我在 ubuntu 12.04 上运行 postgresql 9.1。
我想更改 postgres 的数据目录。因此我创建了一个新目录并运行 initdb。我还创建了证书到数据目录的符号链接。
但是 postgres 仍然找不到 root.crt:
sudo /etc/init.d/postgresql start
* Starting PostgreSQL 9.1 database server * The PostgreSQL server failed to start. Please check the log output:
2012-08-17 16:02:33 CEST FATAL: could not load root certificate file "root.crt": no SSL error reported
我做错了什么?数据目录如下所示:
ls -la
total 92
drwx------ 13 postgres postgres 4096 Aug 16 14:36 .
drwxr-xr-x 3 root root 4096 Aug 16 13:57 ..
drwx------ 5 postgres postgres 4096 Aug 16 14:00 base
drwx------ 2 postgres postgres 4096 Aug 16 14:36 global
drwx------ 2 postgres postgres 4096 Aug 16 14:00 pg_clog
-rw------- 1 postgres postgres 4476 Aug 16 14:00 pg_hba.conf
-rw------- 1 postgres postgres 1636 Aug 16 14:00 pg_ident.conf
drwx------ 4 postgres postgres 4096 Aug 16 14:00 pg_multixact
drwx------ 2 postgres postgres 4096 Aug 16 14:35 pg_notify
drwx------ 2 postgres postgres 4096 Aug 16 14:00 pg_serial
drwx------ 2 postgres postgres 4096 Aug 16 14:36 pg_stat_tmp
drwx------ 2 postgres postgres 4096 Aug 16 14:00 pg_subtrans
drwx------ 2 postgres postgres 4096 Aug 16 14:00 pg_tblspc
drwx------ 2 postgres postgres 4096 Aug 16 14:00 pg_twophase
-rw------- 1 postgres postgres 4 Aug 16 14:00 PG_VERSION
drwx------ 3 postgres postgres 4096 Aug 16 14:00 pg_xlog
-rw------- 1 postgres postgres 19169 Aug 16 14:00 postgresql.conf
-rw------- 1 postgres postgres 126 Aug 16 14:35 postmaster.opts
lrwxrwxrwx 1 postgres postgres 31 Aug 16 14:13 root.crt -> /etc/postgresql-common/root.crt
lrwxrwxrwx 1 postgres postgres 36 Aug 16 14:13 server.crt -> /etc/ssl/certs/ssl-cert-snakeoil.pem
lrwxrwxrwx 1 postgres postgres 38 Aug 16 14:13 server.key -> /etc/ssl/private/ssl-cert-snakeoil.key
所以 root.crt 应该存在并且可见。
有什么建议么?
答案1
感谢 Chida 的提示!
输出为:
sudo -u postgres cat /etc/postgresql-common/root.crt
This is a dummy root certificate file for PostgreSQL. To enable client side
authentication, add some certificates to it. Client certificates must be signed
with any certificate in this file to be accepted.
A reasonable choice is to just symlink this file to
/etc/ssl/certs/ssl-cert-snakeoil.pem; in this case, client certificates need to
be signed by the postgresql server certificate, which might be desirable in
many cases. See
file:///usr/share/doc/postgresql-doc-8.3/html/ssl-tcp.html
for details (in package postgresql-doc-8.3).
因此我将数据目录中的 root.crt 指向 /etc/ssl/certs/ssl-cert-snakeoil.pem:
ln -s /etc/ssl/certs/ssl-cert-snakeoil.pem root.crt
然后postgresql启动了,没有任何错误!
答案2
我遇到了这个问题,玩弄了符号链接和实际的 /etc/ssl/* 目录/文件权限,但仍然出现此错误。
最后,我通过删除 /var/lib/postgresql/*/main 中的符号链接并将 .pem 和 .key 文件从 /etc/ssl 中的相应目录中复制出来,将其名称更改为相关的符号链接名称,将组所有者设置为 ssl-cert,最终能够让数据库重新启动。