I'm very new to Ruby and postgres.
Below is my database.yml
development:
adapter: postgresql
database: test_database
username: postgresql
password: mypassword
host: localhost
encoding: utf8
The user exists and I'm, able to login using same credentials in phpPgadmin. But when I start rails server and go to home page of app, I get FATAL: Ident authentication failed for user "postgresql".
Edit: In case pghba.conf matters,
# TYPE DATABASE USER ADDRESS METHOD
# "local" is for Unix domain socket connections only
#local all all peer
local all postgres md5
local all postgresql md5
Could anyone please help ?
open PostgreSQL client authentication configuration file
vi /var/lib/pgsql/data/pg_hba.conf
This file manage below stuffs
Which hosts are allowed to connect
How clients are authenticated
Which PostgreSQL user names they can use
Which databases they can access
By default Postgresql uses IDENT-based authentication. All you have to do is allow username and password based authentication for your network or webserver. IDENT will never allow you to login via -U and -W options. Append following to allow login via localhost only:
local all all trust
host all 127.0.0.1/32 trust
Save and close the file. Restart Postgresql server:
service postgresql restart OR
sudo /etc/init.d/postgresql restart
It should work
I can find my pg_hba.conf file in the path:
/etc/postgresql/8.4/main/pg_hba.conf
For anyone who still can't find their pg_hba.conf file, I'm using PostgreSQL v9.2 and I found mine in:
/var/lib/pgsql/9.2/data/pg_hba.conf
Related
I'm attempting to deploy a rails app to AWS. The deploy fails with
PG::ConnectionBad: FATAL: Ident authentication failed for user "postgres"
My database.yml file (merged by capistrano from the shared dir under my app root) looks like this
production:
adapter: postgresql
encoding: unicode
database: tpms_prod
username: postgres
host: 127.0.0.1
port: 5432
and the pg_hba.conf is the default and looks like this
# TYPE DATABASE USER ADDRESS METHOD
# "local" is for Unix domain socket connections only
local all all peer
# IPv4 local connections:
host all all 127.0.0.1/32 ident
# IPv6 local connections:
host all all ::1/128 ident
I've tried changing the authentication settings in pg_hba.conf to password but that still reports a failing Ident authentication!
I've tried adding a new super user to the database and using that user in the database.yml file - but the ident auth fails for that user as well, so I know that the database.yml file is being used by the deploy process.
If I understand the ident mechanism correctly, then the user requesting the connection just has to 'be' a declared user and this is borne out on the command line.
might be wrong.... but for me ident means that you must have the same username between the database (the db user must be created) and the client (here it's rails).
it means that if you want it to work, you should run your rails app as "postgres" user (which might not be the best idea)
OK SO land, I have exhausted all attempts to find an answer for my issue.
I have a RoR app running Mongoid 3.16 and a remote server with Mongodb 3.05. Both servers are on the same network and I am using internal IP address to connect.
The problem that I am having is trying to secure the connection. First off, if I try to add the app IP to the bind_ip in the mongod.conf file I get an error:
Cannot assign requested address for socket: app_ip_address
Here is the bind_ip in the mongod.conf:
#bind_ip=127.0.0.1,app_ip_address
If I uncomment it and try to restart mongodb it gives me the error about "Cannot assign requested address..." So I can connect from the app to mongodb IF I leave the bind_ip commented out. I do not like this idea because it will allow any connection.
My mongoid.yml file is:
production:
sessions:
default:
database: my_database
hosts:
- mongodb_server_ip:27017
I also set up the database to have a user but if I set the auth to true for Mongodb, it will allow connection to the "my_database" without authorization, but cannot read the data unless I authenticate again (which I can do command line but not via the mongoid.yml file)
For example if I connect command line from the app server with:
mongo mongoddb_server_ip:27017/my_database
That works but when I try to view collections I have to db.auth(....) to see them.
I guess that if I can config the mongoid.yml with the username/password for mongodb that would work but I cannot figure out how to do that.
Update 11/23:
OK, I set the mongod.conf file to auth = true. Now I can connect from the app server via ssh:
mongo mnogodb_server_ip:27017/my_database --username some_username --password some_password
That allows me to connect and access all collections etc. Now that I am requiring authentication I updated my mongoid.yml file as so:
production:
sessions:
default:
database: my_database
username: some_username
password: some_password
hosts:
- mongodb_server_ip:27017
I restart the server and I cannot connect to the remote db.
Well, after all of this I find out that moped 2 does not support authentication for MongoDB 3+.
see here:
Rails Mongoid fails to authenticate - failed with error 13: "not authorized for query on my_db.my_collection"
I'm learning Rails and my final app will be hosted on Heroku, which uses postgres, so I figured it'd be smart to work with postgres in development too as I'm building what is supposed to be a rather simple search function and want to avoid as many problems as possible actually deploying it.
Sadly, I'm using Ubuntu 14.04 so naturally the steps will be harder than on for example Windows.
Here's what I've done so far, which is a rather comical enterprise into a world that gives me nothing but problems at every step:
Actually installed postgresql. sudo apt-get install postgresql-9.4 as per the official website of course didn't work so I had to find a workaround (as always) but it should be installed now. I ran sudo apt-get install -y postgresql postgresql-contrib to get it working.
Tried logging in per some instructions with su postgres, but even after setting a password for su or using sudo su postgres that didn't work. Ended up creating a user with sudo -u postgres createuser -P my_user matching the name of my app. Created a database too.
Tried creating a new rails project with rails new my_app --database=postgresql. Didn't work as it complained lacking a pg gem (sorry for not pre-emptively making a Gemfile for you?) so I gave that up and just created it without specifying a database.
Removed the sqlite gem and added gem 'pg' in the Gemfile. Ran bundle install, but it didn't work. Had to run sudo apt-get install libpq-dev to install something I'm not sure what it is and then it worked.
Modified the database.yml as per some instructions and ran rake db:setup. Rails gave this error: FATAL: Peer authentication failed for user "my_user". Well, that's cool.
Not quite sure why, but I added a database here called my_app_development for it with the owner my_user but then db:setup instead complained that it lacked permissions to create a database (but I just created it FOR you?).
I ran chmod -R 0666 my_app as someone highly upvoted on SO suggested but holy shit that was bad as it didn't even give me permissions to enter the folder myself! Reverted that quickly and tried something else.
Someone suggested running psql -U my_user postgres but that only gives me the error psql: FATAL: Peer authentication failed for user "my_user"
Experimented logging in via psql postgres (I don't know what psql is, I'm just following suggestions) and tried ALTER ROLE my_user CREATEDB; but it only returns a permission denied error.
Officially gave up and came here.
Can anyone help me with the actual steps to follow from the beginning? It shouldn't be THIS hard, right?
By the way, this is what my database.yml looks like:
default: &default
adapter: sqlite3
pool: 5
timeout: 5000
development:
adapter: postgresql
encoding: unicode
database: my_app_development
host: localhost
pool: 5
username: my_user
password: my_password
test:
<<: *default
database: db/test.sqlite3
production:
<<: *default
database: db/production.sqlite3
Edit: Thanks alot to Ajay for walking me through how to setup postgres. If anyone comes across this thread, as frustrated as I am with postgres, here are a few pointers:
PG::InsufficientPrivilege: ERROR: permission denied to create database means the user doesn't have the right privileges. Log in via sudo -u postgres psql and you should see postgres=# before everything you type in the terminal. While there, type ALTER ROLE my_user CREATEDB; and it should work. I don't know why it didn't the first time I used that, perhaps I forgot sudo?
FATAL: Peer authentication failed for user "my_user" means you need to change some things in a file as per the instructions in one of the answers. Make sure to change it for both local and postgres. I have it set to md5 for everything but local and it works.
Login via sudo -u postgres psql and type `select * from pg_catalog.pg_user;' to check your current users. Good way to see if you created the user correctly and what privileges it has.
default: &default
adapter: sqlite3
pool: 5
timeout: 5000
Above adapter: sqlite3 is causing the error
Please try this:
default: &default
adapter: postgresql
pool: 5
timeout: 5000
development:
<<: *default
database: my_app_development
username: psql #postgres username
password: your_password #password
After you entered the valid postgres credentials(username/password) here. Try following in your terminal :
$ rake db:create #this will create your my_app_development database.
$ rake db:migrate #migrate your database.
5. Modified the database.yml as per some instructions and ran rake
db:setup. Rails gave this error: FATAL: Peer authentication failed
for user "my_user". Well, that's cool.
you need to open your pg_hba.conf (probally located at /etc/postgresql/9.4/main/pg_hba.conf) and change the authentication method from "peer" to "md5" (which will asks for password) or to "trust" (which will unsecuritly allow access without password).
To know where your pg_hba is located, execute this on your terminal (terminal of the machine where the postgresql are running):
ps ax | grep postgresql.conf
it should return something like:
8803 ? S 0:00 /usr/lib/postgresql/9.4/bin/postgres -D /var/lib/postgresql/9.4/main -c config_file=/etc/postgresql/9.4/main/postgresql.conf
look the folder where config_file is located. In this case is /etc/postgresql/9.4/main/. Inside this folder there's another configuration file called pg_hba.conf (the permissions file). Edit it (with super user):
sudo nano /etc/postgresql/9.4/main/pg_hba.conf
on the lasts lines you will see something like that:
# DO NOT DISABLE!
# If you change this first entry you will need to make sure that the
# database superuser can access the database using some other method.
# Noninteractive access to all databases is required during automatic
# maintenance (custom daily cronjobs, replication, and similar tasks).
#
# Database administrative login by Unix domain socket
local all postgres trust
# TYPE DATABASE USER ADDRESS METHOD
# "local" is for Unix domain socket connections only
local all all trust
# IPv4 local connections:
host all all 127.0.0.1/32 trust
# IPv6 local connections:
host all all ::1/128 md5
# Allow replication connections from localhost, by a user with the
# replication privilege.
#local replication postgres peer
#host replication postgres 127.0.0.1/32 md5
#host replication postgres ::1/128 md5
You see the "trust" references? In your default pg_hba.conf they should be "peer". In my example, I had changed to "trust" (i.e, doesn't ask for passwords) all local connections, because my postgresql server not accept outside connections. But you can change to "md5", which will permit access when the user provide the correct password.
After change this, save and exit (in nano is Ctrl+O, Enter to confirm, Ctrl+X to exit). Then, restart postgresql (sudo /etc/init.d/postgresql restart - maybe works with just a reload)
UPDATE:
DISCLAIMER:
although trusting your local connections will not create a hole security (unless, of course you are sharing the machine with anothers users), do it only for testing purposes - to discover where the problem is (if is a permission/pg_hba problem or not). After discover where the problem are, its more concise to have one specific user to your project and use an authentication for it ("md5", "peer").
Using one single user for all your projects on the machine (e.g. the "postgres" user), and/or not use an authentication ("trust"), is like create a Rails project and use just one generic controller, instead having a controller for each table/group of logic.
I am trying to get a rails app to work with heroku but I am doing something wrong.
Database.yml
development:
adapter: postgresql
encoding: unicode
database: (heroku db)
user: (heroku db_user)
pool: 5
password: (heroku db_pass)
If I enter the information from my heroku database I get:
PG::ConnectionBad FATAL: password authentication failed for user
I am not rails guy, But this is something that i have done just now on my spring app, I wanted to connect my localhost development to heroku db.. I got db info from this:
heroku pg:credentials DATABASE
then I have passed params.. But I found that to connect remote heroku db, I needed to add this to my connection params..
ssl=true&sslfactory=org.postgresql.ssl.NonValidatingFactory
I guess, you also need to specify the host and port. To find out the host try running this command:
$ heroku config | grep HEROKU_POSTGRESQL
You should see something like
HEROKU_POSTGRESQL_RED_URL: postgres://user3123:passkja83kd8#ec2-117-21-174-214.compute-1.amazonaws.com:6212/db982398
if you already added the PostgreSQL add-on. More on this read here.
Then add the host and port info to your configuration:
development:
...
host: ec2-117-21-174-214.compute-1.amazonaws.com
port: 6212
...
But do remember that it's a bad idea to work with the production database from your local dev machine, unless you really know what you are doing.
When I execute heroku db:pull it finds my local dev db at:
postgres://127.0.0.1/myapp_development?encoding=utf8
once I confirm though, it fails with:
Sequel::DatabaseConnectionError -> PGError: fe_sendauth: no password supplied
I tried running the pull with the local db specified, e.g.
heroku db:pull postgres://root:#localhost/db_name
which gives the same no password supplied error.
I thought I may need to change root: to myname: because thats the user I granted superuser rights to when I setup postgres but neither root: or myname: works
My database.yml has username: and password: blank for all databases specified.
From the command line as myname#ubuntu I can type psql myapp_development and connect fine and run selects.
What am I missing here?
Is it related to my pg_hba.conf settings? I had a look inside that and it says:
# Database administrative login by UNIX sockets
local all postgres ident
# TYPE DATABASE USER CIDR-ADDRESS METHOD
# "local" is for Unix domain socket connections only
local all all ident
# IPv4 local connections:
host all all 127.0.0.1/32 md5
# IPv6 local connections:
host all all ::1/128 md5
Should 'trusted' be used there? And if so if I edit that file do I need to restart postgres? And if 'trust' is necessary then how come rails and the psql command line tools work without passwords when logged in as my myname user?
Thank you!
Authentication method trust might do the trick, but as you are undoubtedly aware, this is not secure.
After editing pg_hba.conf, you don't have to restart. A reload is enough (quoting the manual):
The pg_hba.conf file is read on start-up and when the main server
process receives a SIGHUP signal. If you edit the file on an active
system, you will need to signal the postmaster (using pg_ctl reload or
kill -HUP) to make it re-read the file.
pg_ctl reload
See the fine manual. You might need the manual for version for 8.3. Shared db on heroku currently runs on PostgreSQL 8.3. (Also, I doubt you have access to pg_ctl on heroku.)
Be aware of this:
If no password has been set up for a user, the stored password is null
and password authentication will always fail for that user.
Emphasis mine. You might be able to log in locally, because the auth-methods ident or peer allow for that. But for your purpose you may need a password!