Discussion:
[ADMIN] stats and unix sockets
(too old to reply)
Bèrto ëd Sèra
2011-12-21 15:03:36 UTC
Permalink
Hi all,

I have a requirement for PG (9.1) to run without any open port at all.
Everything is fine, but the stats collector seems to be unable to work
unless the port is left open on the fw. Is there any way to tell the stats
they should use a unix socket in instead? Google did not offer much on the
issue, thus far.

BÚrto
--
==============================
If Pac-Man had affected us as kids, we'd all be running around in a
darkened room munching pills and listening to repetitive music.
Tom Lane
2011-12-21 16:16:10 UTC
Permalink
Post by Bèrto ëd Sèra
I have a requirement for PG (9.1) to run without any open port at all.
That's a pretty stupid requirement. The stats collector socket is bound
to itself, so it's inaccessible from anywhere else (on machine or off)
regardless of firewall settings. There's no need to worry about it,
and no there is not a provision for doing it via unix socket instead.

regards, tom lane
--
Sent via pgsql-admin mailing list (pgsql-***@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-admin
Bèrto ëd Sèra
2011-12-21 16:21:27 UTC
Permalink
Hi!
Post by Tom Lane
That's a pretty stupid requirement. The stats collector socket is bound
to itself, so it's inaccessible from anywhere else (on machine or off)
regardless of firewall settings. There's no need to worry about it,
and no there is not a provision for doing it via unix socket instead.
Indeed it is a totally harmless thing and the request makes little (if any)
sense. I will pass the answer over and I do share your stance regarding
excess in paranoid modes :)

BÚrto
--
==============================
If Pac-Man had affected us as kids, we'd all be running around in a
darkened room munching pills and listening to repetitive music.
Greg Spiegelberg
2011-12-21 16:50:43 UTC
Permalink
Post by Bèrto ëd Sèra
Hi!
Post by Tom Lane
That's a pretty stupid requirement. The stats collector socket is bound
to itself, so it's inaccessible from anywhere else (on machine or off)
regardless of firewall settings. There's no need to worry about it,
and no there is not a provision for doing it via unix socket instead.
Indeed it is a totally harmless thing and the request makes little (if
any) sense. I will pass the answer over and I do share your stance
regarding excess in paranoid modes :)
Can you create a virtual network interface, assign an address to it and
have PostgreSQL listen to it in addition to the socket? I'm thinking not
the eth0:X type but potentially what VirtualBox (vboxnet0), VMware (vmnet0)
or other virtualization products do using brctl.

Greg
Bèrto ëd Sèra
2011-12-21 18:18:34 UTC
Permalink
Hi!

Can you create a virtual network interface, assign an address to it and
Post by Greg Spiegelberg
have PostgreSQL listen to it in addition to the socket? I'm thinking not
the eth0:X type but potentially what VirtualBox (vboxnet0), VMware (vmnet0)
or other virtualization products do using brctl.
This might actually be an option, I'll forward it to the admin, as I'm not
personally in charge for this level of configuration on the box.

Thanks
BÚrto
--
==============================
If Pac-Man had affected us as kids, we'd all be running around in a
darkened room munching pills and listening to repetitive music.
Loading...