Re: BUG #9003: Hard-coding to localhost in postmaster

Apologies: I should have explained more of the context in my original post to this list.
I work for Red Hat on OpenShift and discovered this while investigating error messages
in the postgres logs (the bug report in OpenShift: https://bugzilla.redhat.com/show_bug.cgi?id=1024676).
Since it impacts the autovacuum functionality for our users, I wanted to see if I could
get an upstream fix.

In OpenShift, user processes run inside a 'gear' - which has its own /etc/passwd entry,
selinux context, etc. Each gear user gets a 127.x.x.x loopback device to bind to so it
can all use the same ports like 8080 for web traffic, 5432 for postgres.  That's only
possible if each gear gets its own unique loopback address.  Binding to
localhost/127.0.0.1 is explicitly disallowed.

We are not currently using network namespaces in OpenShift because they were not available
in the RHEL kernel until 6.5 (released Nov 2013).  Now that they're supported, using them
in OpenShift is one of our high-priority items.

Hope that clarifies why I would be interested in this option :)

Thanks,

Paul

----- Original Message -----
> From: "Bruce Momjian" <bruce@momjian.us>
> To: "Tom Lane" <tgl@sss.pgh.pa.us>
> Cc: "Andres Freund" <andres@2ndquadrant.com>, "Paul Morie" <pmorie@redhat.com>, pgsql-bugs@postgresql.org
> Sent: Tuesday, January 28, 2014 11:19:00 AM
> Subject: Re: [BUGS] BUG #9003: Hard-coding to localhost in postmaster
>
> On Tue, Jan 28, 2014 at 11:15:54AM -0500, Tom Lane wrote:
> > Andres Freund <andres@2ndquadrant.com> writes:
> > > On 2014-01-28 10:41:49 -0500, Paul Morie wrote:
> > >> The challenge we have in openshift is that we have multiple users on a
> > >> single node who all want to bind to the same port.  To deal with this,
> > >> we forbid the users from binding to 127.0.0.1 using selinux and
> > >> allocate IPs for them to bind to.
> >
> > > Uhm. What about using network namespaces?
> >
> > > To me this really sounds like tackling things from the wrong
> > > end. Instead of fixing the infrastructure once this way you need to
> > > adapt various pieces of software in odd ways.
> >
> > Yeah.  In particular, I'd always supposed that a platform that wanted
> > to use some other IP address than 127.0.0.1 for loopback would also be
> > expected to make sure that "localhost" mapped to that other IP address.
> > Otherwise, there simply isn't any way to make network-using software
> > work except random hacks.
> >
> > Frankly, I don't think you're going to get any cooperation from Postgres
> > in adapting to such a broken networking environment as this, and I doubt
> > other upstreams are going to be any more positive about it.
>
> Also, certainly other users are using Postgres and Openshift.  What is
> different about your environment?  Is it some new feature of Openshift?
>
> --
>   Bruce Momjian  <bruce@momjian.us>        http://momjian.us
>   EnterpriseDB                             http://enterprisedb.com
>
>   + Everyone has their own god. +
>