On Tue, Jan 28, 2014 at 11:15:54AM -0500, Tom Lane wrote:
> Andres Freund <andres@2ndquadrant.com> writes:
> > On 2014-01-28 10:41:49 -0500, Paul Morie wrote:
> >> The challenge we have in openshift is that we have multiple users on a
> >> single node who all want to bind to the same port. To deal with this,
> >> we forbid the users from binding to 127.0.0.1 using selinux and
> >> allocate IPs for them to bind to.
>
> > Uhm. What about using network namespaces?
>
> > To me this really sounds like tackling things from the wrong
> > end. Instead of fixing the infrastructure once this way you need to
> > adapt various pieces of software in odd ways.
>
> Yeah. In particular, I'd always supposed that a platform that wanted
> to use some other IP address than 127.0.0.1 for loopback would also be
> expected to make sure that "localhost" mapped to that other IP address.
> Otherwise, there simply isn't any way to make network-using software
> work except random hacks.
>
> Frankly, I don't think you're going to get any cooperation from Postgres
> in adapting to such a broken networking environment as this, and I doubt
> other upstreams are going to be any more positive about it.
Also, certainly other users are using Postgres and Openshift. What is
different about your environment? Is it some new feature of Openshift?
--
Bruce Momjian <bruce@momjian.us> http://momjian.us
EnterpriseDB http://enterprisedb.com
+ Everyone has their own god. +