hello on the postgresql node whats the output of
sudo netstat -anp | grep 15432 on the web VM you need to connect to the DB as 192.168.2.101 15432 test with telnet 192.168.2.101 15432 and if you disable the firewall does it work? On Mon, Jun 3, 2019 at 6:25 PM Robert <[email protected]> wrote: > I have two Vagrant VMs, one configured as a web server and the other a > database server. When I try to run a psql command on the web server > against my inventory database on the database server, the connection is > refused: > > psql -h db00 -U dsmith -d inventory -p 15432 > > > psql: could not connect to server: Connection refused > Is the server running on the host "db00" (192.168.2.101) and accepting > TCP/IP connections on port 15432? > > > Here is my Vagrantfile: > > VAGRANTFILE_API_VERSION = "2" > Vagrant.configure(VAGRANTFILE_API_VERSION) do |config| > config.vm.box = "debian/stretch64" > config.vm.synced_folder "./shared", "/vagrant", type: "virtualbox" > ENV['ANSIBLE_ROLES_PATH'] = "/Users/dsmith/playbooks/roles-debian9" > > > config.vm.define "db" do |db| > db.vm.hostname = "db00.example.com" > db.vm.network :private_network, ip: "192.168.2.101" > db.vm.network :forwarded_port, guest: 5432, host: 15432 > config.vm.provision "ansible" do |ansible| > ansible.playbook = "provision.yml" > ansible.compatibility_mode = "2.0" > ansible.become = true > end > end > > > config.vm.define "web" do |web| > web.vm.hostname = "web00.example.com" > web.vm.network :private_network, ip: "192.168.2.102" > web.ssh.forward_agent = true > config.vm.provision "ansible" do |ansible| > ansible.playbook = "provision.yml" > ansible.compatibility_mode = "2.0" > ansible.become = true > end > end > end > > > The key line here is the network forwarded_port line. I think I'm telling > Vagrant that if a request comes in to the database server VM on port 5432, > forward it to port 15432 on the server itself which is the port I've > configured PostgreSQL to listen to on that server. From my research, I > think this is what I'm supposed to do but I'm not sure. > > Here is my PostgreSQL configuration file: > > # /etc/postgresql/9.6/main/postgresql.conf > data_directory = '/var/lib/postgresql/9.6/main' > hba_file = '/etc/postgresql/9.6/main/pg_hba.conf' > ident_file = '/etc/postgresql/9.6/main/pg_ident.conf' > external_pid_file = '/var/run/postgresql/9.6-main.pid' > listen_addresses = '*' > port = 15432 > unix_socket_directories = '/var/run/postgresql' > > > Here is my authentication configuration file: > > # /etc/postgresql/9.6/main/pg_hba.conf > local all postgres peer > local all all peer > host all all 127.0.0.1/32 md5 > host all all ::1/128 md5 > host all all 0.0.0.0/0 trust > > > From my research, the "listen_addresses" line is important in the postgres > config file and the "host all all..." line is important in the hba config > file. > > Here are the firewall rules running on the database server: > > *filter > :INPUT ACCEPT [0:0] > :FORWARD ACCEPT [0:0] > :OUTPUT ACCEPT [1037:93696] > -A INPUT -i lo -j ACCEPT > -A INPUT -s 127.0.0.0/8 ! -i lo -j REJECT --reject-with icmp-port- > unreachable > -A INPUT -p icmp -m state --state NEW -m icmp --icmp-type 8 -j ACCEPT > -A INPUT -p tcp -m tcp --dport 22 -m state --state NEW -j ACCEPT > -A INPUT -s 192.168.2.102/32 -d 192.168.2.101/32 -p tcp -m tcp --sport > 1024:65535 --dport 15432 -m state --state NEW,ESTABLISHED -j ACCEPT > -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT > -A INPUT -m limit --limit 5/min -j LOG --log-prefix "iptables_INPUT_denied: > " --log-level 7 > -A INPUT -j REJECT --reject-with icmp-port-unreachable > -A FORWARD -m limit --limit 5/min -j LOG --log-prefix > "iptables_FORWARD_denied: > " --log-level 7 > -A FORWARD -j REJECT --reject-with icmp-port-unreachable > -A OUTPUT -s 192.168.2.101/32 -d 192.168.2.102/32 -p tcp -m tcp --sport > 5432 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT > COMMIT > > > The important rule is the one that says that anything from 192.168.2.102 > (web00) to 192.168.2.101 (db00) on port 15432 is accepted. But I really > don't think the firewall is the problem since I get the same error if I > flush all the rules. > > What am I doing wrong here? I've tried to think it through but I'm > missing something. > > -- > This mailing list is governed under the HashiCorp Community Guidelines - > https://www.hashicorp.com/community-guidelines.html. Behavior in > violation of those guidelines may result in your removal from this mailing > list. > > GitHub Issues: https://github.com/mitchellh/vagrant/issues > IRC: #vagrant on Freenode > --- > You received this message because you are subscribed to the Google Groups > "Vagrant" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/vagrant-up/caf83f35-74a9-4239-a27c-de758bbe7dd9%40googlegroups.com > <https://groups.google.com/d/msgid/vagrant-up/caf83f35-74a9-4239-a27c-de758bbe7dd9%40googlegroups.com?utm_medium=email&utm_source=footer> > . > For more options, visit https://groups.google.com/d/optout. > -- Alvaro -- This mailing list is governed under the HashiCorp Community Guidelines - https://www.hashicorp.com/community-guidelines.html. Behavior in violation of those guidelines may result in your removal from this mailing list. GitHub Issues: https://github.com/mitchellh/vagrant/issues IRC: #vagrant on Freenode --- You received this message because you are subscribed to the Google Groups "Vagrant" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/vagrant-up/CAHqq0ewCVKJ1h1BnGhfiArbCexyWWjAfuUFMn9DcwQRz%3DBOTLA%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
