Control: tags -1 moreinfo Re: Michal Palenik 2016-08-08 <147065968559.21769.7310622273041887833.reportbug@localhost> > Package: postgresql-9.5 > Version: 9.5.3-1 > Severity: normal > File: postgresql > > Dear Maintainer, > > on boot postgresql server should have openvpn (or any other VPN server) > loaded and ready before starting postgresql server. > > if postgresql server is listening on a vpn device (tun, tap) and if this > device does not exist (because the vpn server is not started yet), > the postgresql server starts but it listens only on the available > devices/sockets. > > probably adding "openvpn" into Required-Start: of /etc/init.d/postgresql > should do the trick (but I have no box without openvpn)
Hi Michal, thanks for the suggestion. Adding a specific VPN solution (openvpn) to the init script of some other daemon seems like the wrong solution to me. I'd be more in favour if there was a generic $vpn_networking target, but even that would likely just fix the problem for your case, but not in general. What if openvpn is configured to authenticate users via a PostgreSQL database (directly or via pam)? Then the dependency would need to point in the other direction. (Does systemd offer any help here?) Other solutions for your case would be to listen on "*" instead, or to configure ipv4.ip_nonlocal_bind or ipv6.ip_nonlocal_bind in the kernel to allow daemons to bind to an IP before that IP is actually configured on the system. Christoph
signature.asc
Description: PGP signature
