RE: PostgreSQL Streaming replication on two diff networks

[Pierre Ochsenbein <pierre.ochsenbein@xxxxxxxxxxxx>]

Everything is good for the ssh connectivity from the slave to the master but not from the master to the slave.

On the master :

-bash-4.2$ ssh postgres@10.0.2.67 (slaveIP)

Permission denied (publickey,gssapi-keyex,gssapi-with-mic).

-bash-4.2$​

-bash-4.2$ ssh-copy-id -i id_rsa.pub postgres@10.0.2.67
/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "id_rsa.pub"
/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
Permission denied (publickey,gssapi-keyex,gssapi-with-mic).
-bash-4.2$

--------

On the slave : 

-bash-4.2$ ssh postgres@10.1.24.13 (masterIP)

postgres@10.1.24.13's password: 

Last failed login: Tue Jun  5 10:10:19 EDT 2018 from slave on ssh:notty

There were 44 failed login attempts since the last successful login.

Last login: Tue Jun  5 09:48:42 2018 from slave

-bash-4.2$ exit

logout​

---

De : Jorge Torralba <jorge.torralba@xxxxxxxxx>
Envoyé : mardi 5 juin 2018 16:02
À : Johannes Truschnigg
Cc : Pierre Ochsenbein; pgsql-admin@xxxxxxxxxxxxxxxxxxxx
Objet : Re: PostgreSQL Streaming replication on two diff networks

 

>No; not if there's not even basic IP connectivity between the participating
hosts. Pierre will have to make sure he gets the routing between the two sites
fixed (which is probably going to need some kind of VPN solution).<

You are correct. But,  I am assuming all routing, vpn's, iptables etc are configured since it is a known network to the user.  He will still need entrie in pg_hba.conf.

JT

On Tue, Jun 5, 2018 at 6:43 AM, Johannes Truschnigg <johannes@xxxxxxxxxxxxxxx> wrote:

On Tue, Jun 05, 2018 at 06:39:42AM -0700, Jorge Torralba wrote:
> It's all about the pg_hba.conf :)

No; not if there's not even basic IP connectivity between the participating
hosts. Pierre will have to make sure he gets the routing between the two sites
fixed (which is probably going to need some kind of VPN solution).

--
with best regards:
- Johannes Truschnigg ( johannes@xxxxxxxxxxxxxxx )

www:   https://johannes.truschnigg.info/
phone: +43 650 2 133337
xmpp:  johannes@xxxxxxxxxxxxxxx

Please do not bother me with HTML-email or attachments. Thank you.

--

Thanks,

Jorge Torralba
----------------------------

Note: This communication may contain privileged or other confidential information. If you are not the intended recipient, please do not print, copy, retransmit, disseminate or otherwise use the information. Please indicate to the sender that you have received this email in error and delete the copy you received. Thank You.

Acceleris AG | cloudifying IT
Pierre Ochsenbein | Technical Consultant
Schosshaldenstrasse 85 | CH-3006 Bern
T : +41 31 911 33 22 | F : +41 31 911 62 63
pierre.ochsenbein@xxxxxxxxxxxx | www.acceleris.ch  

Acceleris Offices are in :
Bern | Zurich | Renens | Bucharest

 

 

Disclaimer

This message possibly contains confidential data or items of information. It is intended solely for the rightful recipient. If you should have received the message wrongfully, it is not permitted to disclose the e-mail message or its contents to third parties, to copy or use it. We would respectfully request you to destroy the message with the exclusion of any reproduction and to notify this to the originator by e-mail. Thank you very much.