Re: [HACKERS] read-only database

Bruce Momjian <pgman@candle.pha.pa.us>

From: Bruce Momjian <pgman@candle.pha.pa.us>
To: Satoshi Nagayasu <nagayasus@nttdata.co.jp>
Cc: Tom Lane <tgl@sss.pgh.pa.us>, pgsql-patches@postgresql.org
Date: 2005-05-06T23:09:18Z
Lists: pgsql-hackers

Attachments

Satoshi Nagayasu wrote:
> 
> Tom Lane wrote:
> > I'd view this as a postmaster state that propagates to backends.
> > Probably you'd enable it by means of a postmaster option, and the
> > only way to get out of it is to shut down and restart the postmaster
> > without the option.
> 
> I've created a patch to make a postmaster read-only.
> (attached patch can be applied to 8.0.1)
> 
> Read-only state can be enabled/disabled by the postmaster option,
> or the postgresql.conf option.
> 
> If you start the postmaster with "-r" options,
> the cluster will go to read-only.
> 
> % pg_ctl -o "-i -r" -D $PGDATA start
> 
> Or if you set "readonly_cluster = true" in the postgresql.conf,
> the cluster will also become read-only.

Nice idea.  I have attached a new patch which has a few adjustments.

First, we are moving away from using postmaster flags, and instead
encouraging people to use postgresql.conf, so I removed the -r flag but
added an entry in postgresql.conf for this.  I can see why it might be
nice to have it as a postmaster flag, but at a certain point the number
of flags gets too confusing so postgresql.conf is better.  Second, I
changed it so it can be modified by a sighup to the postmaster, which
can't be done with a postmaster flag.

Also, I renamed it to server_read_only because that seems more
consistent than readonly_cluster.

Also, I added documentation for this postgresql.conf variable.

With this change, I see we now have three read_only options:

	transaction_read_only
	default_transaction_read_only
	server_read_only

The first one is not documented (should it be?) and I assume allows you
to query and change the READ ONLY status of a single transaction, while
default_transaction_read_only affects all new transactions for the
session, and server_read_only is for all transactions on the server.

It seems server_read_only is the same as default_transaction_read_only
except it can't be changed.  It seems more like a secure version of
default_transaction_read_only rather than something new.

If we set default_transaction_read_only to true in postgresql.conf,
could we just prevent that from being changed by a session.  As I
remember we have abandoned the idea of trying to limit session changes
to postgresql.conf values so maybe this is the way we have to go.

-- 
  Bruce Momjian                        |  http://candle.pha.pa.us
  pgman@candle.pha.pa.us               |  (610) 359-1001
  +  If your life is a hard drive,     |  13 Roberts Road
  +  Christ can be your backup.        |  Newtown Square, Pennsylvania 19073