transport/{TCP,TLS}: optional IP_FREEBIND / IP_BINDANY bind socketops

Allows to bind to an address even if it is not actually (yet or ever) configured. Fixes #238 Rationale: https://www.freedesktop.org/wiki/Software/systemd/NetworkTarget/#whatdoesthismeanformeadeveloper
2025-07-01 06:50:11 +02:00 · 2019-12-30 19:42:17 +01:00
parent 47ed599db7
commit d35e2400b2
16 changed files with 123 additions and 20 deletions
--- a/docs/configuration/monitoring.rst
+++ b/docs/configuration/monitoring.rst
@ -14,6 +14,7 @@ Prometheus & Grafana

 zrepl can expose `Prometheus metrics <https://prometheus.io/docs/instrumenting/exposition_formats/>`_ via HTTP.
 The ``listen`` attribute is a `net.Listen <https://golang.org/pkg/net/#Listen>`_  string for tcp, e.g. ``:9091`` or ``127.0.0.1:9091``.
+The ``listen_freebind`` attribute is :ref:`explained here <listen-freebind-explanation>`.
 The Prometheues monitoring job appears in the ``zrepl control`` job list and may be specified **at most once**.

 zrepl also ships with an importable `Grafana <https://grafana.com>`_ dashboard that consumes the Prometheus metrics:
@ -30,6 +31,7 @@ The dashboard also contains some advice on which metrics are important to monito
      monitoring:
        - type: prometheus
          listen: ':9091'
+          listen_freebind: true # optional, default false



--- a/docs/configuration/transports.rst
+++ b/docs/configuration/transports.rst
@ -50,12 +50,18 @@ Serve
      serve:
        type: tcp
        listen: ":8888"
+        listen_freebind: true # optional, default false
        clients: {
          "192.168.122.123" : "mysql01"
          "192.168.122.123" : "mx01"
        }
      ...

+.. _listen-freebind-explanation:
+
+``listen_freebind`` controls whether the socket is allowed to bind to non-local or unconfigured IP addresses (Linux ``IP_FREEBIND`` , FreeBSD ``IP_BINDANY``).
+Enable this option if you want to ``listen`` on a specific IP address that might not yet be configured when the zrepl daemon starts.
+
 Connect
 ~~~~~~~

@ -101,6 +107,7 @@ Serve
        serve:
          type: tls
          listen: ":8888"
+          listen_freebind: true # optional, default false
          ca:   /etc/zrepl/ca.crt
          cert: /etc/zrepl/prod.fullchain
          key:  /etc/zrepl/prod.key
@ -110,6 +117,7 @@ Serve

 The ``ca`` field specified the certificate authority used to validate client certificates.
 The ``client_cns`` list specifies a list of accepted client common names (which are also the client identities for this transport).
+The ``listen_freebind`` field is :ref:`explained here <listen-freebind-explanation>`.

 Connect
 ~~~~~~~