Thread

Commits

  1. Remove auth-options support from initdb

  2. Make two-phase tests of ECPG and main suite more concurrent-proof

  3. initdb: Add options --auth-local and --auth-host

  1. A failure in prepared_xacts test

    Richard Guo <guofenglinux@gmail.com> — 2024-04-29T01:12:48Z

    Yesterday I noticed a failure on cirrus-ci for the 'Right Semi Join'
    patch.  The failure can be found at [1], and it looks like:
    
    --- /tmp/cirrus-ci-build/src/test/regress/expected/prepared_xacts.out
    2024-04-27 00:41:25.831297000 +0000
    +++
    /tmp/cirrus-ci-build/build/testrun/regress-running/regress/results/prepared_xacts.out
      2024-04-27 00:45:50.261369000 +0000
    @@ -83,8 +83,9 @@
     SELECT gid FROM pg_prepared_xacts;
      gid
     ------
    + gxid
      foo3
    -(1 row)
    +(2 rows)
    
    Upon closer look, it seems that this issue is not caused by the patch
    about 'Right Semi Join', because this query, which initially included
    two left joins, can actually be reduced to a function scan after
    removing these two useless left joins.  It seems that no semi-joins
    would be involved.
    
    EXPLAIN SELECT gid FROM pg_prepared_xacts;
                                     QUERY PLAN
    ----------------------------------------------------------------------------
     Function Scan on pg_prepared_xact p  (cost=0.00..10.00 rows=1000 width=32)
    (1 row)
    
    Does anyone have any clue to this failure?
    
    FWIW, after another run of this test, the failure just disappears.  Does
    it suggest that the test case is flaky?
    
    [1]
    https://api.cirrus-ci.com/v1/artifact/task/6220592364388352/testrun/build/testrun/regress-running/regress/regression.diffs
    
    Thanks
    Richard
    
  2. Re: A failure in prepared_xacts test

    Michael Paquier <michael@paquier.xyz> — 2024-04-29T04:58:51Z

    On Mon, Apr 29, 2024 at 09:12:48AM +0800, Richard Guo wrote:
    > Does anyone have any clue to this failure?
    > 
    > FWIW, after another run of this test, the failure just disappears.  Does
    > it suggest that the test case is flaky?
    
    If you grep the source tree, you'd notice that a prepared transaction
    named gxid only exists in the 2PC tests of ECPG, in
    src/interfaces/ecpg/test/sql/twophase.pgc.  So the origin of the
    failure comes from a race condition due to test parallelization,
    because the scan of pg_prepared_xacts affects all databases with
    installcheck, and in your case it means that the scan of
    pg_prepared_xacts was running in parallel of the ECPG tests with an
    installcheck.
    
    The only location in the whole tree where we want to do predictible
    scans of pg_prepared_xacts is prepared_xacts.sql, so rather than
    playing with 2PC transactions across a bunch of tests, I think that we
    should do two things, both touching prepared_xacts.sql:
    - The 2PC transactions run in the main regression test suite should
    use names that would be unlikely used elsewhere.
    - Limit the scans of pg_prepared_xacts on these name patterns to avoid
    interferences.
    
    See for example the attached with both expected outputs updated
    depending on the value set for max_prepared_transactions in the
    backend.  There may be an argument in back-patching that, but I don't
    recall seeing this failure in the CI, so perhaps that's not worth
    bothering with.  What do you think?
    --
    Michael
    
  3. Re: A failure in prepared_xacts test

    Alexander Law <exclusion@gmail.com> — 2024-04-29T05:00:00Z

    Hello Richard,
    
    29.04.2024 04:12, Richard Guo wrote:
    > Does anyone have any clue to this failure?
    >
    > FWIW, after another run of this test, the failure just disappears.  Does
    > it suggest that the test case is flaky?
    >
    
    I think this could be caused by the ecpg test twophase executed
    simultaneously with the test prepared_xacts thanks to meson's jobs
    parallelization.
    
    Best regards,
    Alexander
    
    
    
    
  4. Re: A failure in prepared_xacts test

    Tom Lane <tgl@sss.pgh.pa.us> — 2024-04-29T05:11:00Z

    Michael Paquier <michael@paquier.xyz> writes:
    > If you grep the source tree, you'd notice that a prepared transaction
    > named gxid only exists in the 2PC tests of ECPG, in
    > src/interfaces/ecpg/test/sql/twophase.pgc.  So the origin of the
    > failure comes from a race condition due to test parallelization,
    > because the scan of pg_prepared_xacts affects all databases with
    > installcheck, and in your case it means that the scan of
    > pg_prepared_xacts was running in parallel of the ECPG tests with an
    > installcheck.
    
    Up to now, we've only worried about whether tests running in parallel
    within a single test suite can interact.  It's quite scary to think
    that the meson setup has expanded the possibility of interactions
    to our entire source tree.  Maybe that was a bad idea and we should
    fix the meson infrastructure to not do that.  I fear that otherwise,
    we'll get bit regularly by very-low-probability bugs of this kind.
    
    			regards, tom lane
    
    
    
    
  5. Re: A failure in prepared_xacts test

    Michael Paquier <michael@paquier.xyz> — 2024-04-29T05:25:10Z

    On Mon, Apr 29, 2024 at 01:11:00AM -0400, Tom Lane wrote:
    > Up to now, we've only worried about whether tests running in parallel
    > within a single test suite can interact.  It's quite scary to think
    > that the meson setup has expanded the possibility of interactions
    > to our entire source tree.  Maybe that was a bad idea and we should
    > fix the meson infrastructure to not do that.  I fear that otherwise,
    > we'll get bit regularly by very-low-probability bugs of this kind.
    
    I don't disagree with your point, still I'm not sure that this can be
    made entirely bullet-proof.  Anyway, I think that we should still
    improve this test and make it more robust for parallel operations:
    installcheck fails equally on HEAD if there is a prepared transaction
    on the backend where the tests run, and that seems like a bad idea to
    me to rely on cluster-wide scans for what should be a "local" test.
    --
    Michael
    
  6. Re: A failure in prepared_xacts test

    Alexander Law <exclusion@gmail.com> — 2024-04-29T05:30:00Z

    Hello Tom and Michael,
    
    29.04.2024 08:11, Tom Lane wrote:
    > Michael Paquier <michael@paquier.xyz> writes:
    >> If you grep the source tree, you'd notice that a prepared transaction
    >> named gxid only exists in the 2PC tests of ECPG, in
    >> src/interfaces/ecpg/test/sql/twophase.pgc.  So the origin of the
    >> failure comes from a race condition due to test parallelization,
    >> because the scan of pg_prepared_xacts affects all databases with
    >> installcheck, and in your case it means that the scan of
    >> pg_prepared_xacts was running in parallel of the ECPG tests with an
    >> installcheck.
    > Up to now, we've only worried about whether tests running in parallel
    > within a single test suite can interact.  It's quite scary to think
    > that the meson setup has expanded the possibility of interactions
    > to our entire source tree.  Maybe that was a bad idea and we should
    > fix the meson infrastructure to not do that.  I fear that otherwise,
    > we'll get bit regularly by very-low-probability bugs of this kind.
    
    Yes, I'm afraid of the same. For example, the test failure [1] is of that
    ilk, I guess.
    
    [1] https://buildfarm.postgresql.org/cgi-bin/show_log.pl?nm=rorqual&dt=2024-04-17%2016%3A33%3A23
    
    Best regards,
    Alexander
    
    
    
    
  7. Re: A failure in prepared_xacts test

    Tom Lane <tgl@sss.pgh.pa.us> — 2024-04-29T05:32:40Z

    Michael Paquier <michael@paquier.xyz> writes:
    > I don't disagree with your point, still I'm not sure that this can be
    > made entirely bullet-proof.  Anyway, I think that we should still
    > improve this test and make it more robust for parallel operations:
    > installcheck fails equally on HEAD if there is a prepared transaction
    > on the backend where the tests run, and that seems like a bad idea to
    > me to rely on cluster-wide scans for what should be a "local" test.
    
    True, it's antithetical to the point of an "installcheck" test if
    unrelated actions in another database can break it.  So I'm fine
    with tightening up prepared_xacts's query.  I just wonder how far
    we want to try to carry this.
    
    (BTW, on the same logic, should ecpg's twophase.pgc be using a
    prepared-transaction name that's less generic than "gxid"?)
    
    			regards, tom lane
    
    
    
    
  8. Re: A failure in prepared_xacts test

    Michael Paquier <michael@paquier.xyz> — 2024-04-29T06:57:58Z

    On Mon, Apr 29, 2024 at 01:32:40AM -0400, Tom Lane wrote:
    > (BTW, on the same logic, should ecpg's twophase.pgc be using a
    > prepared-transaction name that's less generic than "gxid"?)
    
    I've hesitated a few seconds about that before sending my patch, but
    refrained because this stuff does not care about the contents of
    pg_prepared_xacts.  I'd be OK to use something like an "ecpg_regress"
    or something similar there.
    --
    Michael
    
  9. Re: A failure in prepared_xacts test

    Richard Guo <guofenglinux@gmail.com> — 2024-04-29T08:49:28Z

    On Mon, Apr 29, 2024 at 1:11 PM Tom Lane <tgl@sss.pgh.pa.us> wrote:
    
    > Up to now, we've only worried about whether tests running in parallel
    > within a single test suite can interact.  It's quite scary to think
    > that the meson setup has expanded the possibility of interactions
    > to our entire source tree.  Maybe that was a bad idea and we should
    > fix the meson infrastructure to not do that.  I fear that otherwise,
    > we'll get bit regularly by very-low-probability bugs of this kind.
    
    
    I have the same concern.  I suspect that the scan of pg_prepared_xacts
    is not the only test that could cause problems when running in parallel
    to other tests from the entire source tree.
    
    Thanks
    Richard
    
  10. Re: A failure in prepared_xacts test

    Richard Guo <guofenglinux@gmail.com> — 2024-04-29T09:11:19Z

    On Mon, Apr 29, 2024 at 2:58 PM Michael Paquier <michael@paquier.xyz> wrote:
    
    > On Mon, Apr 29, 2024 at 01:32:40AM -0400, Tom Lane wrote:
    > > (BTW, on the same logic, should ecpg's twophase.pgc be using a
    > > prepared-transaction name that's less generic than "gxid"?)
    >
    > I've hesitated a few seconds about that before sending my patch, but
    > refrained because this stuff does not care about the contents of
    > pg_prepared_xacts.  I'd be OK to use something like an "ecpg_regress"
    > or something similar there.
    
    
    I noticed that some TAP tests from recovery and subscription would
    select the count from pg_prepared_xacts.  I wonder if these tests would
    be affected if there are any prepared transactions on the backend.
    
    Thanks
    Richard
    
  11. Re: A failure in prepared_xacts test

    Michael Paquier <michael@paquier.xyz> — 2024-04-29T09:19:48Z

    On Mon, Apr 29, 2024 at 05:11:19PM +0800, Richard Guo wrote:
    > I noticed that some TAP tests from recovery and subscription would
    > select the count from pg_prepared_xacts.  I wonder if these tests would
    > be affected if there are any prepared transactions on the backend.
    
    TAP tests run in isolation of the rest with their own clusters
    initialized from a copy initdb'd (rather than initdb because that's
    much cheaper), so these scans are OK left alone.
    --
    Michael
    
  12. Re: A failure in prepared_xacts test

    Tom Lane <tgl@sss.pgh.pa.us> — 2024-04-29T13:45:16Z

    Richard Guo <guofenglinux@gmail.com> writes:
    > I noticed that some TAP tests from recovery and subscription would
    > select the count from pg_prepared_xacts.  I wonder if these tests would
    > be affected if there are any prepared transactions on the backend.
    
    TAP tests shouldn't be at risk, because there is no "make
    installcheck" equivalent for them.  Each TAP test creates its own
    database instance (or maybe several), so that instance won't have
    anything else going on.
    
    			regards, tom lane
    
    
    
    
  13. Re: A failure in prepared_xacts test

    Michael Paquier <michael@paquier.xyz> — 2024-04-29T22:42:52Z

    On Mon, Apr 29, 2024 at 09:45:16AM -0400, Tom Lane wrote:
    > TAP tests shouldn't be at risk, because there is no "make
    > installcheck" equivalent for them.  Each TAP test creates its own
    > database instance (or maybe several), so that instance won't have
    > anything else going on.
    
    There are a few more 2PC transactions in test_decoding (no
    installcheck), temp.sql, test_extensions.sql and pg_stat_statements's
    utility.sql (no installcheck) but their GIDs are not that bad.
    twophase_stream.sql has a GID "test1", which is kind of generic, but
    it won't run in parallel.  At the end, only addressing the
    prepared_xacts.sql and the ECPG bits looked enough to me, so I've
    tweaked these with 7e61e4cc7cfc and called it a day.
    
    I'd be curious about any discussion involving the structure of the
    meson tests.
    --
    Michael
    
  14. Re: A failure in prepared_xacts test

    Richard Guo <guofenglinux@gmail.com> — 2024-04-30T00:43:32Z

    On Mon, Apr 29, 2024 at 9:45 PM Tom Lane <tgl@sss.pgh.pa.us> wrote:
    
    > Richard Guo <guofenglinux@gmail.com> writes:
    > > I noticed that some TAP tests from recovery and subscription would
    > > select the count from pg_prepared_xacts.  I wonder if these tests would
    > > be affected if there are any prepared transactions on the backend.
    >
    > TAP tests shouldn't be at risk, because there is no "make
    > installcheck" equivalent for them.  Each TAP test creates its own
    > database instance (or maybe several), so that instance won't have
    > anything else going on.
    
    
    Thank you for the explanation.  I wasn't aware of this before.
    
    Thanks
    Richard
    
  15. Re: A failure in prepared_xacts test

    Richard Guo <guofenglinux@gmail.com> — 2024-04-30T00:54:47Z

    On Tue, Apr 30, 2024 at 6:43 AM Michael Paquier <michael@paquier.xyz> wrote:
    
    > I'd be curious about any discussion involving the structure of the
    > meson tests.
    
    
    +1.  I'm kind of worried that the expansion of parallelization could
    lead to more instances of instability.  Alexander mentioned one such
    case at [1].  I haven't looked into it though.
    
    [1]
    https://www.postgresql.org/message-id/cbf0156f-5aa1-91db-5802-82435dda03e6%40gmail.com
    
    Thanks
    Richard
    
  16. Re: A failure in prepared_xacts test

    Tom Lane <tgl@sss.pgh.pa.us> — 2024-04-30T01:48:13Z

    Richard Guo <guofenglinux@gmail.com> writes:
    > +1.  I'm kind of worried that the expansion of parallelization could
    > lead to more instances of instability.  Alexander mentioned one such
    > case at [1].  I haven't looked into it though.
    > [1] https://www.postgresql.org/message-id/cbf0156f-5aa1-91db-5802-82435dda03e6%40gmail.com
    
    The mechanism there is pretty obvious: a plancache flush happened
    at just the wrong (right?) time and caused the output to change,
    as indeed the comment acknowledges:
    
     -- currently, this fails due to cached plan for "r.f1 + 1" expression
     -- (but if debug_discard_caches is on, it will succeed)
    
    I wonder if we shouldn't just remove that test case as being
    too unstable -- especially since it's not proving much anyway.
    
    			regards, tom lane
    
    
    
    
  17. [PATCH] Fix bug when calling strncmp in check_authmethod_valid

    Jingxian Li <aqktjcm@qq.com> — 2024-04-30T02:41:39Z

    Hi all,
    
    Attached is a patch that fixes bug when calling strncmp function, in 
    which case the third argument (authmethod - strchr(authmethod, ' ')) 
    may be negative, which is not as expected..
    
    
    With Regards,
    Jingxian Li.
    
    
    
  18. Re: [PATCH] Fix bug when calling strncmp in check_authmethod_valid

    Richard Guo <guofenglinux@gmail.com> — 2024-04-30T04:16:23Z

    On Tue, Apr 30, 2024 at 10:41 AM Jingxian Li <aqktjcm@qq.com> wrote:
    
    > Attached is a patch that fixes bug when calling strncmp function, in
    > which case the third argument (authmethod - strchr(authmethod, ' '))
    > may be negative, which is not as expected..
    
    
    Nice catch.  I think you're right from a quick glance.
    
    Thanks
    Richard
    
  19. Re: [PATCH] Fix bug when calling strncmp in check_authmethod_valid

    Daniel Gustafsson <daniel@yesql.se> — 2024-04-30T09:14:37Z

    > On 30 Apr 2024, at 04:41, Jingxian Li <aqktjcm@qq.com> wrote:
    
    > Attached is a patch that fixes bug when calling strncmp function, in 
    > which case the third argument (authmethod - strchr(authmethod, ' ')) 
    > may be negative, which is not as expected..
    
    The calculation is indeed incorrect, but the lack of complaints of it being
    broken made me wonder why this exist in the first place.  This dates back to
    e7029b212755, just shy of 2 decades old, which added --auth with support for
    strings with auth-options to ident and pam like --auth 'pam <servicename>' and
    'ident sameuser'.  Support for options to ident was removed in 01c1a12a5bb4 but
    options to pam is still supported (although not documented), but was AFAICT
    broken in commit 8a02339e9ba3 some 12 years ago with this strncmp().
    
    -  if (strncmp(authmethod, *p, (authmethod - strchr(authmethod, ' '))) == 0)
    +  if (strncmp(authmethod, *p, (strchr(authmethod, ' ') - authmethod)) == 0)
    
    This with compare "pam postgresql" with "pam" and not "pam " so the length
    should be "(strchr(authmethod, ' ') - authmethod + 1)" since "pam " is a method
    separate from "pam" in auth_methods_{host|local}.  We don't want to allow "md5
    " as that's not a method in the array of valid methods.
    
    But, since it's been broken in all supported versions of postgres and has
    AFAICT never been documented to exist, should we fix it or just remove it?  We
    don't support auth-options for any other methods, like clientcert to cert for
    example.  If we fix it we should also document that it works IMHO.
    
    --
    Daniel Gustafsson
    
    
    
    
    
  20. Re: A failure in prepared_xacts test

    Peter Eisentraut <peter@eisentraut.org> — 2024-05-03T12:27:40Z

    On 29.04.24 07:11, Tom Lane wrote:
    > Up to now, we've only worried about whether tests running in parallel
    > within a single test suite can interact.  It's quite scary to think
    > that the meson setup has expanded the possibility of interactions
    > to our entire source tree.  Maybe that was a bad idea and we should
    > fix the meson infrastructure to not do that.  I fear that otherwise,
    > we'll get bit regularly by very-low-probability bugs of this kind.
    
    I don't think there is anything fundamentally different in the 
    parallelism setups of the make-based and the meson-based tests.  There 
    are just different implementation details that might affect the likely 
    orderings and groupings.
    
    
    
    
    
  21. Re: [PATCH] Fix bug when calling strncmp in check_authmethod_valid

    Jingxian Li <aqktjcm@qq.com> — 2024-05-07T04:46:27Z

    Hi Daniel,
    Thank you for explaining the ins and outs of this problem.
    
    On 2024/4/30 17:14, Daniel Gustafsson wrote:
    >> On 30 Apr 2024, at 04:41, Jingxian Li <aqktjcm@qq.com> wrote:
    >
    >> Attached is a patch that fixes bug when calling strncmp function, in 
    >> which case the third argument (authmethod - strchr(authmethod, ' ')) 
    >> may be negative, which is not as expected..
    >
    > The calculation is indeed incorrect, but the lack of complaints of it being
    > broken made me wonder why this exist in the first place.  This dates back to
    > e7029b212755, just shy of 2 decades old, which added --auth with support for
    > strings with auth-options to ident and pam like --auth 'pam <servicename>' and
    > 'ident sameuser'.  Support for options to ident was removed in 01c1a12a5bb4 but
    > options to pam is still supported (although not documented), but was AFAICT
    > broken in commit 8a02339e9ba3 some 12 years ago with this strncmp().
    >
    > -  if (strncmp(authmethod, *p, (authmethod - strchr(authmethod, ' '))) == 0)
    > +  if (strncmp(authmethod, *p, (strchr(authmethod, ' ') - authmethod)) == 0)
    >
    > This with compare "pam postgresql" with "pam" and not "pam " so the length
    > should be "(strchr(authmethod, ' ') - authmethod + 1)" since "pam " is a method
    > separate from "pam" in auth_methods_{host|local}.  We don't want to allow "md5
    > " as that's not a method in the array of valid methods.
    >
    > But, since it's been broken in all supported versions of postgres and has
    > AFAICT never been documented to exist, should we fix it or just remove it?  We
    > don't support auth-options for any other methods, like clientcert to cert for
    > example.  If we fix it we should also document that it works IMHO.
    
    You mentioned that auth-options are not supported for auth methods except pam,
    but I found that  some methods (such as  ldap and radius etc.) also requires aut-options,
    and there are no corresponding auth methods ending with space (such as  "ldap " and 
    radius ") present in auth_methods_host and auth_methods_local arrays.
    
    --
    Jingxian Li
    
  22. Re: [PATCH] Fix bug when calling strncmp in check_authmethod_valid

    Daniel Gustafsson <daniel@yesql.se> — 2024-05-13T08:34:48Z

    > On 7 May 2024, at 06:46, Jingxian Li <aqktjcm@qq.com> wrote:
    
    >> But, since it's been broken in all supported versions of postgres and has
    >> AFAICT never been documented to exist, should we fix it or just remove it?  We
    >> don't support auth-options for any other methods, like clientcert to cert for
    >> example.  If we fix it we should also document that it works IMHO.
    > 
    > You mentioned that auth-options are not supported for auth methods except pam,
    > but I found that  some methods (such as  ldap and radius etc.) also requires aut-options,
    > and there are no corresponding auth methods ending with space (such as  "ldap " and 
    > radius ") present in auth_methods_host and auth_methods_local arrays.
    
    Correct, only pam and ident were ever supported (yet not documented) and ident
    was removed a long time ago.
    
    Searching the archives I was unable to find any complaints, and this has been
    broken for the entire window of supported releases, so I propose we remove it
    as per the attached patch.  If anyone is keen on making this work again for all
    the types where it makes sense, it can be resurrected (probably with a better
    implementation).
    
    Any objections to fixing this in 17 by removing it? (cc:ing Michael from the RMT)
    
    --
    Daniel Gustafsson
    
    
  23. Re: [PATCH] Fix bug when calling strncmp in check_authmethod_valid

    Aleksander Alekseev <aleksander@timescale.com> — 2024-05-13T10:01:21Z

    Hi,
    
    > Searching the archives I was unable to find any complaints, and this has been
    > broken for the entire window of supported releases, so I propose we remove it
    > as per the attached patch.  If anyone is keen on making this work again for all
    > the types where it makes sense, it can be resurrected (probably with a better
    > implementation).
    >
    > Any objections to fixing this in 17 by removing it? (cc:ing Michael from the RMT)
    
    +1 Something that is not documented or used by anyone (apparently) and
    is broken should just be removed.
    
    -- 
    Best regards,
    Aleksander Alekseev
    
    
    
    
  24. Re: [PATCH] Fix bug when calling strncmp in check_authmethod_valid

    Michael Paquier <michael@paquier.xyz> — 2024-05-14T05:12:38Z

    On Mon, May 13, 2024 at 01:01:21PM +0300, Aleksander Alekseev wrote:
    >> Any objections to fixing this in 17 by removing it? (cc:ing Michael from the RMT)
    > 
    > +1 Something that is not documented or used by anyone (apparently) and
    > is broken should just be removed.
    
    8a02339e9ba3 sounds like an argument good enough to prove there is no
    demand in the field for being able to support options through initdb
    --auth, and this does not concern only pam.  If somebody is interested
    in that, that could always be done later.  My take is that this would
    be simpler if implemented through a separate option, leaving the
    checks between the options and the auth method up to the postmaster
    when loading pg_hba.conf at startup.
    
    Hence, no objections to clean up that now.  Thanks for asking.
    --
    Michael
    
  25. Re: [PATCH] Fix bug when calling strncmp in check_authmethod_valid

    Daniel Gustafsson <daniel@yesql.se> — 2024-05-14T09:45:28Z

    > On 14 May 2024, at 07:12, Michael Paquier <michael@paquier.xyz> wrote:
    
    > Hence, no objections to clean up that now.  Thanks for asking.
    
    Thanks for verifying, I've pushed this now.
    
    --
    Daniel Gustafsson