Re: dropdb --force
Pavel Stehule <pavel.stehule@gmail.com>
From: Pavel Stehule <pavel.stehule@gmail.com>
To: Tom Lane <tgl@sss.pgh.pa.us>
Cc: Thomas Munro <thomas.munro@gmail.com>, Anthony Nowocien <anowocien@gmail.com>, PostgreSQL Hackers <pgsql-hackers@lists.postgresql.org>, Filip Rembiałkowski <filip.rembialkowski@gmail.com>
Date: 2019-07-25T08:45:00Z
Lists: pgsql-hackers
čt 25. 7. 2019 v 5:11 odesílatel Tom Lane <tgl@sss.pgh.pa.us> napsal:
> Pavel Stehule <pavel.stehule@gmail.com> writes:
> > [ drop-database-force-20190708.patch ]
>
> I took a brief look at this, but I don't think it's really close to
> being committable.
>
> * The documentation claims FORCE will fail if you don't have privileges
> to terminate the other session(s) in the target DB. This is a lie; the
> code issues kill() without any regard for such niceties. You could
> perhaps make that better by going through pg_signal_backend().
>
> * You've hacked CountOtherDBBackends to do something that's completely
> outside the charter one would expect from its name, and not even
> bothered to update its header comment. This requires more attention
> to not confusing future hackers; I'd say you can't even use that
> function name anymore.
>
> * You've also ignored the existing code in CountOtherDBBackends
> that is careful *not* to issue a kill() while holding the critical
> ProcArrayLock. That problem would get enormously worse if you
> tried to sub in pg_signal_backend() there, since that function
> may do catalog accesses --- it's pretty likely that you could
> get actual deadlocks, never mind just trashing performance.
>
> * I really dislike the addition of more hard-wired delays and
> timeouts to dropdb(). It's bad enough that CountOtherDBBackends
> has got that. Two layers of timeout are a rickety mess, and
> who's to say that a 1-minute timeout is appropriate for anything?
>
> * I'm concerned that the proposed syntax is not future-proof.
> FORCE is not a reserved word, and we surely don't want to make
> it one; but just appending it to the end of the command without
> any decoration seems like a recipe for problems if anybody wants
> to add other options later. (Possible examples: RESTRICT/CASCADE,
> or a user-defined timeout.) Maybe some parentheses would help?
> Or possibly I'm being overly paranoid, but ...
>
>
Can be
DROP DATABASE '(' options ...) [IF EXISTS] name
ok?
>
> I hadn't been paying any attention to this thread before now,
> but I'd assumed from the thread title that the idea was to implement
> any attempted kills in the dropdb app, not on the backend side.
> (As indeed it looks like the first version did.) Maybe it would be
> better to go back to that, instead of putting dubious behaviors
> into the core server.
>
I don't think so server side implementation is too helpful - there is lot
of situations, where DDL command is much more practical.
> regards, tom lane
>
Commits
-
Add tests for '-f' option in dropdb utility.
- 8a7e9e9dad56 13.0 landed
-
Move pump_until to TestLib.pm.
- 290acac92b1d 13.0 landed
-
Add the support for '-f' option in dropdb utility.
- 80e05a088e4e 13.0 landed
-
Introduce the 'force' option for the Drop Database command.
- 1379fd537f9f 13.0 landed
-
Improve CREATE/DROP/RENAME DATABASE so that when failing because the source
- 4abd7b49f1e9 8.4.0 cited