So create it by connecting somehow to the database with superuser rights and do CREATE ROLE foo. There's an Ident server, but there's no database role matching the name you're trying to connect with ('foo' in the above example). If that fails, install an Ident server (eg, sudo apt-get install oidentd). Test this by trying to connect to it on port 113. There is no Ident server running on the machine you're trying to connect from. An Ident server running on the machine the user is connecting from confirms that their username really is 'foo'.The unix username making the connection is 'foo'.Your pg_hba.conf file (in /etc/postgres-something/main) defines 'Ident' as the protocol to connect to database db for users connecting from certain hosts.You have database role 'foo' on database 'db'.Ident auth automatically matches Unix usernames with Postgres usernames. Last resort solution if it fails again is that you can use rebalance_table_shards function with the option shard_transfer_mode := 'block_writes' and see if that works for you.It means that Postgres is trying to authenticate a user using the Ident protocol, and can't. We had the same incident before and there is an issue about this in citus-enterprise repository. Based on engineering, if the rebalancing doesn't require data transfer from another newly added worker to w6 (10.0.0.33), the operation would fail. Therefore, for this moment, engineering suggested that you may try once more which you already did and it is working again. So, the following queries just work fine. Weirdly, this happens only when we need to move shards in between newly added workers. SELECT master_move_shard_placement() call doesn't use logical replication by default and it does continue give the same error when we run citus=> select master_move_shard_placement(102538, '10.0.0.34', 5432, '10.0.0.33', 5432, 'force_logical') ĮRROR: could not connect to the publisher: SSL error: tlsv1 alert unknown caĬONTEXT: while executing command on 10.0.0.33:5432 This was the final fix and so far everything is working now, including rebalancing after scaling out additional nodes again.Īt our end, we found that it may happen when it doesn’t requires data transfer. The same error occurred in spite of this. They first said there was an issue with ca.pem creation while the new nodes were being deployed and they applied a hot-fix as well as a an actual fix to be rolled across all regions by the end of the week. We ending up opening an Azure Support ticket. We were executing the full statement (SELECT rebalance_table_shards('distributed_table_name') ) against the distributed table when we received the error. Is there an additional step needed after scaling that I missed? The same settings were in place with 6 nodes and we had no issue using the create_distributed_table() function. This is the error received:Ĭould not connect to the publisher: SSL error: tlsv1 alert unknown caįATAL: no pg_hba.conf entry for replication connection from host "xx.x.x.33", user "postgres", SSL off All worker nodes are default configuration with citus.replication_sslmode = REQUIRE. The new nodes are now active but when using the rebalance_table_shards() function, the SSL cert is refused from one of the new nodes. There were no errors and the deployment reported success. Scaling was initiated via the Worker Node count slider on the Configure page. I scaled out an Azure Database for PostgreSQL Hyperscale cluster from 6 to 10 nodes. Title: SSL Error when rebalancing after scaling Hyperscale cluster out
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |