c2c-oerpscenario team mailing list archive

Thread
Date

[Bug 853612] Re: OpenERP client fails to connect with a restricted pg_hba.conf

To: c2c-oerpscenario@xxxxxxxxxxxxxxxxxxx
From: Ian Beardslee <853612@xxxxxxxxxxxxxxxxxx>
Date: Sun, 25 Sep 2011 20:10:13 -0000
Reply-to: Bug 853612 <853612@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

That looks like it might do the job.  Although when I go through and
check that it does work in my test environment I'll change  the

   def exp_initial_dbname(self):
       dbname = tools.config['db_name']
       if not dbname:
           return 'template1'
       return dbname

to ..

   def exp_initial_dbname(self):
       dbname = tools.config['db_name']
       if not dbname:
           return 'postgres'
       return dbname

I do notice that there is still a

         db = sql_db.db_connect('template1')

Just after that first block of changes.  Considering that the rest of
them seem to be removed, is that connection to template1 still planned?

-- 
You received this bug notification because you are a member of C2C
OERPScenario, which is subscribed to OpenERP Project Group.
https://bugs.launchpad.net/bugs/853612

Title:
  OpenERP client fails to connect with a restricted pg_hba.conf

Status in OpenERP Server:
  New

Bug description:
  Using OpenERP 6.0.3 the client fails with "Could not connect to
  server" if the server's pg_hba.conf restricts access to 'template1'.

  This bug may only affect people in a shared environment with multiple
  apps with their own databases hosted on the same instance of postgres.
  In a managed environment, it'd be expected that database access would
  be controlled via pg_hba.conf

  Initially we had /etc/postgresql/8.4/main/pg_hba.conf configured to
  allow the 'openerp' user access to only the 'openerpdb' database.

   #/etc/postgresql/8.4/main/pg_hba.conf
   host openerpdb openerp 192.168.94.21/32 md5

  The openerp-server.log file showed ..

  [2011-09-15 13:58:04,013][postgres] ERROR:db.connection_pool:Connection to the database failed
  Traceback (most recent call last):
    File "/usr/share/pyshared/openerp-server/sql_db.py", line 303, in borrow
      result = psycopg2.connect(dsn=dsn, connection_factory=PsycoConnection)
  OperationalError: FATAL:  no pg_hba.conf entry for host "192.168.94.21", user "openerp", database "template1", SSL on
  FATAL:  no pg_hba.conf entry for host "192.168.94.21", user "openerp", database "template1", SSL off

  It seems that as part of connecting to the database the applications
  connect to a database before enumerating the databases owned by the
  'openerp' postgres user.

  The immediate fix is to adjust the
  /etc/postgresql/8.4/main/pg_hba.conf to allow access to template1

   #/etc/postgresql/8.4/main/pg_hba.conf 
   host openerpdb openerp 192.168.94.21/32 md5
   host template1 openerp 192.168.94.21/32 md5

To manage notifications about this bug go to:
https://bugs.launchpad.net/openobject-server/+bug/853612/+subscriptions

References

[Bug 853612] [NEW] OpenERP client fails to connect with a restricted pg_hba.conf
From: Ian Beardslee, 2011-09-19