Forum OpenACS Q&A: Postgres and chroot

Collapse
1: Postgres and chroot
Posted by Jens Strupp on 01/31/02 07:49 PM
Hi,

I tried to install Aolserver and Postgres in a chroot jail and got
AOLserver already working. At least with the -z argument because
without I get a segmentation fault. This is due to the Postgres. I'm
not able to get to run it.

Is there anyone out there who already set up the chroot environment
W I T H the Postgres?
I started it without the "-i" parameter and my pg_hba.conf lists
LOCAL ALL TRUST.

I tried the Aolserver config file postgres driver line with
a) localhost:5432:database and
b) localhost::database

The socket was created (netstat).

The exact error message in the Aolserver logfile was:

Error: Ns_PgOpenDb(postgres):  Could not connect to
localhost::database:  connectDBStart() -- connect() failed: No such
file or directory
        Is the postmaster running locally
        and accepting connections on Unix socket
'/tmp/.s.PGSQL.5432'?

Any idea?

Collapse
2: Response to Postgres and chroot (response to 1)
Posted by Don Baccus on 01/31/02 09:06 PM
Hmmm...postmaster is probably running outside your chroot jail, therefore it is creating its socket in the real /tmp rather than the /tmp in your chroot environment.

Does this make sense to you?

Collapse
3: Response to Postgres and chroot (response to 1)
Posted by Jens Strupp on 02/01/02 10:36 AM
Hi Don,

...yes! That makes sense to me. I wanted to run postmaster outside
the jail for more security as was discussed in another thread.
Now I'm able to run it. However, I still need the "-z" argument for
AOLserver to run it without a segmentation fault. Strange. The logs
offer no hint so far. I think there are performace issues with "-z"?

I guess I also have to install one new PGDATA directory for every
AOLserver+Postgres instance I want to run, right? Because otherwise
some tools will not work, e.g., psql seems to be "hardcoded" to a
socket in /tmp. It offers no "-k" argument like postmaster.

Example:
For three chroot environments running AOLserver (probably with
different installs of the ACS) I would have to run three postmasters
outside pointing to different socket directories and different
Postgres data directories. So every system is maximum unaware of the
other.

Collapse
4: Response to Postgres and chroot (response to 1)
Posted by Don Baccus on 02/01/02 04:38 PM
-z stands for "zippy", english slang for "fast".  It eats memory but it's fast.  AOL uses it internally on all of their busy sites and recommend that other people use it, too, if you've got a lot of traffic.
Collapse
5: Response to Postgres and chroot (response to 1)
Posted by Jonathan Ellis on 02/01/02 04:42 PM
then again nsd was crashing on me 6-12 times a day with -z and hasn't crashed yet since I started running without it.
Collapse
6: Response to Postgres and chroot (response to 1)
Posted by Jens Strupp on 02/01/02 04:56 PM
If I run it without "-z" the only message I get back is
"segmentation fault". With "-z" I can see the normal logging
including the errors. I never used "-z" before, only since I'm
trying to chroot with postgres.