Обсуждение: BUG #13793: Please implement IP_FREEBIND option
The following bug has been logged on the website: Bug reference: 13793 Logged by: Tomasz Torcz Email address: tomek@pipebreaker.pl PostgreSQL version: 9.4.5 Operating system: Linux Description: IP_FREEBIND socket option allows application to bind on IP address, which i s not (yet) configured on any interface. I'd like to see Postgresql binding to all specified 'listen_addresses', even if some of then are not available at the moment pgsql starts. Optionally, postmaster could put in logs information about that action. Right know it is: LOG: could not bind IPv6 socket: Cannot assign requested address WARNING: could not create listen socket for "2001:DB8::1" It could be: LOG: could not bind IPv6 socket: Cannot assign requested address WARNING: binding anyway to "2001:DB8::1"
Re: tomek@pipebreaker.pl 2015-12-03 <20151203165520.5892.4072@wrigleys.postgresql.org> > Bug reference: 13793 > Logged by: Tomasz Torcz > Email address: tomek@pipebreaker.pl > PostgreSQL version: 9.4.5 > Operating system: Linux > Description: > > IP_FREEBIND socket option allows application to bind on IP address, which i > s not (yet) configured on any interface. > I'd like to see Postgresql binding to all specified 'listen_addresses', even > if some of then are not available at the moment pgsql starts. > Optionally, postmaster could put in logs information about that action. > Right know it is: > > LOG: could not bind IPv6 socket: Cannot assign requested address > WARNING: could not create listen socket for "2001:DB8::1" > > It could be: > LOG: could not bind IPv6 socket: Cannot assign requested address > WARNING: binding anyway to "2001:DB8::1" Re: To Sebastian Elisa Pfeifer 2018-09-07 <20180907143718.GF29573@msg.df7cb.de> > Re: Sebastian Elisa Pfeifer 2018-09-07 <ab23ab6a-f54a-4063-be3d-dbc93f5dedd2@ixolit.com> > > |2018-09-06 14:02:32 UTC LOG: could not bind IPv4 socket: Cannot assign > > requested address 2018-09-06 14:02:32 UTC HINT: Is another postmaster > > already running on port 5432? If not, wait a few seconds and retry. > > 2018-09-06 14:02:32 UTC WARNING: could not create listen socket for > > "123.123.123.123"| > > > > Possible fix: Adding the parameter After=network-online.target to it's > > SystemD Unit file. > > > > Our setup includes the setting: > > listen_addresses = 'localhost,123.123.123.123' (not the real IP) > > Hi, > > thanks for the report. > > I'll have to investigate if that's the correct fix in general. Afaict > network-online.target does less than what the name says, i.e. some > interfaces might still be configuring even at that point. Usual > symptoms are IPv6 devices that are still in address discovery. According to https://www.freedesktop.org/wiki/Software/systemd/NetworkTarget/ , network-online.target is meant to be used for networking clients that need to actually access the network. For daemons that merely provide networking services, the suggested solution is to enable IP_FREEBIND on the socket: http://man7.org/linux/man-pages/man7/ip.7.html IP_FREEBIND (since Linux 2.4) If enabled, this boolean option allows binding to an IP address that is nonlocal or does not (yet) exist. This per‐ mits listening on a socket, without requiring the underlying network interface or the specified dynamic IP address to be up at the time that the application is trying to bind to it. This option is the per-socket equivalent of the ip_nonlo‐ cal_bind /proc interface described below. This had been requested in 2015 in bug #13793. I think it makes sense to support this. Especially with IPv6, it is very common that addresses are not yet assigned when services are starting. (I don't know yet if other OSes support this option as well.) Do we want that in PostgreSQL? Christoph
Christoph Berg <myon@debian.org> writes: > http://man7.org/linux/man-pages/man7/ip.7.html > IP_FREEBIND (since Linux 2.4) > If enabled, this boolean option allows binding to an IP > address that is nonlocal or does not (yet) exist. This per‐ > mits listening on a socket, without requiring the underlying > network interface or the specified dynamic IP address to be up > at the time that the application is trying to bind to it. > This option is the per-socket equivalent of the ip_nonlo‐ > cal_bind /proc interface described below. > This had been requested in 2015 in bug #13793. I think it makes sense > to support this. Especially with IPv6, it is very common that > addresses are not yet assigned when services are starting. (I don't > know yet if other OSes support this option as well.) That man page says specifically that it's Linux-only, although that shouldn't stop us from using it to solve a Linux-specific problem (which systemd is, AFAIK). > Do we want that in PostgreSQL? IIRC, the main concern expressed previously is that this would completely defeat error checking on the listen_addresses parameter. However, that doesn't apply if said parameter is "*". Would there be any sense in applying IP_FREEBIND only for "*"? regards, tom lane
Re: Tom Lane 2018-09-10 <9118.1536587267@sss.pgh.pa.us> > > Do we want that in PostgreSQL? > > IIRC, the main concern expressed previously is that this would completely > defeat error checking on the listen_addresses parameter. However, that > doesn't apply if said parameter is "*". Would there be any sense in > applying IP_FREEBIND only for "*"? "*" should work always, so IP_FREEBIND shouldn't make any difference. In the meantime I found https://bugzilla.redhat.com/show_bug.cgi?id=1357199 (from July 2016) where the problem had been discussed before. Re error checking, the state at the moment is actually worse than it would be with IP_FREEBIND. If multiple addresses are configured, and only one of them fails, there is no error, and startup proceeds: listen_addresses = 'localhost,1.2.3.4' LOG: listening on IPv6 address "::1", port 5432 LOG: listening on IPv4 address "127.0.0.1", port 5432 LOG: could not bind IPv4 address "1.2.3.4": Cannot assign requested address HINT: Is another postmaster already running on port 5432? If not, wait a few seconds and retry. WARNING: could not create listen socket for "1.2.3.4" So unless the user checks the log, everything seems fine, but actually the socket is unreachable. With IP_FREEBIND, we could still log a WARNING first, and then proceed with binding. With only one IP configured, there is an ERROR: LOG: could not bind IPv4 address "1.2.3.4": Cannot assign requested address HINT: Is another postmaster already running on port 5432? If not, wait a few seconds and retry. WARNING: could not create listen socket for "1.2.3.4" FATAL: could not create any TCP/IP sockets I think it is a bug that these cases behave differently. I'd opt to apply IP_FREEBIND (and hopefully the equivalent on other kernels), and log a WARNING. Binding to a IP that is not assigned is also an important use-case in HA setups that have a virtual (floating) IP. Christoph
On Mon, Sep 10, 2018 at 04:03:01PM +0200, Christoph Berg wrote: > > I'd opt to apply IP_FREEBIND (and hopefully the equivalent on other > kernels), and log a WARNING. Binding to a IP that is not assigned is > also an important use-case in HA setups that have a virtual (floating) > IP. Hey, BSDs have IP_BINDANY option, which seem to provide the same behaviour. -- Tomasz Torcz "God, root, what's the difference?" xmpp: zdzichubg@chrome.pl "God is more forgiving."
>>>>> "Tomasz" == Tomasz Torcz <tomek@pipebreaker.pl> writes: Tomasz> BSDs have IP_BINDANY option, which seem to provide the same Tomasz> behaviour. I believe that requires privilege. -- Andrew (irc:RhodiumToad)