I have two Vagrant VMs, one configured as a web server and the other a
database server. When I try to run a psql command on the web server
against my inventory database on the database server, the connection is
refused:
psql -h db00 -U dsmith -d inventory -p 15432
psql: could not connect to server: Connection refused
Is the server running on the host "db00" (192.168.2.101) and accepting
TCP/IP connections on port 15432?
Here is my Vagrantfile:
VAGRANTFILE_API_VERSION = "2"
Vagrant.configure(VAGRANTFILE_API_VERSION) do |config|
config.vm.box = "debian/stretch64"
config.vm.synced_folder "./shared", "/vagrant", type: "virtualbox"
ENV['ANSIBLE_ROLES_PATH'] = "/Users/dsmith/playbooks/roles-debian9"
config.vm.define "db" do |db|
db.vm.hostname = "db00.example.com"
db.vm.network :private_network, ip: "192.168.2.101"
db.vm.network :forwarded_port, guest: 5432, host: 15432
config.vm.provision "ansible" do |ansible|
ansible.playbook = "provision.yml"
ansible.compatibility_mode = "2.0"
ansible.become = true
end
end
config.vm.define "web" do |web|
web.vm.hostname = "web00.example.com"
web.vm.network :private_network, ip: "192.168.2.102"
web.ssh.forward_agent = true
config.vm.provision "ansible" do |ansible|
ansible.playbook = "provision.yml"
ansible.compatibility_mode = "2.0"
ansible.become = true
end
end
end
The key line here is the network forwarded_port line. I think I'm telling
Vagrant that if a request comes in to the database server VM on port 5432,
forward it to port 15432 on the server itself which is the port I've
configured PostgreSQL to listen to on that server. From my research, I
think this is what I'm supposed to do but I'm not sure.
Here is my PostgreSQL configuration file:
# /etc/postgresql/9.6/main/postgresql.conf
data_directory = '/var/lib/postgresql/9.6/main'
hba_file = '/etc/postgresql/9.6/main/pg_hba.conf'
ident_file = '/etc/postgresql/9.6/main/pg_ident.conf'
external_pid_file = '/var/run/postgresql/9.6-main.pid'
listen_addresses = '*'
port = 15432
unix_socket_directories = '/var/run/postgresql'
Here is my authentication configuration file:
# /etc/postgresql/9.6/main/pg_hba.conf
local all postgres peer
local all all peer
host all all 127.0.0.1/32 md5
host all all ::1/128 md5
host all all 0.0.0.0/0 trust
>From my research, the "listen_addresses" line is important in the postgres
config file and the "host all all..." line is important in the hba config
file.
Here are the firewall rules running on the database server:
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [1037:93696]
-A INPUT -i lo -j ACCEPT
-A INPUT -s 127.0.0.0/8 ! -i lo -j REJECT --reject-with icmp-port-
unreachable
-A INPUT -p icmp -m state --state NEW -m icmp --icmp-type 8 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 22 -m state --state NEW -j ACCEPT
-A INPUT -s 192.168.2.102/32 -d 192.168.2.101/32 -p tcp -m tcp --sport 1024:
65535 --dport 15432 -m state --state NEW,ESTABLISHED -j ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -m limit --limit 5/min -j LOG --log-prefix "iptables_INPUT_denied:
" --log-level 7
-A INPUT -j REJECT --reject-with icmp-port-unreachable
-A FORWARD -m limit --limit 5/min -j LOG --log-prefix "iptables_FORWARD_denied:
" --log-level 7
-A FORWARD -j REJECT --reject-with icmp-port-unreachable
-A OUTPUT -s 192.168.2.101/32 -d 192.168.2.102/32 -p tcp -m tcp --sport 5432
--dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT
COMMIT
The important rule is the one that says that anything from 192.168.2.102
(web00) to 192.168.2.101 (db00) on port 15432 is accepted. But I really
don't think the firewall is the problem since I get the same error if I
flush all the rules.
What am I doing wrong here? I've tried to think it through but I'm missing
something.
--
This mailing list is governed under the HashiCorp Community Guidelines -
https://www.hashicorp.com/community-guidelines.html. Behavior in violation of
those guidelines may result in your removal from this mailing list.
GitHub Issues: https://github.com/mitchellh/vagrant/issues
IRC: #vagrant on Freenode
---
You received this message because you are subscribed to the Google Groups
"Vagrant" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/vagrant-up/caf83f35-74a9-4239-a27c-de758bbe7dd9%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
