Backend is not destination of this message, pgpool host is, and we don't want it to ever get it. With command I've sent you rule will be created for any source and destination.<br><br>Regards,<br>Stevo.<br><br><div class="gmail_quote">
On Wed, Jan 11, 2012 at 10:38 AM, Tatsuo Ishii <span dir="ltr"><<a href="mailto:ishii@postgresql.org">ishii@postgresql.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
I did following:<br>
<br>
Do following on the host where pgpool is running on:<br>
<br>
# iptables -A FORWARD -j REJECT --reject-with icmp-port-unreachable -d 133.137.177.124<br>
(133.137.177.124 is the host where backend is running on)<br>
<br>
Pull network cable from backend0 host network interface. Pgpool<br>
detected the host being down as expected. Am I missing something?<br>
<div class="HOEnZb"><div class="h5">--<br>
Tatsuo Ishii<br>
SRA OSS, Inc. Japan<br>
English: <a href="http://www.sraoss.co.jp/index_en.php" target="_blank">http://www.sraoss.co.jp/index_en.php</a><br>
Japanese: <a href="http://www.sraoss.co.jp" target="_blank">http://www.sraoss.co.jp</a><br>
<br>
> Hello Tatsuo,<br>
><br>
> With backend0 on one host just configure following rule on other host where<br>
> pgpool is:<br>
><br>
> iptables -A FORWARD -j REJECT --reject-with icmp-port-unreachable<br>
><br>
> and then have pgpool startup with health checking and retrying configured,<br>
> and then pull network cable from backend0 host network interface.<br>
><br>
> Regards,<br>
> Stevo.<br>
><br>
> On Wed, Jan 11, 2012 at 6:27 AM, Tatsuo Ishii <<a href="mailto:ishii@postgresql.org">ishii@postgresql.org</a>> wrote:<br>
><br>
>> I want to try to test the situation you descrived:<br>
>><br>
>> >> > When system is configured for security reasons not to return<br>
>> destination<br>
>> >> > host unreachable messages, even though health_check_timeout is<br>
>><br>
>> But I don't know how to do it. I pulled out the network cable and<br>
>> pgpool detected it as expected. Also I configured the server which<br>
>> PostgreSQL is running on to disable the 5432 port. In this case<br>
>> connect(2) returned EHOSTUNREACH (No route to host) so pgpool detected<br>
>> the error as expected.<br>
>><br>
>> Could you please instruct me?<br>
>> --<br>
>> Tatsuo Ishii<br>
>> SRA OSS, Inc. Japan<br>
>> English: <a href="http://www.sraoss.co.jp/index_en.php" target="_blank">http://www.sraoss.co.jp/index_en.php</a><br>
>> Japanese: <a href="http://www.sraoss.co.jp" target="_blank">http://www.sraoss.co.jp</a><br>
>><br>
>> > Hello Tatsuo,<br>
>> ><br>
>> > Thank you for replying!<br>
>> ><br>
>> > I'm not sure what exactly is blocking, just by pgpool code analysis I<br>
>> > suspect it is the part where a connection is made to the db and it<br>
>> doesn't<br>
>> > seem to get interrupted by alarm. Tested thoroughly health check<br>
>> behaviour,<br>
>> > it works really well when host/ip is there and just backend/postgres is<br>
>> > down, but not when backend host/ip is down. I could see in log that<br>
>> initial<br>
>> > health check and each retry got delayed when host/ip is not reachable,<br>
>> > while when just backend is not listening (is down) on the reachable<br>
>> host/ip<br>
>> > then initial health check and all retries are exact to the settings in<br>
>> > pgpool.conf.<br>
>> ><br>
>> > PGCONNECT_TIMEOUT is listed as one of the libpq environment variables in<br>
>> > the docs (see<br>
>> <a href="http://www.postgresql.org/docs/9.1/static/libpq-envars.html" target="_blank">http://www.postgresql.org/docs/9.1/static/libpq-envars.html</a> )<br>
>> > There is equivalent parameter in libpq PGconnectdbParams ( see<br>
>> ><br>
>> <a href="http://www.postgresql.org/docs/9.1/static/libpq-connect.html#LIBPQ-CONNECT-CONNECT-TIMEOUT" target="_blank">http://www.postgresql.org/docs/9.1/static/libpq-connect.html#LIBPQ-CONNECT-CONNECT-TIMEOUT</a><br>
>> )<br>
>> > At the beginning of that same page there are some important infos on<br>
>> using<br>
>> > these functions.<br>
>> ><br>
>> > psql respects PGCONNECT_TIMEOUT.<br>
>> ><br>
>> > Regards,<br>
>> > Stevo.<br>
>> ><br>
>> > On Wed, Jan 11, 2012 at 12:13 AM, Tatsuo Ishii <<a href="mailto:ishii@postgresql.org">ishii@postgresql.org</a>><br>
>> wrote:<br>
>> ><br>
>> >> > Hello pgpool community,<br>
>> >> ><br>
>> >> > When system is configured for security reasons not to return<br>
>> destination<br>
>> >> > host unreachable messages, even though health_check_timeout is<br>
>> >> configured,<br>
>> >> > socket call will block and alarm will not get raised until TCP timeout<br>
>> >> > occurs.<br>
>> >><br>
>> >> Interesting. So are you saying that read(2) cannot be interrupted by<br>
>> >> alarm signal if the system is configured not to return destination<br>
>> >> host unreachable message? Could you please guide me where I can get<br>
>> >> such that info? (I'm not a network expert).<br>
>> >><br>
>> >> > Not a C programmer, found some info that select call could be replace<br>
>> >> with<br>
>> >> > select/pselect calls. Maybe it would be best if PGCONNECT_TIMEOUT<br>
>> value<br>
>> >> > could be used here for connection timeout. pgpool has libpq as<br>
>> >> dependency,<br>
>> >> > why isn't it using libpq for the healthcheck db connect calls, then<br>
>> >> > PGCONNECT_TIMEOUT would be applied?<br>
>> >><br>
>> >> I don't think libpq uses select/pselect for establishing connection,<br>
>> >> but using libpq instead of homebrew code seems to be an idea. Let me<br>
>> >> think about it.<br>
>> >><br>
>> >> One question. Are you sure that libpq can deal with the case (not to<br>
>> >> return destination host unreachable messages) by using<br>
>> >> PGCONNECT_TIMEOUT?<br>
>> >> --<br>
>> >> Tatsuo Ishii<br>
>> >> SRA OSS, Inc. Japan<br>
>> >> English: <a href="http://www.sraoss.co.jp/index_en.php" target="_blank">http://www.sraoss.co.jp/index_en.php</a><br>
>> >> Japanese: <a href="http://www.sraoss.co.jp" target="_blank">http://www.sraoss.co.jp</a><br>
>> >><br>
>><br>
</div></div></blockquote></div><br>