Replies: 1 comment
-
It was a permission issue after all. /var/lib is a mount volume in the container, but the underlying file system (host) had its permissions on 700 so pgbouncer couldn't browse the file system for the certificate files. Anyway I would have expected a |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Hi everyone,
I've been struggling with this issue for more the a few hours.... I can't make pgbouncer start with
client_tls_sslmode
set.When I increase verbosity in
pgbouncer.ini
I get the following output:What bothers me here is the
(null)
I would expect something like for example 'permission denied' of another relevant message pointing me in the right direction.Talking about permissions: they seem correct to me (or permissive enough)
sh-5.1# ls -la /var/lib/pgbouncer/certs/ total 20 drwxr-xr-x 2 pgbouncer pgbouncer 4096 Jan 15 14:23 . drwxr-xr-x 3 pgbouncer pgbouncer 4096 Jan 12 15:17 .. -r-------- 1 pgbouncer pgbouncer 3749 Jan 16 14:30 root.ca -r-------- 1 pgbouncer pgbouncer 1294 Jan 16 14:30 server.crt -r-------- 1 pgbouncer pgbouncer 1675 Jan 16 14:30 server.key
As a test I already changed the permissions more strict (root:root) and the
(null)
is still there (no permission denied or whatsoever)I have activated ssl on the postgres service and I can connect with TLSv1.3 when I point directly to port 5432.
pgbouncer connects to postgres running on the same server via unix socket. This seems to work without any issue if I leave the
client_tls_sslmode
out of the pgbouncer config.Is there something obvious I am missing here? Or something I can do to get more debugging information?
further info:
sh-5.1# su pgbouncer -c "/usr/bin/pgbouncer /etc/pgbouncer/pgbouncer.ini -V" PgBouncer 1.21.0 libevent 2.1.12-stable adns: c-ares 1.17.1 tls: OpenSSL 3.0.7 1 Nov 2022 systemd: yes
regards,
Koen
Beta Was this translation helpful? Give feedback.
All reactions