Re: [HACKERS] read-only database
Bruce Momjian <pgman@candle.pha.pa.us>
From: Bruce Momjian <pgman@candle.pha.pa.us>
To: Satoshi Nagayasu <nagayasus@nttdata.co.jp>
Cc: Tom Lane <tgl@sss.pgh.pa.us>, pgsql-patches@postgresql.org
Date: 2005-05-06T23:09:18Z
Lists: pgsql-hackers
Attachments
- (unnamed) (text/plain)
Satoshi Nagayasu wrote: > > Tom Lane wrote: > > I'd view this as a postmaster state that propagates to backends. > > Probably you'd enable it by means of a postmaster option, and the > > only way to get out of it is to shut down and restart the postmaster > > without the option. > > I've created a patch to make a postmaster read-only. > (attached patch can be applied to 8.0.1) > > Read-only state can be enabled/disabled by the postmaster option, > or the postgresql.conf option. > > If you start the postmaster with "-r" options, > the cluster will go to read-only. > > % pg_ctl -o "-i -r" -D $PGDATA start > > Or if you set "readonly_cluster = true" in the postgresql.conf, > the cluster will also become read-only. Nice idea. I have attached a new patch which has a few adjustments. First, we are moving away from using postmaster flags, and instead encouraging people to use postgresql.conf, so I removed the -r flag but added an entry in postgresql.conf for this. I can see why it might be nice to have it as a postmaster flag, but at a certain point the number of flags gets too confusing so postgresql.conf is better. Second, I changed it so it can be modified by a sighup to the postmaster, which can't be done with a postmaster flag. Also, I renamed it to server_read_only because that seems more consistent than readonly_cluster. Also, I added documentation for this postgresql.conf variable. With this change, I see we now have three read_only options: transaction_read_only default_transaction_read_only server_read_only The first one is not documented (should it be?) and I assume allows you to query and change the READ ONLY status of a single transaction, while default_transaction_read_only affects all new transactions for the session, and server_read_only is for all transactions on the server. It seems server_read_only is the same as default_transaction_read_only except it can't be changed. It seems more like a secure version of default_transaction_read_only rather than something new. If we set default_transaction_read_only to true in postgresql.conf, could we just prevent that from being changed by a session. As I remember we have abandoned the idea of trying to limit session changes to postgresql.conf values so maybe this is the way we have to go. -- Bruce Momjian | http://candle.pha.pa.us pgman@candle.pha.pa.us | (610) 359-1001 + If your life is a hard drive, | 13 Roberts Road + Christ can be your backup. | Newtown Square, Pennsylvania 19073