Verify listen addresses:
# postgresql.conf
listen_addresses = "*"
Verify authentication:
# pg_hba.conf
local all postgres peer
local all all peer
host all all 127.0.0.1/32 md5
host all all ::1/128 md5
hostssl inventory www-data 192.168.2.102/32 cert clientcert=1
hostssl inventory postgres 192.168.2.102/32 cert clientcert=1
host all all 0.0.0.0/0 trust
Note that I do use SSL certificates which is why there are two hostssl
records. I would think the final 'host' directive would be sufficient to
allow any access.
Output from "netstat - tlnp" after restarting postgresql:
(No info could be read for "-p": geteuid()=1001 but you should be root.)
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
PID/Program name
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
-
tcp 0 0 0.0.0.0:5432 0.0.0.0:* LISTEN
-
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN
-
tcp6 0 0 :::22 :::* LISTEN
-
tcp6 0 0 :::5432 :::* LISTEN
-
tcp6 0 0 ::1:25 :::* LISTEN
-
I will rebuild both VMs and install the minimal postgresql packages
necessary, see what happens, and report back.
Thanks again for your help!
On Thursday, June 6, 2019 at 6:44:28 AM UTC-7, Dennis Chang wrote:
>
> port_forwarding allows a port in the VM to be exposed to the host.
> So in your case, if you do port_forwarding with your Postgres process
> you want to expose your database to your host.
>
> What I wanted to do was focus on only the necessary configurations
> and worry about port_forwarding later (because obviously, accessing
> the database is more important from web00 than it is for the host).
>
> Given that the nmap command failed from web00 to scan open ports
> on db00, it suggests that the database is rejecting connection attempts.
> nmap output says 'Host is up' which means that web00 can ping db00.
>
> Can you 1. verify listening_addresses configurations on postgres.conf and
> pg_hba.conf?
> 2. restart postgres, 3. show us netstat -tlpn?
>
> FYI, I'm assuming that you perform an 'apt-get install postgres' in your
> ansible provisioning.
> That you make edits to the configuration files, and then you restart
> postgres server.
>
> Perhaps, what you can do is, destroy the VM, build a new one manually (no
> provisioning by ansible).
> And verify as you go that you can reach the VM from inside and from
> outside of it.
>
>
--
This mailing list is governed under the HashiCorp Community Guidelines -
https://www.hashicorp.com/community-guidelines.html. Behavior in violation of
those guidelines may result in your removal from this mailing list.
GitHub Issues: https://github.com/mitchellh/vagrant/issues
IRC: #vagrant on Freenode
---
You received this message because you are subscribed to the Google Groups
"Vagrant" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/vagrant-up/bf8ef89b-b41a-4eff-857c-6ad3a81fe438%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
