can you put your code in a github repo? will be easier to have a look and propose something.
alvaro On Tue, Jun 4, 2019 at 6:04 PM Robert <[email protected]> wrote: > The output from the netstat command is this: > > tcp 0 0 0.0.0.0:15432 0.0.0.:* LISTEN - > tcp6... > unix. 2. [ ACC ] STREAM. LISTENING. 34094. - /var/run/ > postgresql/.s.PGSQL.15432 > > When I try to telnet in the message is: > > Trying 192.168.2.101... > telnet: Unable to connect to remote host: Connection refused > > > Yes, the error still occurs even if I disable the firewall. > > Thanks for looking at my question. > > > On Tuesday, June 4, 2019 at 12:24:56 AM UTC-7, Alvaro Miranda Aguilera > wrote: >> >> hello >> >> on the postgresql node whats the output of >> >> sudo netstat -anp | grep 15432 >> >> on the web VM you need to connect to the DB as 192.168.2.101 15432 >> >> test with >> telnet 192.168.2.101 15432 >> >> and if you disable the firewall does it work? >> >> On Mon, Jun 3, 2019 at 6:25 PM Robert <[email protected]> wrote: >> >>> I have two Vagrant VMs, one configured as a web server and the other a >>> database server. When I try to run a psql command on the web server >>> against my inventory database on the database server, the connection is >>> refused: >>> >>> psql -h db00 -U dsmith -d inventory -p 15432 >>> >>> >>> psql: could not connect to server: Connection refused >>> Is the server running on the host "db00" (192.168.2.101) and >>> accepting >>> TCP/IP connections on port 15432? >>> >>> >>> Here is my Vagrantfile: >>> >>> VAGRANTFILE_API_VERSION = "2" >>> Vagrant.configure(VAGRANTFILE_API_VERSION) do |config| >>> config.vm.box = "debian/stretch64" >>> config.vm.synced_folder "./shared", "/vagrant", type: "virtualbox" >>> ENV['ANSIBLE_ROLES_PATH'] = "/Users/dsmith/playbooks/roles-debian9" >>> >>> >>> config.vm.define "db" do |db| >>> db.vm.hostname = "db00.example.com" >>> db.vm.network :private_network, ip: "192.168.2.101" >>> db.vm.network :forwarded_port, guest: 5432, host: 15432 >>> config.vm.provision "ansible" do |ansible| >>> ansible.playbook = "provision.yml" >>> ansible.compatibility_mode = "2.0" >>> ansible.become = true >>> end >>> end >>> >>> >>> config.vm.define "web" do |web| >>> web.vm.hostname = "web00.example.com" >>> web.vm.network :private_network, ip: "192.168.2.102" >>> web.ssh.forward_agent = true >>> config.vm.provision "ansible" do |ansible| >>> ansible.playbook = "provision.yml" >>> ansible.compatibility_mode = "2.0" >>> ansible.become = true >>> end >>> end >>> end >>> >>> >>> The key line here is the network forwarded_port line. I think I'm >>> telling Vagrant that if a request comes in to the database server VM on >>> port 5432, forward it to port 15432 on the server itself which is the port >>> I've configured PostgreSQL to listen to on that server. From my research, >>> I think this is what I'm supposed to do but I'm not sure. >>> >>> Here is my PostgreSQL configuration file: >>> >>> # /etc/postgresql/9.6/main/postgresql.conf >>> data_directory = '/var/lib/postgresql/9.6/main' >>> hba_file = '/etc/postgresql/9.6/main/pg_hba.conf' >>> ident_file = '/etc/postgresql/9.6/main/pg_ident.conf' >>> external_pid_file = '/var/run/postgresql/9.6-main.pid' >>> listen_addresses = '*' >>> port = 15432 >>> unix_socket_directories = '/var/run/postgresql' >>> >>> >>> Here is my authentication configuration file: >>> >>> # /etc/postgresql/9.6/main/pg_hba.conf >>> local all postgres peer >>> local all all peer >>> host all all 127.0.0.1/32 md5 >>> host all all ::1/128 md5 >>> host all all 0.0.0.0/0 trust >>> >>> >>> From my research, the "listen_addresses" line is important in the >>> postgres config file and the "host all all..." line is important in the hba >>> config file. >>> >>> Here are the firewall rules running on the database server: >>> >>> *filter >>> :INPUT ACCEPT [0:0] >>> :FORWARD ACCEPT [0:0] >>> :OUTPUT ACCEPT [1037:93696] >>> -A INPUT -i lo -j ACCEPT >>> -A INPUT -s 127.0.0.0/8 ! -i lo -j REJECT --reject-with icmp-port- >>> unreachable >>> -A INPUT -p icmp -m state --state NEW -m icmp --icmp-type 8 -j ACCEPT >>> -A INPUT -p tcp -m tcp --dport 22 -m state --state NEW -j ACCEPT >>> -A INPUT -s 192.168.2.102/32 -d 192.168.2.101/32 -p tcp -m tcp --sport >>> 1024:65535 --dport 15432 -m state --state NEW,ESTABLISHED -j ACCEPT >>> -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT >>> -A INPUT -m limit --limit 5/min -j LOG --log-prefix "iptables_INPUT_denied: >>> " --log-level 7 >>> -A INPUT -j REJECT --reject-with icmp-port-unreachable >>> -A FORWARD -m limit --limit 5/min -j LOG --log-prefix >>> "iptables_FORWARD_denied: >>> " --log-level 7 >>> -A FORWARD -j REJECT --reject-with icmp-port-unreachable >>> -A OUTPUT -s 192.168.2.101/32 -d 192.168.2.102/32 -p tcp -m tcp --sport >>> 5432 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT >>> COMMIT >>> >>> >>> The important rule is the one that says that anything from 192.168.2.102 >>> (web00) to 192.168.2.101 (db00) on port 15432 is accepted. But I really >>> don't think the firewall is the problem since I get the same error if I >>> flush all the rules. >>> >>> What am I doing wrong here? I've tried to think it through but I'm >>> missing something. >>> >>> -- >>> This mailing list is governed under the HashiCorp Community Guidelines - >>> https://www.hashicorp.com/community-guidelines.html. Behavior in >>> violation of those guidelines may result in your removal from this mailing >>> list. >>> >>> GitHub Issues: https://github.com/mitchellh/vagrant/issues >>> IRC: #vagrant on Freenode >>> --- >>> You received this message because you are subscribed to the Google >>> Groups "Vagrant" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to [email protected]. >>> To view this discussion on the web visit >>> https://groups.google.com/d/msgid/vagrant-up/caf83f35-74a9-4239-a27c-de758bbe7dd9%40googlegroups.com >>> <https://groups.google.com/d/msgid/vagrant-up/caf83f35-74a9-4239-a27c-de758bbe7dd9%40googlegroups.com?utm_medium=email&utm_source=footer> >>> . >>> For more options, visit https://groups.google.com/d/optout. >>> >> >> >> -- >> Alvaro >> >> -- > This mailing list is governed under the HashiCorp Community Guidelines - > https://www.hashicorp.com/community-guidelines.html. Behavior in > violation of those guidelines may result in your removal from this mailing > list. > > GitHub Issues: https://github.com/mitchellh/vagrant/issues > IRC: #vagrant on Freenode > --- > You received this message because you are subscribed to the Google Groups > "Vagrant" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/vagrant-up/dca0b03c-1669-43ea-b460-39b653363cd5%40googlegroups.com > <https://groups.google.com/d/msgid/vagrant-up/dca0b03c-1669-43ea-b460-39b653363cd5%40googlegroups.com?utm_medium=email&utm_source=footer> > . > For more options, visit https://groups.google.com/d/optout. > -- Alvaro -- This mailing list is governed under the HashiCorp Community Guidelines - https://www.hashicorp.com/community-guidelines.html. Behavior in violation of those guidelines may result in your removal from this mailing list. GitHub Issues: https://github.com/mitchellh/vagrant/issues IRC: #vagrant on Freenode --- You received this message because you are subscribed to the Google Groups "Vagrant" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/vagrant-up/CAHqq0exuHRjUdDRo2S0G_srb4%2BP7Nu0-Gce5TT_xC6t_VmJJDA%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
