Received: from malur.postgresql.org ([217.196.149.56])
	by arkaria.postgresql.org with esmtps  (TLS1.3) tls
 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.96)
	(envelope-from <pgpool-general-owner+archive@lists.postgresql.org>)
	id 1virZI-00HVYi-0d
	for pgpool-general@arkaria.postgresql.org;
	Thu, 22 Jan 2026 10:05:36 +0000
Received: from localhost ([127.0.0.1] helo=malur.postgresql.org)
	by malur.postgresql.org with esmtp (Exim 4.96)
	(envelope-from <pgpool-general-owner+archive@lists.postgresql.org>)
	id 1virZH-00COsx-1B
	for pgpool-general@arkaria.postgresql.org;
	Thu, 22 Jan 2026 10:05:35 +0000
Received: from makus.postgresql.org ([2001:4800:3e1:1::229])
	by malur.postgresql.org with esmtps  (TLS1.3) tls
 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.96)
	(envelope-from <emond.papegaaij@gmail.com>)
	id 1virZH-00COsk-0A
	for pgpool-general@lists.postgresql.org;
	Thu, 22 Jan 2026 10:05:35 +0000
Received: from mail-pj1-x1031.google.com ([2607:f8b0:4864:20::1031])
	by makus.postgresql.org with esmtps  (TLS1.3) tls
 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
	(Exim 4.96)
	(envelope-from <emond.papegaaij@gmail.com>)
	id 1virZE-001kVq-0a
	for pgpool-general@lists.postgresql.org;
	Thu, 22 Jan 2026 10:05:34 +0000
Received: by mail-pj1-x1031.google.com with SMTP id
 98e67ed59e1d1-34c868b197eso698523a91.2
        for <pgpool-general@lists.postgresql.org>;
 Thu, 22 Jan 2026 02:05:32 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1769076332; cv=none;
        d=google.com; s=arc-20240605;
        b=hKHjKLpnovxPO+fkYN/EPYj47WcgOmNi9exJS8ZHHZT84TywYSriX0ZA4l+OuFMzSe
         Jz0cQ/5HwGl8XswzpoJBcZsVT+Oxe6/G1oLygeCAoTN5dMLX5RlqbeQXQEJ5tvXN1mnf
         qTUZFJAJcPxXXzeDF9MXthuhIq0MI6NwmX3i7x9n4uMs0l2qbrWhXqdTCj/P9AoYmgs/
         war/o0vsL68VanW+I2RsM+cVut5G1vQrf57ibtR1E2wKAfp7QKP/ifvfo2ux8JgT5QYl
         i7CrNPh5Ects3SYrybER7u1raE/pQ0r/GCQkWVlaaeisAfpIC+C2mA37wH8tPex8XAzw
         cJMw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20240605;
        h=cc:to:subject:message-id:date:from:in-reply-to:references
         :mime-version:dkim-signature;
        bh=nO3MZgxVS6fprvMXrRx86DdSCHhHQa5wtRAzFdQ+j5Q=;
        fh=yHMGB8wmFJE1dPR8R34UoltOr7gCbXINpWF5Qu+in44=;
        b=b6Y0nx+yFlx/wg9tmkOTucfSO1zmjA9iSwYXjLduKjk/cDYZCZqnicLTzQNu5t/ZuL
         wR2R2yqdf+u5QusfL1rZ8Bp1QefzEu3iQGRS/8pOWeXcUwHwrJU/Rr46tJkbWjwTEf52
         4A6V9rloYSMkVfwUpDXjdNd3L7OK/KDtEsqfsgngBFfeBWHM7BMQBdDiSUCs+FVlaKBy
         OApKEkiqqtbPxaoDZIdJXgXQ2sDvMjppIKCW8pXuqnBv/wyFaNuLctC8Z63ow8jYTcvw
         YGq5aV73BKR0Paspo5Ow/HdO0Nn4wMLQbWF55s3txklp+6BAW7aGpIUs8wLrNXuqHQ46
         qZUw==;
        darn=lists.postgresql.org
ARC-Authentication-Results: i=1; mx.google.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20230601; t=1769076332; x=1769681132;
 darn=lists.postgresql.org;
        h=cc:to:subject:message-id:date:from:in-reply-to:references
         :mime-version:from:to:cc:subject:date:message-id:reply-to;
        bh=nO3MZgxVS6fprvMXrRx86DdSCHhHQa5wtRAzFdQ+j5Q=;
        b=lf1dmj1RddrTJQtgwCmyaHR1dV3XL+Ev3TIKd3exQB52PLrFuGq03z1nmbyhcKnV50
         vCMbYGGxr7FSNEm6ME4ItaY3n6whv3jmkhNgxNub7KWlL0eLBNueYDnBn3AcHM1v5tU5
         GSKv3X0f4HyecdFElwHRJlfgfRigSG28FVsow/ufGqGhdgc8mIPZ/4MF7rkM+QlsCcgs
         +SKRSHccLaexfotUzMA1/GEtZkgCWr5bdyyJsEoYP0sQcSvCvnEGD7SEYKo1sfVSb34w
         kweYGf1V8OsqhPEd1HImqdaI4Q9vuWqP3K/bjrSWDNDBagqXQoFqvDq56QMt66mSfO8E
         CrfQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1769076332; x=1769681132;
        h=cc:to:subject:message-id:date:from:in-reply-to:references
         :mime-version:x-gm-gg:x-gm-message-state:from:to:cc:subject:date
         :message-id:reply-to;
        bh=nO3MZgxVS6fprvMXrRx86DdSCHhHQa5wtRAzFdQ+j5Q=;
        b=UgN80pDipXUiEojWERHYpynbRaso2DCqMHkfs3RcxyMr2+5rKGS+SrgPyvm0u9mrXQ
         YCiIxW0tCt4EPQ2UFdMMRcaYeCxjcp9AzXIiZDoLbYN6R7H8a2hCIn92WdxOw8uR8GMZ
         F7cBTV3P4x/Rn18eXpTFSNI8Sns8wQE0RjqJ31wldMUoS8RoOI5VVQvcgQ5KnoVGw4nb
         qXnzdnEx9jTR3Lle3WLqmqDKd72Gj+lbeggVPkCMI+a1Ve2EuGThgjPaJw4+dcfr75NP
         n9pWFoQ8i0UNm700Spdqvifg38R9ulRtD/69ZBRvY1b/a63+j8ZS7iRnJjt9HOGMTFq9
         +85w==
X-Gm-Message-State: AOJu0YxymRmNVFs1XQUoeo7S6R1k8baBhk8bCwel1ZKujLEcXXZ+3zXm
	o52ArMmDGzY6WC9D5xIATzg+lyRe/fCzmojivwy9xSX+BsGq/Rewz6XlB2kWu5owwylHPlsBlr+
	SY+Kxk1sQqSj3EBAPT+gwXIGMvgHZRuPGsxEi
X-Gm-Gg: AZuq6aLMAUgQbRMp/X/G7dytXCkhqiTgHNC8mESI1oMS+DnD9kVNT8h/VeutXet7/U6
	uUj8bFa/1Nv68Lzrrkt2s7IyztR40pQ+IuDq+5uzrHjbFrbbaudR4p0FJOhOv4nEHuXiUwrwrTl
	Jam+lWIkz0mjTs+jehr3SmZSehlXTTrPc8DzC6Q6RcwSWZJ91Gp3zisBlYregDWhzorNu6LaPGQ
	hCQp9EG/jrt/3cy6Hqa5QKEpn6OqoMagDh5gTu+//IOr/uWbonoBn8zAwD1R8XsQRmb6XFP5it9
	GWG2+25F/FsLOgQBlm6Zy7/npFGvaw==
X-Received: by 2002:a17:90b:3c4a:b0:353:c:643b with SMTP id
 98e67ed59e1d1-353000c6525mr4982977a91.27.1769076331638; Thu, 22 Jan 2026
 02:05:31 -0800 (PST)
MIME-Version: 1.0
References: 
 <CAGXsc+ZM=aE=ibSDintubM8Ni8kfeaXK963Xca05j-SBYLPhhA@mail.gmail.com>
 <20251231.165714.1023017053914495270.ishii@postgresql.org>
 <CAGXsc+au8Wzjsuk1z-mqPFLfpkjQZSPneLLVbnkUs5rAMXNF=A@mail.gmail.com>
 <20260122.093003.1821723338788147775.ishii@postgresql.org>
In-Reply-To: <20260122.093003.1821723338788147775.ishii@postgresql.org>
From: Emond Papegaaij <emond.papegaaij@gmail.com>
Date: Thu, 22 Jan 2026 11:05:20 +0100
X-Gm-Features: AZwV_Qg8mNDdA1e5q_x8wCAEOOGdyT6yc_s-yNV9stXaDHWqW0H973fMnZW1xsE
Message-ID: 
 <CAGXsc+Yg8Y2xxPDtNNYekNvG+ABtzb9GtxuwrbfrBDMJXGVX9w@mail.gmail.com>
Subject: Re: Pgpool-II 4.7.0 released.
To: Tatsuo Ishii <ishii@postgresql.org>
Cc: pgpool-general@lists.postgresql.org
Content-Type: text/plain; charset="UTF-8"
List-Id: <pgpool-general.lists.postgresql.org>
List-Help: <https://lists.postgresql.org/manage/>
List-Subscribe: <https://lists.postgresql.org/manage/>
List-Post: <mailto:pgpool-general@lists.postgresql.org>
List-Owner: <mailto:pgpool-general-owner@lists.postgresql.org>
List-Archive: <https://www.postgresql.org/list/pgpool-general>
Archived-At: 
 <https://www.postgresql.org/message-id/CAGXsc%2BYg8Y2xxPDtNNYekNvG%2BABtzb9GtxuwrbfrBDMJXGVX9w%40mail.gmail.com>
Precedence: bulk

Op do 22 jan 2026 om 01:30 schreef Tatsuo Ishii <ishii@postgresql.org>:
>
> > Op wo 31 dec 2025 om 08:57 schreef Tatsuo Ishii <ishii@postgresql.org>:
> >> >> Unfortunately it's not possible to bind on all IP addresses for pgpool
> >> >> by tweaking hostnameN. You could specify it to '*' so that it binds on
> >> >> all IP addresses, but this will cause a different problem:
> >> >> communicating to other watchdog is refused. This is because each
> >> >> watchdog node name is created from hostnameN. If hostnameN is '*', the
> >> >> node name will be something like "*:5432 Linux..." which is different
> >> >> from what other watchdog nodes expect (they expect something like
> >> >> '172.29.30.1:5432 ...").
> >> >
> >> > I already suspected this. The same goes for using the actual docker
> >> > container ip, which is 172.29.29.107 on all 3 nodes. I think the best
> >> > solution would be to introduce a bind_address configuration parameter,
> >> > which defaults to hostnameN, but can be overridden. I guess the same
> >> > thing goes for heartbeat_hostnameN.
> >>
> >> Yeah, I thought the same. I will discuss with other developers next
> >> year.
> >>
> >> >> Since most pgpool developers are off for New Year's holiday, I will
> >> >> discuss them next week.
> >
> > Do you have an update on this already?
>
> I and Pengbo are discussing this off list. We are leaning towards
> adding "listen_addresses" like parameters as other parameters prefers
> "listen" over "bind" ("listen_addresses" and "pcp_listen_addresses").

That makes sense indeed.

> We are thinking to add:
> wd_listen_addresses0=''
> heartbeat_listen_addresses0=''
> :
> :
>
> because watchdog and hearbeat needs separate listen addresses
> parameter. So if we would add these parameters, users will need to
> configure number_of_watchdog_nodes * 2 parameters, which will be a
> pain.

I would expect to only have to configure 2 listen_addresses, because a
single instance only listens once per service (watchdog and
heartbeat). Is there a reason to have to configure the listen
addresses for all nodes on every node? Why does node 0 need to know
the listen address of nodes 1 and 2?

Isn't it possible to add the configuration like this:
wd_listen_address = '*'
wd_port = 9009
wd_heartbeat_listen_address = '*'
wd_heartbeat_port = 9694

I think it's also better to not assume the listen address and port are
identical to the address and port on which to connect. For example,
specific TCP forwarding rules might redirect traffic to entirely
different addresses and ports. So node 0 might listen at
192.168.3.50:10000, but TCP forwarding rules might require node 1 to
connect to 10.0.3.50:9009 to connect to node 0.

> One way to mitigate this is, to consider default values for these
> parameters if they are not specified.  There are two candidate for the
> default value.
>
> (1) "*"
>
> This is similar to the pre-4.7 behavior, but less secure.
>
> (2) same as hostname0 (for wd_listen_addresses0) and
>     heartbeat_hostname0 (for heartbeat_hostname0).
>
> This is current 4.7 behavior and more secure but does not work for
> your environment.
>
> What do you think?

I think, whatever implementation for the new parameters is chosen, the
default behavior or 4.7 should not change. So I'd go for option 2. I
don't mind having to change the configuration to get 4.7 working for
us, but I wouldn't expect a new version to be less secure by default
than the previous version was.

Best regards,
Emond