Обсуждение: tcp_keepalives settings not being set

Поиск
Список
Период
Сортировка

tcp_keepalives settings not being set

От
Dave Hughes
Дата:

Hello,

We have PostgreSQL 10.5 installed on RHEL 6 and I’m new to both.  I’m in the process of completing STIGs (Security Technical Implementation Guides) for the Department of Defense.  One of the STIGs mentions that we must ensure our tcp_keepalives settings are configured in the postgresql.conf file.  I currently have these settings set to:

Tcp_keepalives_idle = 60

Tcp_keepalives_interval = 60

Tcp_keepalives_count = 2

 

I restarted the database and then ran SHOW_ALL; but it showed all 3 parameters set to 0.

 

After looking online, I saw a post where possibly Linux is not allowing this to be configured and instead is using the OS parameters.  When I ran the command: sysctl -A | grep net.ipv4, it returned:

Net.ipv4.tcp_keepalive_time = 7200

Net.ipv4.tcp_keepalive_probs = 9

Net.ipv4.tcp_keepalive_intvl = 75

 

Is it possible Linux is not allowing these parameters to be configured via the PostgreSQL config file?


Thanks in advance,

Dave Hughes

Re: tcp_keepalives settings not being set

От
Tom Lane
Дата:
Dave Hughes <dhughes20@gmail.com> writes:
> We have PostgreSQL 10.5 installed on RHEL 6 and I’m new to both.  I’m in
> the process of completing STIGs (Security Technical Implementation Guides)
> for the Department of Defense.  One of the STIGs mentions that we must
> ensure our tcp_keepalives settings are configured in the postgresql.conf
> file.  I currently have these settings set to:
> Tcp_keepalives_idle = 60
> Tcp_keepalives_interval = 60
> Tcp_keepalives_count = 2
> I restarted the database and then ran SHOW_ALL; but it showed all 3
> parameters set to 0.

These will read as zeroes if you're using a non-TCP connection (ie
Unix socket).  Try it after "psql -h localhost" instead of just "psql".

            regards, tom lane

Re: tcp_keepalives settings not being set

От
Dave Hughes
Дата:
Thank you!  That change allowed me to view those parameters.  I had no idea i wasn't connecting via TCP. 

Thanks again!  

On Wed, Dec 4, 2019 at 9:54 AM Tom Lane <tgl@sss.pgh.pa.us> wrote:
Dave Hughes <dhughes20@gmail.com> writes:
> We have PostgreSQL 10.5 installed on RHEL 6 and I’m new to both.  I’m in
> the process of completing STIGs (Security Technical Implementation Guides)
> for the Department of Defense.  One of the STIGs mentions that we must
> ensure our tcp_keepalives settings are configured in the postgresql.conf
> file.  I currently have these settings set to:
> Tcp_keepalives_idle = 60
> Tcp_keepalives_interval = 60
> Tcp_keepalives_count = 2
> I restarted the database and then ran SHOW_ALL; but it showed all 3
> parameters set to 0.

These will read as zeroes if you're using a non-TCP connection (ie
Unix socket).  Try it after "psql -h localhost" instead of just "psql".

                        regards, tom lane