinga-web/pgsql/admin-user: postgres * icinga-web/database-type: pgsql icinga-web/remote/host: icinga-web/pgsql/changeconf: false icinga-web/dbconfig-upgrade: true icinga-web/db/basepath: icinga-web/remote/newhost: icinga-web/upgrade-backup: true icinga-web/remove-error: abort icinga-web/internal/skip-preseed: false icinga-web/purge: false * icinga-web/pgsql/authmethod-user: ident * icinga-web/db/app-user: icinga_web icinga-web/pgsql/no-empty-passwords: icinga-web/rootpassword-mismatch: icinga-web/dbconfig-remove: * icinga-web/dbconfig-install: true * icinga-web/pgsql/authmethod-admin: ident icinga-web/passwords-do-not-match: > * include your pg_hba.conf local icinga icinga trust #host icinga icinga 127.0.0.1/8 trust #host icinga icinga ::1/128 trust #local icinga_web icinga_web trust #host icinga_web icinga_web 127.0.0.1/8 trust #host icinga_web icinga_web ::1/128 trust local icinga icinga peer map=icinga local icinga_web icinga_web peer map=icinga_web local all postgres peer Upgrading/installing either icinga-idoutils or icinga-web, works only, if I uncomment the respective three lines (and listen_addresses below). > and postgresql.conf data_directory = '/var/lib/postgresql/9.1/main' hba_file = '/etc/postgresql/9.1/main/pg_hba.conf' ident_file = '/etc/postgresql/9.1/main/pg_ident.conf' external_pid_file = '/var/run/postgresql/9.1-main.pid' unix_socket_directory = '/var/run/postgresql' ssl = on ssl_ciphers = '!FZA:!ADH:!eNULL:!aNULL:!SEED:!IDEA:!RC2:!RC4:!DES:! 3DES:!MD5:HIGH:+DSS:+DH' log_rotation_age = 0 log_rotation_size = 0 log_connections = on log_disconnections = on log_line_prefix = '%t ' DateStyle = 'ISO, YMD' IntervalStyle = iso_8601 #listen_addresses = 'localhost,localhost.localhost' > * test this command and include the output if it failed: > su -c "psql -h /var/run/postgresql postgres postgres" - postgres > # su -c "psql -h /var/run/postgresql postgres postgres" - postgres Simply connects to the server... psql (9.1.4) Type "help" for help. postgres=# Cheers, Chris.
smime.p7s
Description: S/MIME cryptographic signature
