public inbox for [email protected]
help / color / mirror / Atom feedFrom: Tatsuo Ishii <[email protected]>
To: [email protected]
Cc: [email protected]
Subject: Re: Pgpool-II 4.7.0 released.
Date: Fri, 23 Jan 2026 13:35:10 +0900 (JST)
Message-ID: <[email protected]> (raw)
In-Reply-To: <CAGXsc+Yg8Y2xxPDtNNYekNvG+ABtzb9GtxuwrbfrBDMJXGVX9w@mail.gmail.com>
References: <CAGXsc+au8Wzjsuk1z-mqPFLfpkjQZSPneLLVbnkUs5rAMXNF=A@mail.gmail.com>
<[email protected]>
<CAGXsc+Yg8Y2xxPDtNNYekNvG+ABtzb9GtxuwrbfrBDMJXGVX9w@mail.gmail.com>
>> We are thinking to add:
>> wd_listen_addresses0=''
>> heartbeat_listen_addresses0=''
>> :
>> :
>>
>> because watchdog and hearbeat needs separate listen addresses
>> parameter. So if we would add these parameters, users will need to
>> configure number_of_watchdog_nodes * 2 parameters, which will be a
>> pain.
>
> I would expect to only have to configure 2 listen_addresses, because a
> single instance only listens once per service (watchdog and
> heartbeat). Is there a reason to have to configure the listen
> addresses for all nodes on every node? Why does node 0 need to know
> the listen address of nodes 1 and 2?
>
> Isn't it possible to add the configuration like this:
> wd_listen_address = '*'
> wd_port = 9009
> wd_heartbeat_listen_address = '*'
> wd_heartbeat_port = 9694
Ok, that makes sense.
wd_listen_addresses (consistent with listen_addresses)
wd_listen_port (wd_port already exists)
wd_heartbeat_listen_addresses (consistent with listen_addresses)
wd_heartbeat_listen_port (adding "listen" looks more consistent with other params)
> I think it's also better to not assume the listen address and port are
> identical to the address and port on which to connect. For example,
> specific TCP forwarding rules might redirect traffic to entirely
> different addresses and ports. So node 0 might listen at
> 192.168.3.50:10000, but TCP forwarding rules might require node 1 to
> connect to 10.0.3.50:9009 to connect to node 0.
Ok, so we will have following 4 new params?
wd_listen_addresses
wd_listen_port
wd_heartbeat_listen_addresses
wd_heartbeat_listen_port
>> One way to mitigate this is, to consider default values for these
>> parameters if they are not specified. There are two candidate for the
>> default value.
>>
>> (1) "*"
>>
>> This is similar to the pre-4.7 behavior, but less secure.
>>
>> (2) same as hostname0 (for wd_listen_addresses0) and
>> heartbeat_hostname0 (for heartbeat_hostname0).
>>
>> This is current 4.7 behavior and more secure but does not work for
>> your environment.
>>
>> What do you think?
>
> I think, whatever implementation for the new parameters is chosen, the
> default behavior or 4.7 should not change. So I'd go for option 2. I
> don't mind having to change the configuration to get 4.7 working for
> us, but I wouldn't expect a new version to be less secure by default
> than the previous version was.
Agreed.
Best regards,
--
Tatsuo Ishii
SRA OSS K.K.
English: http://www.sraoss.co.jp/index_en/
Japanese:http://www.sraoss.co.jp
reply
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Reply to all the recipients using the --to and --cc options:
reply via email
To: [email protected]
Cc: [email protected], [email protected], [email protected]
Subject: Re: Pgpool-II 4.7.0 released.
In-Reply-To: <[email protected]>
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox