Ok, this is not strictly a PostgreSQL issue,
but I am trying to enable WAL log shipping on our PostgreSQL 8.1.10
(upgrade to 8.3.7 is in the works).
My archive_command is 'rsync %p postgres@node2:/file/to/$f </dev/null'
This works fine only if and only if SE Linux is disabled on node 1
(the source node).
I am running Fedora Core 6 on node 1. (Upgrade to CentOS 5.2 is in the works.)
I used audit2allow on the SELinux messages, and generated an SE Linux
module to allow
Postgres to rsync the files out...
allow postgresql_t ssh_exec_t:file { read execute execute_no_trans };
allow postgresql_t ssh_port_t:tcp_socket name_connect;
allow postgresql_t user_home_t:dir { search getattr };
allow postgresql_t user_home_t:file { read getattr };
But this still does now work. (Works fine if I disable SELinux, by the way.)
The error I get is:
LOG: archive command "/usr/local/bin/rsync -e /usr/bin/ssh
pg_xlog/000000010000001D00000015
postgres@node2:WAL/000000010000001D00000015 </dev/null" failed: return
code 65280
Could not create directory '/home/postgres/.ssh'.
Host key verification failed.
rsync: connection unexpectedly closed (0 bytes received so far) [sender]
rsync error: unexplained error (code 255) at io.c(632) [sender=3.0.4]
If anybody has any clue as to whats going on here, I would sure
appreciate your help.
"ssh node2" works fine from node1, I log in using key-based authentication
What stumps me is there are no further complaints from SELinux, but
clearly SELinux is blocking the connection.
I think I'll ask on the SELinux list as well. But if anybody here
has a clue, please give me a shout.
Best,
-at
--
Aleksey Tsalolikhin
UNIX System Administrator
"I get stuff done!"
http://www.verticalsysadmin.com/
LinkedIn - http://www.linkedin.com/in/atsaloli
--
Sent via pgsql-general mailing list (pgsql-general@xxxxxxxxxxxxxx)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-general
