patternsqlModerate
Postgres seems to ignore listen_addresses setting
Viewed 0 times
ignorepostgresseemssettinglisten_addresses
Problem
I'm trying to DISABLE remote client access on my Postgres 9.5.7 database (running Ubuntu 16.04).
I made what I thought are the correct changes (see below) to no avail. I can think of two reasons why my changes wouldn't work:
I thought I ruled these out, but remote clients can still talk. So what am I missing?
Actually, what I'm trying to do is revert my changes that enabled remote client access on so I can capture those changes and re-apply them with our salt stack. Before I start running deployment tests via salt I want to know that remote access is disabled so that I can be confident that my salt stack is making the changes.
Some data
I'm starting postgres using the same config file I'm editing (
postgres is configured to listen on the localhost port only (this was '*' earlier)
Host-based auth is set to localhost. This shouldn't matter if I'm DISABLING access, correct? My understanding is that if
I'm editing the correct config files, yet listen_addresses claims
```
postgres@testweb:~$ sql
psql (9.5.7)
Type "help" for help.
postgres=# show config_file;
config_file
------------------------------------------
/etc/postgresql/9.5/main/postgresql.conf
(1 row)
postgres
I made what I thought are the correct changes (see below) to no avail. I can think of two reasons why my changes wouldn't work:
- I'm editing the wrong file
- I'm not restarting the service properly
I thought I ruled these out, but remote clients can still talk. So what am I missing?
Actually, what I'm trying to do is revert my changes that enabled remote client access on so I can capture those changes and re-apply them with our salt stack. Before I start running deployment tests via salt I want to know that remote access is disabled so that I can be confident that my salt stack is making the changes.
Some data
I'm starting postgres using the same config file I'm editing (
ps output reformatted for readability)postgres@testweb:~$ ps -eaf | grep bin/post
postgres [snip] /usr/lib/postgresql/9.5/bin/postgres
-D /var/lib/postgresql/9.5/main
-c config_file=/etc/postgresql/9.5/main/postgresql.confpostgres is configured to listen on the localhost port only (this was '*' earlier)
postgres@testweb:~$ grep listen_addresses /etc/postgresql/9.5/main/postgresql.conf
listen_addresses = 'localhost' # what IP address(es) to listen on;Host-based auth is set to localhost. This shouldn't matter if I'm DISABLING access, correct? My understanding is that if
listen_addresses='localhost' then remote client access will not work.postgres@testweb:~$ grep ^host /etc/postgresql/9.5/main/pg_hba.conf
host all all 127.0.0.1/32 md5
host all all ::1/128 md5I'm editing the correct config files, yet listen_addresses claims
*```
postgres@testweb:~$ sql
psql (9.5.7)
Type "help" for help.
postgres=# show config_file;
config_file
------------------------------------------
/etc/postgresql/9.5/main/postgresql.conf
(1 row)
postgres
Solution
Look at the
If someone uses the
It's worth giving a look...
postgresql.auto.conf file in your $PGDATA.If someone uses the
ALTER SYSTEM command to change the settings, you will find the value there. postgresql.auto.conf is read after postgresql.confand each setting put in this file overwrite those in postgresql.conf...It's worth giving a look...
Context
StackExchange Database Administrators Q#180177, answer score: 11
Revisions (0)
No revisions yet.