question

piotrek-9759 avatar image
4 Votes"
piotrek-9759 asked ·

No connection to postgres database with IP on the whitelist

I noticed access to the Postgres DB is temporarily unavailable (few hours a day)
My IP address is on the whitelist. And sometimes I can connect to the DB but in some other time I cannot with the message

psql: FATAL: no pg_hba.conf entry for host "my_IP_address", user "my_user", database "my_db", SSL on

I don't make any changes neither to the DB nor to my local machine.

How can I investigate in on the Azure side?

Additionally, I can say that we have another Postgres DB in Azure where connection always works.

azure-database-postgresql
· 5
10 |1000 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

TobyHERSEY-4664 avatar image TobyHERSEY-4664 ·

My teams is also having this issue , since Monday 1st June

2 Votes 2 · ·
JohnPIPPET-9823 avatar image JohnPIPPET-9823 ·

Having the exact same issue! No changes made, added my IP address that it is complaining about to my Postgres firewall whitelist in Azure and waited for propagation... only happening to one of our 6 databases which is strange...

Some additional info to assist:

Region: West Europe
pg Version: 4.17
pg Admin Version: 4
Python Version: 3.7.3
Flask Version: 1.0.2

Issue has been happening for me since this morning (3rd June)

2 Votes 2 · ·
DanielFrouz-6392 avatar image DanielFrouz-6392 ·

Hello, we have same problem in WEST EU.

We switched one of our servers accessing to Azure PostgreSQL. So we updated firewall settings - delete IP of old server and add IP of new server. Saving firewall rules in Azure was confirmed as successful. And result?

New server still getting error "FATAL: no pg_hba.conf entry for host...". And old server still have access even if old IP is not in firewall list.

Can you help us and tell where can be problem?

Thank you.

1 Vote 1 · ·
TobyHERSEY-4664 avatar image TobyHERSEY-4664 DanielFrouz-6392 ·

word from microsoft was that you need to restart the server , i've not tried yet as it a production server! Will have to soon though.

0 Votes 0 · ·
VPMars-3844 avatar image VPMars-3844 ·

This is happening in Canada central as well now. Can't access postgres instances anymore from outside of azure.

1 Vote 1 · ·

2 Answers

TobyHERSEY-4664 avatar image
1 Vote"
TobyHERSEY-4664 answered ·

Hi Guys,

I contacted Azure for support and they told me that i would need to restart the pg server, took me this long to arrange due to it being a prod instance! Just restarted it and i can now connect to the pg instance oin the same IP address i was using before so whitelist is now working as expect.

thanks
Toby

· Share
10 |1000 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

NavtejSaini-MSFT avatar image
0 Votes"
NavtejSaini-MSFT answered ·

Hi EveryOne

This issue has been fixed. Please restart your server for the same and it will work.

Here are the details of the root cause and mitigation:

https://docs.microsoft.com/en-us/answers/questions/31958/updating-firewall-rules-has-no-effect-for-azure-da.html

Description:

New firewall rules does not take effect after the recent maintenance on Azure Databases for PostgreSQL

Impact:
Customers were not able to connect to their server after adding/updating firewall rules for Azure Database for PostgreSQL after the recent maintenance

Root cause:
We found a bug in handling the caching of Postgres hba conf file which was causing the cache to not update even after there were changes in the hba conf file. We suspect that there are some corner cases where the directory change notification on the file share (where the hba conf file resides) fails and doesn’t update the cache. This was a new enhancement that was introduced with recent updates and we are currently debugging this issue further but as a mitigation we have disable this feature.

Mitigation & solution:
The caching changes were controlled with a feature switch (a configuration setting). To mitigate this issue we have disabled this feature switch and restart of the server will get these changes into effect.

Hope this helps.

Thanks
Navtej S



· Share
10 |1000 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.