0

I feel like the foot traffic is slow on Unix&Linux, so I'm also posting this question here:

I have a Postgres installed in CentOS, along with Node and React with NGINX. I've left alone my Unix postgres account to be without a password as recommended here. I've also written migrations with postgrator, which creates a table as blog_user in the blog_database.

My blog_user has LOGIN attribute with encrypted password, and the database blog_database is owned by postgres.

When I run my migrations in CentOS, I get this message

[joseph@vultr backend]$ yarn run migrate
yarn run v1.17.3
$ postgrator --config postgrator-config.js
[2:41:39 AM] table schemaversion does not exist - creating it.
[2:41:39 AM] version of database is: 0
[2:41:39 AM] migrating up to 2
Error: Ident authentication failed for user "blog_user"
error Command failed with exit code 1.
info Visit https://yarnpkg.com/en/docs/cli/run for documentation about this command.

When attempting to change peer to md5 for all, I am required to put in a password for postgres

-bash-4.2$ vim /var/lib/pgsql/11/data/pg_hba.conf 
-bash-4.2$ sudo systemctl restart postgresql.service

We trust you have received the usual lecture from the local System
Administrator. It usually boils down to these three things:

    #1) Respect the privacy of others.
    #2) Think before you type.
    #3) With great power comes great responsibility.

[sudo] password for postgres: 
Sorry, try again.

Executing the restart command as root leads to this message

[root@vultr ~]# vim /var/lib/pgsql/11/data/pg_hba.conf 
[root@vultr ~]# systemctl restart postgresql.service
Failed to restart postgresql.service: Unit not found.

I'm not sure what I need to do to solve this.

Joseph K.
  • 1,055
  • 3
  • 23
  • 46
  • I feel with you that your question has not been answered, but that does not override the sire rules, namely „Ask questions about specific _programming_ problems, software algorithms, coding techniques, software development tools.“ As a general advice, while I like vultr - if you are not an experienced system administrator (which - sorry - apparently you are not): Do not reinvent the wheel and make your life (much) easier by using some service. For example, you can have a Postgres cluster running [on DO](https://m.do.co/c/40f88d7ea4f0) complete with a standby node for as little as $50/month. – Markus W Mahlberg Aug 05 '19 at 05:12
  • @MarkusWMahlberg Thank you for your advice. I appreciate it. I am up for the challenge though, and it is ok to beat me down with lots of technicalities, I'll learn it. – Joseph K. Aug 05 '19 at 05:16
  • That is hardly the point. Without supervision, you might make a critical mistake. Which, in the best case, simply blows up something. In the worst case scenario, you leak data. Which, in some jurisdictions, makes you personally liable - including, but not limited to, damages and compensation. If you really have to, I suggest using docker on CentOS with (!) fail2ban(!). AND learn how to properly update your application stack with it _before_ going live. That should give you a halfway decent setup and basic security. – Markus W Mahlberg Aug 05 '19 at 05:21
  • As a starter: I created a [role for ansible which configures an openssh server to be properly secured](https://github.com/mwmahlberg/ansible-role-sssh) (to the best of my knowledge and that of one expert I trust) – Markus W Mahlberg Aug 05 '19 at 05:25
  • Hmm, I understand. I'll definitely look more into those things, I have a little experience with docker, but I gave this linux setup a go for this project. I've done some SELinux configuration on this server as well, which I felt like was off-topic for my question. Can you give me some pointers about my problem? like user permissions or something that may be an issue. – Joseph K. Aug 05 '19 at 05:34
  • I voted it to be off-topic, since it is not related to programming. Programmer‘s questions != programming questions. Your question is better suited for https://serverfault.com. And please refrain from double posting ;) If you post there, please delete here. – Markus W Mahlberg Aug 05 '19 at 05:35
  • wait, but what about this well received question on stack overflow :( , https://stackoverflow.com/questions/2942485/psql-fatal-ident-authentication-failed-for-user-postgres?rq=1 – Joseph K. Aug 05 '19 at 05:37
  • 1
    The comparison might fall a bit short, but if one gets away with murder does not mean you want all murderers to get away with it, do you? ;) – Markus W Mahlberg Aug 05 '19 at 05:39

1 Answers1

0

  1. Use trust authentication for local connections unless you have untrusted operating system users on the machine.

  2. The PostgreSQL service probably has a different name. Try

    systemctl status | grep postgres
Laurenz Albe
  • 209,280
  • 17
  • 206
  • 263
  • I am able to confirm that setting to either trust or md5 works. It turns out that finding the right service name was my main issue, sigh. Thank you! – Joseph K. Aug 05 '19 at 07:05