I figured it out... I was (partially?) guilty of trying to use too many new features in pgbouncer 1.7.
There are the TLS/SSL settings & then there is the HBA access controls. (TLS/SSL doesn't need HBA access controls & vice-versa to work). Also, since pgbouncer & the database are on the same box, there is no need for the extra overhead of TLS/SSL between pgbouncer & the database.
Simplifying to just use more commonly used user authentication settings proved to be the fix.
First, postgresql.conf
& pg_hba.conf
were left untouched as show above.
pgbouncer.ini
, however, is this:
;
; pgbouncer configuration
;
[databases]
mydatabase = host=localhost port=5432 dbname=mydatabase
;
[pgbouncer]
listen_port = 6543
listen_addr = *
admin_users = lalligood, postgres
auth_type = cert
auth_file = pgbouncer/users.txt
logfile = /var/lib/pgsql/pgbouncer.log
pidfile = /var/lib/pgsql/pgbouncer.pid
ignore_startup_parameters = application_name
server_reset_query = DISCARD ALL;
pool_mode = session
max_client_conn = 1000
default_pool_size = 300
log_pooler_errors = 0
; Improve compatibility with Java/JDBC connections
ignore_startup_parameters = extra_float_digits
; TLS settings
client_tls_sslmode = verify-full
client_tls_key_file = server.key
client_tls_cert_file = server.crt
client_tls_ca_file = root.crt
So the specific changes are auth_type = cert
& auth_file = pgbouncer/users.txt
(changing/removing the HBA references) & stripping out the 4 server_tls_...
lines at the end.
The users authenticate to both pgbouncer and the postgres database using the SSL cert.
This also means that I have to put together a list of users that will be going through pgbouncer in ./pgbouncer/users.txt
. The format should be just like this (for each user):
"lalligood" ""
since pgbouncer will not be verifying any connections based on a password.
So what all this means is that TLS/SSL authentication/connectivity through pgbouncer works. But it also leaves me with the feeling that auth_type = hba
/ auth_hba_file = pg_hba.conf
is suspect at best; not working properly at worst.
Can you log into your games database using psql?
What I can see is that the first image has you connecting to localhost:5432, the second (the psql connection), you're connecting to jkalancic@vps73162 - on what appears to be a telnet session - are you sure that you're looking at the same database on the same machine?
[Following OP's answer]
A tip for next time - you could install from source and not be messing with /etc/postgresql - you can never be absolutely sure that you're not mixing clients, servers and ports unless you do this. I do this all the time for installs - on Linux and I see that you're on Ubuntu, so that should be a piece of cake.
PostgreSQL is really excellent for this kind of thing. Works first time straight - and you can tailor your prompt to point to your various installs - be sure to have a shutdown (in your startup script) if you want to put more than one server on port 5432.
Best Answer
Ok.. After some investigation I found where was mistake. So after adding new database it is required to edit pgbouncer.ini file and manualy add this database in [databases] section. Example:
We have followig databases:
Than pgbouncer.ini should contain