Details
-
Bug
-
Status: Done
-
High
-
Resolution: Fixed
-
2.14.0
-
None
-
1
-
Yes
-
[obsolete] C/S Core
Description
pmm2-client-2.14.0-6.el7.x86_64
Feb 01 06:48:55 ihanick-node1 pmm-agent[902]: INFO[2021-02-01T06:48:55.506+00:00] time="2021-02-01T06:48:55Z" level=error msg="Error opening connection to database (postgres://pmm_user:[email protected]:5432/postgres?connect_timeout=1&sslmode=disable): pq: unknown authentication response: 10" source="postgres_exporter.go:1396" agentID=/agent_id/56ea86d3-dc70-4165-ac69-9009657b7fe1 component=agent-process type=postgres_exporter
This problem happens due to missing scram-sha-256 support.
In Percona Postgresql Distribution 12 a default value for password_encryption variable was used.
In el7 (RHEL7/CentOS7) package for Percona Postgresql Distribution 13 postgresql.conf could be created with /usr/pgsql-13/bin/postgresql-13-setup script and it contains:
-A scram-sha-256 option for initdb
https://www.percona.com/doc/percona-monitoring-and-management/2.x/setting-up/client/postgresql.html
To do this, set ident to md5 for the user in the pg_hba.conf configuration file.
The documentation mentions requirement of md5 for pg_hba.conf, but not mentions password_encryption postgres parameter. It should be md5 before PMM postgres user creation.
https://www.postgresql.org/docs/13/auth-password.html
The best solution could be update lib/pq to support SCRAM-SHA-256
https://github.com/lib/pq
https://github.com/wrouesnel/postgres_exporter/commit/69a90e8a33d285049bf2a817c645176615943552
This is also requested on percona forum:
https://forums.percona.com/t/postgres-exporter-support-for-scram-sha-256/8058
Attachments
Issue Links
- relates to
-
PMM-8484 Added support for PostgreSQL 14
-
- Done
-
- links to