c2c-oerpscenario team mailing list archive

Thread
Date

[Bug 853612] Re: OpenERP client fails to connect with a restricted pg_hba.conf

To: c2c-oerpscenario@xxxxxxxxxxxxxxxxxxx
From: "Olivier Dony \(OpenERP\)" <853612@xxxxxxxxxxxxxxxxxx>
Date: Mon, 26 Sep 2011 09:50:17 -0000
Reply-to: Bug 853612 <853612@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Hi,

Thanks for analyzing this issue and providing possible solutions. We'll
probably come up with a solution along these lines!

Notes to dev:
- config['db_name'] could contain a comma-separated list of database names
- all exp_*() methods are meant to be exposed in RPC, which might not be desired here.
- to be discussed with odo/vmt

** Changed in: openobject-server
   Importance: Undecided => Low

** Changed in: openobject-server
       Status: Triaged => Confirmed

** Changed in: openobject-server
     Assignee: (unassigned) => OpenERP's Framework R&D (openerp-dev-framework)

-- 
You received this bug notification because you are a member of C2C
OERPScenario, which is subscribed to OpenERP Project Group.
https://bugs.launchpad.net/bugs/853612

Title:
  OpenERP client fails to connect with a restricted pg_hba.conf

Status in OpenERP Server:
  Confirmed

Bug description:
  Using OpenERP 6.0.3 the client fails with "Could not connect to
  server" if the server's pg_hba.conf restricts access to 'template1'.

  This bug may only affect people in a shared environment with multiple
  apps with their own databases hosted on the same instance of postgres.
  In a managed environment, it'd be expected that database access would
  be controlled via pg_hba.conf

  Initially we had /etc/postgresql/8.4/main/pg_hba.conf configured to
  allow the 'openerp' user access to only the 'openerpdb' database.

   #/etc/postgresql/8.4/main/pg_hba.conf
   host openerpdb openerp 192.168.94.21/32 md5

  The openerp-server.log file showed ..

  [2011-09-15 13:58:04,013][postgres] ERROR:db.connection_pool:Connection to the database failed
  Traceback (most recent call last):
    File "/usr/share/pyshared/openerp-server/sql_db.py", line 303, in borrow
      result = psycopg2.connect(dsn=dsn, connection_factory=PsycoConnection)
  OperationalError: FATAL:  no pg_hba.conf entry for host "192.168.94.21", user "openerp", database "template1", SSL on
  FATAL:  no pg_hba.conf entry for host "192.168.94.21", user "openerp", database "template1", SSL off

  It seems that as part of connecting to the database the applications
  connect to a database before enumerating the databases owned by the
  'openerp' postgres user.

  The immediate fix is to adjust the
  /etc/postgresql/8.4/main/pg_hba.conf to allow access to template1

   #/etc/postgresql/8.4/main/pg_hba.conf 
   host openerpdb openerp 192.168.94.21/32 md5
   host template1 openerp 192.168.94.21/32 md5

To manage notifications about this bug go to:
https://bugs.launchpad.net/openobject-server/+bug/853612/+subscriptions

References

[Bug 853612] [NEW] OpenERP client fails to connect with a restricted pg_hba.conf
From: Ian Beardslee, 2011-09-19