[Pkg-postgresql-public] Bug#833748: Bug#833748: postgresql: postgresql should wait for openvpn on boot
Christoph Berg
myon at debian.org
Mon Aug 8 13:22:34 UTC 2016
Control: tags -1 moreinfo
Re: Michal Palenik 2016-08-08 <147065968559.21769.7310622273041887833.reportbug at localhost>
> Package: postgresql-9.5
> Version: 9.5.3-1
> Severity: normal
> File: postgresql
>
> Dear Maintainer,
>
> on boot postgresql server should have openvpn (or any other VPN server) loaded and ready before starting postgresql server.
>
> if postgresql server is listening on a vpn device (tun, tap) and if this device does not exist (because the vpn server is not started yet),
> the postgresql server starts but it listens only on the available devices/sockets.
>
> probably adding "openvpn" into Required-Start: of /etc/init.d/postgresql should do the trick (but I have no box without openvpn)
Hi Michal,
thanks for the suggestion.
Adding a specific VPN solution (openvpn) to the init script of some
other daemon seems like the wrong solution to me. I'd be more in
favour if there was a generic $vpn_networking target, but even that
would likely just fix the problem for your case, but not in general.
What if openvpn is configured to authenticate users via a PostgreSQL
database (directly or via pam)? Then the dependency would need to
point in the other direction.
(Does systemd offer any help here?)
Other solutions for your case would be to listen on "*" instead, or to
configure ipv4.ip_nonlocal_bind or ipv6.ip_nonlocal_bind in the kernel
to allow daemons to bind to an IP before that IP is actually
configured on the system.
Christoph
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-postgresql-public/attachments/20160808/9d0a7605/attachment.sig>
More information about the Pkg-postgresql-public
mailing list