This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Blason_R
MVP Gold
MVP Gold
‎2025-05-07 01:34 AM

Is anyone postgresql expert here?

Hi Team,

I am encountering a problem with the PostgreSQL service failing to start on CP R81.10, which has resulted in the CPM being down. Upon conducting some debugging, I noticed that it appears the PostgreSQL superuser is missing (which I think).

This issue arose after I expanded the lv_current disk and rebooted the management server. I have already opened a case with TAC, but I anticipate that it may take some time to resolve, as it might require involvement from R&D.

In the meantime, I am hoping that someone from the community can assist me in rectifying this error or if someone have competency on postgres

Exception in thread "main" org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'setupPreparationBean' defined in class path resource [objectStoreConfiguration.xml]: Invocation of init method failed; nested exception is CpmGeneralException{base='com.checkpoint.management.is.exceptions.CpmGeneralException: Couldn't connect to database', errorCode='CP_ERR_DATABASE_CONNECTION', errorFamily='null', messageForUser='null', message='Couldn't connect to database'}
        at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFactory.java:1455)
        at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:519)
        at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:456)
        at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:294)
        at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:225)
        at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:291)
        at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:193)
        at org.springframework.beans.factory.support.DefaultListableBeanFactory.preInstantiateSingletons(DefaultListableBeanFactory.java:585)
        at org.springframework.context.support.AbstractApplicationContext.finishBeanFactoryInitialization(AbstractApplicationContext.java:913)
        at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:464)
        at org.springframework.context.support.ClassPathXmlApplicationContext.<init>(ClassPathXmlApplicationContext.java:139)
        at org.springframework.context.support.ClassPathXmlApplicationContext.<init>(ClassPathXmlApplicationContext.java:93)
        at com.checkpoint.infrastructure.spring.IgnoringDuplicateBeansClassPathXmlApplicationContext.<init>(IgnoringDuplicateBeansClassPathXmlApplicationContext.java:10)
        at com.checkpoint.management.cpm.Cpm.initSpringContext(Cpm.java:9)
        at com.checkpoint.management.cpm.Cpm.main(Cpm.java:168)
Caused by: CpmGeneralException{base='com.checkpoint.management.is.exceptions.CpmGeneralException: Couldn't connect to database', errorCode='CP_ERR_DATABASE_CONNECTION', errorFamily='null', messageForUser='null', message='Couldn't connect to database'}

Now when I tried restarting from scripts

bash -x ./postgres_restart.sh
++ pwd
+ ORIG_DIR=/opt/CPsuite-R81.10/fw1/scripts
+ cd /opt/CPsuite-R81.10/fw1
+ su -s /bin/bash -c '/opt/CPsuite-R81.10/fw1/scripts/postgres_commands.sh restart ' cp_postgres
Running pg_ctl restart
waiting for server to shut down.... done
server stopped
waiting for server to start.... done
server started
Running pg_ctl reload
server signaled
+ cd /opt/CPsuite-R81.10/fw1/scripts

I guess it has something realted to role postgres

025-05-07 13:42:58.772 IST [27601] LOG:  listening on Unix socket "/tmp/.s.PGSQL.5432"
2025-05-07 13:42:58.816 IST [27602] LOG:  database system was shut down at 2025-05-07 13:42:58 IST
2025-05-07 13:42:58.819 IST [27601] LOG:  database system is ready to accept connections
2025-05-07 13:42:58.863 IST [27601] LOG:  received SIGHUP, reloading configuration files
2025-05-07 13:43:19.723 IST [28451] FATAL:  role "postgres" does not exist
2025-05-07 13:45:19.661 IST [32543] FATAL:  role "postgres" does not exist
2025-05-07 13:45:19.712 IST [32741] FATAL:  role "postgres" does not exist
2025-05-07 13:45:55.423 IST [686] FATAL:  role "admin" does not exist
2025-05-07 13:47:19.700 IST [2195] FATAL:  role "postgres" does not exist
2025-05-07 13:48:19.678 IST [3222] FATAL:  role "postgres" does not exist
2025-05-07 13:49:19.707 IST [6859] FATAL:  role "postgres" does not exist
2025-05-07 13:51:19.671 IST [8942] FATAL:  role "postgres" does not exist
2025-05-07 13:51:19.723 IST [9145] FATAL:  role "postgres" does not exist
2025-05-07 13:51:44.335 IST [27601] LOG:  received fast shutdown request
2025-05-07 13:51:44.337 IST [27601] LOG:  aborting any active transactions
2025-05-07 13:51:44.337 IST [27601] LOG:  background worker "logical replication launcher" (PID 27608) exited with exit code 1
2025-05-07 13:51:44.338 IST [27603] LOG:  shutting down
2025-05-07 13:51:44.359 IST [27601] LOG:  database system is shut down
2025-05-07 13:51:44.442 IST [9450] LOG:  listening on IPv4 address "127.0.0.1", port 5432
2025-05-07 13:51:44.446 IST [9450] LOG:  listening on Unix socket "/tmp/.s.PGSQL.5432"
2025-05-07 13:51:44.491 IST [9455] LOG:  database system was shut down at 2025-05-07 13:51:44 IST
2025-05-07 13:51:44.494 IST [9450] LOG:  database system is ready to accept connections
2025-05-07 13:51:44.537 IST [9450] LOG:  received SIGHUP, reloading configuration files

 

Thanks and Regards,
Blason R
CCSA,CCSE,CCCS
0 Kudos
6 Replies
PhoneBoy
Admin
Admin
‎2025-05-07 07:06 AM

The message 'role "postgres" does not exist' suggests TAC should be involved here: https://support.checkpoint.com/results/sk/sk164656 

0 Kudos
Blason_R
MVP Gold
MVP Gold
‎2025-05-07 07:51 PM
In response to PhoneBoy

I have already reached out to those individuals; however, it is surprising that despite providing all the necessary details, the case was assigned to a Level 1 engineer. I repeatedly requested during the call that R&D or a senior engineer be involved, as I have conducted extensive troubleshooting. The response I received was quite unexpected. They instructed me to create a new virtual machine and restore it. I explained that this is an AWS virtual machine, and obtaining the same private IP address, which is utilized for SIC, may not be feasible. I believe that starting anew should not be considered a viable solution. This situation clearly indicates an issue with the database that can be resolved, correct?

Thanks and Regards,
Blason R
CCSA,CCSE,CCCS
PhoneBoy
Admin
Admin
‎2025-05-08 06:10 AM
In response to Blason_R

IPs matter insofar as implied rules go, but SIC itself doesn't authenticate with IP addresses.
If the issue is, in fact, database corruption, a backup/restore of the same environment also exhibiting the same behavior would be expected.

0 Kudos
the_rock
MVP Platinum
MVP Platinum
‎2025-05-07 07:15 PM

Im not an expert in it by any means, but I have some experience. Here is what I would try.

Based on those errors:

1) connect as super user and run:

\du

2) If role is missing, you can try recreate it:

CREATE ROLE postgres WITH SUPERUSER LOGIN PASSWORD 'your_password';

3) Check pg_hba.conf

line should allow postgres to connect, something along the lines local all postgres peer

4) See if any additional logs that could be helpful

I can also ask one of my colleagues, he is real genius when it comes to this, Im sure he can give way better insight into it.

Andy

Best,
Andy
0 Kudos
Blason_R
MVP Gold
MVP Gold
‎2025-05-07 07:53 PM
In response to the_rock

I appreciate your assistance; however, I am not an expert in PostgreSQL and lack a comprehensive understanding of its functionality. While I am quite familiar with MariaDB/MySQL, PostgreSQL and its customization by checkpoint remain unfamiliar to me. Nevertheless, I will review the pg_hba configuration file to investigate further. Thank you once again for your help.

Thanks and Regards,
Blason R
CCSA,CCSE,CCCS
0 Kudos
the_rock
MVP Platinum
MVP Platinum
‎2025-05-07 08:13 PM
In response to Blason_R

Yea, of course, not a problem. Let me check with my colleague tomorrow morning and I will let you know what he says.

Andy

Best,
Andy
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events