Bug 847357 - Postgres startup script disregards /var/lib/pgsql/data/postgresql.conf TCP settings
Postgres startup script disregards /var/lib/pgsql/data/postgresql.conf TCP se...
Status: CLOSED WONTFIX
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: postgresql (Show other bugs)
6.2
x86_64 Linux
unspecified Severity medium
: rc
: ---
Assigned To: Tom Lane
qe-baseos-daemons
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2012-08-10 13:13 EDT by Dmitry S. Makovey
Modified: 2013-07-02 23:45 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2012-08-10 15:15:11 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Dmitry S. Makovey 2012-08-10 13:13:13 EDT
Description of problem:

configuring PostgreSQL on RHEL6 platform we needed to change default port on which PostgreSQL listens from 5432 to 15432. Changing /var/lib/pgsql/data/postgresql.conf didn't yield desired results as postgres daemon kept on listenting on 5432 port.

Looking closer at init script it seems like things were geared towards running several instances. Which is fine, but you don't have to control ports at that level as it's enough to control PGDATA and everything else can be controlled from "normal" postgresql.conf. 

Version-Release number of selected component (if applicable):

# rpm -q postgresql
postgresql-8.4.11-1.el6_2.x86_64

How reproducible:

always

Steps to Reproduce:
1. service postgresql stop
2. uncomment and change connection settings in /var/lib/pgsql/data/postgresql.conf :

listen_addresses = 'localhost'
port = 15432                  

3. service postgresql start
  
Actual results:

postgresql listening on port 5432

Expected results:

postgresql listenting on port 15432

Additional info:

Things may be fixed by *not* supplying PGPORT portion to postmaster invocation in cases where "grep -qe '^\s*port\s*=' $PGDATA/postgresql.conf" yields positive result.

As a matter of fact PGDATA can also be overridden in postgresql.conf file...
Comment 2 Dmitry S. Makovey 2012-08-10 13:26:15 EDT
as a side-note: moving postgresql to a different port number also triggers SELinux denial which could be resolved with:

#============= postgresql_t ==============
allow postgresql_t port_t:tcp_socket name_bind;

Since postgresql in RHEL6 seems to be geared for multi-DB setups, it may be better to have SELinux tunable for the above rule. I found allow_user_postgresql_connect which is one tunable to enable connection *to* postgreSQL process, but there needs to be another one to allow postgreSQL bind to an arbitrary port?
Comment 3 Tom Lane 2012-08-10 15:05:01 EDT
This is not a bug.  It has always been the case that the port number (like PGDATA) has to be configured in the init script if you want to change it.  Changing it in postgresql.conf won't work reliably because pg_ctl has to know it.

I will agree that this fact is underdocumented :-(
Comment 4 RHEL Product and Program Management 2012-08-10 15:15:11 EDT
Development Management has reviewed and declined this request.
You may appeal this decision by reopening this request.
Comment 5 Dmitry S. Makovey 2012-08-10 16:36:56 EDT
should I open a separate bug for comment #2 then, as it seems that only first comment was addressed in reply?
Comment 6 Tom Lane 2012-08-10 18:19:23 EDT
That would be something to discuss with the selinux-policy people, not me.  I think it's a questionable thing anyway whether selinux-policy should support nonstandard configurations out-of-the-box ... who's to say whether postgres connecting to an unusual port isn't something selinux *ought* to complain about?
Comment 7 Tom Lane 2012-08-17 13:05:52 EDT
With respect to the SELinux configuration issue, I've added the following text to the README.rpm-dist doc file for postgresql:

If you are running SELinux in enforcing mode (which is highly recommended,
particularly for network-exposed services like PostgreSQL) you will need to
adjust SELinux policy to allow the postmaster to use non-default PGPORT or
PGDATA settings.  To allow use of a non-default port, say 5433, do this
as root:
    semanage port -a -t postgresql_port_t -p tcp 5433
To allow use of a non-default data directory, say /special/pgdata, do:
    semanage fcontext -a -t postgresql_db_t "/special/pgdata(/.*)?"
If you already created the directory, follow that with:
    restorecon -R /special/pgdata
These settings are persistent across reboots.  For more information
see "man semanage".

(This is only in the Fedora copy at the moment, but it will propagate into RHEL in due time.)

Note You need to log in before you can comment on or make changes to this bug.