| From: | Stefan Kaltenbrunner <stefan(at)kaltenbrunner(dot)cc> |
|---|---|
| To: | Josh Berkus <josh(at)agliodbs(dot)com> |
| Cc: | Stephen Frost <sfrost(at)snowman(dot)net>, Bruce Momjian <bruce(at)momjian(dot)us>, Greg Stark <stark(at)mit(dot)edu>, Andres Freund <andres(at)2ndquadrant(dot)com>, Alvaro Herrera <alvherre(at)2ndquadrant(dot)com>, Fujii Masao <masao(dot)fujii(at)gmail(dot)com>, Robert Haas <robertmhaas(at)gmail(dot)com>, Amit Kapila <amit(dot)kapila(at)huawei(dot)com>, Dimitri Fontaine <dimitri(at)2ndquadrant(dot)fr>, pgsql-hackers(at)postgresql(dot)org, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Subject: | Re: Unsafe GUCs and ALTER SYSTEM WAS: Re: ALTER SYSTEM SET |
| Date: | 2013-08-05 18:14:45 |
| Message-ID: | 51FFEB95.9080605@kaltenbrunner.cc |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On 08/05/2013 08:02 PM, Josh Berkus wrote:
> On 08/05/2013 10:49 AM, Stephen Frost wrote:
>> Josh, I really have to ask- are these people who are implementing puppet
>> to control these configs really clamoring to have an 'ALTER SYSTEM' PG
>> command to have to code against instead of dealing with text files? I
>> feel like you're arguing for these parameters to be modifiable through
>> ALTER SYSTEM on the grounds that these parameters need to be set at some
>> point and in some way and not because having them set through ALTER
>> SYSTEM actually makes any *sense*.
>
> Nope. ALTER SYSTEM, from my POV, is mainly for folks who *don't* use
> Puppet/Chef/whatever. Here's where I see ALTER SYSTEM being useful:
>
> * invididually managed servers with out centralized management (i.e. one
> DBA, one server).
> * developer machines (i.e. laptops and vms)
> * automated testing of tweaking performance parameters
> * setting logging parameters temporarily on systems under centralized
> management
overridding the configuration system, that will just lead to very
confused sysadmins why something that was configurated now behaves
differently and I cause operational hazards because people _WILL_ forget
changing those "temporary only" settings back?
>
> For that reason, the only way in which I think it makes sense to try to
> make ALTER SYSTEM set work together with Puppet/Chef is in the rather
> limited context of modifying the logging settings for limited-time data
> collection. Mostly, ALTER SYSTEM SET is for systems were people
> *aren't* using Puppet/Chef.
I tend to disagree, the current approach of ALTER SYSTEM requiring
superuser basically means:
* in a few years from now people will just use superuser over the
network for almost all stuff "because its easy and I can click around in
$gui", having potential "unsafe" operations available over the network
will in turn cause a lot of actual downtime (in a lot of cases the
reason why people want remote management is because the don't have
physical/shell access - so if they break stuff they cannot fix)
* for classic IaaS/SaaS/DBaaS the ALTER SYSTEM seems to be mostly
useless in the current form - because most of them will not or cannot
hand out flat out superuser (like if you run a managed service you might
want customers to be able to tweak some stuff but say not
archive/pitr/replication stuff because the responsibility for backups is
with the hosting company)
Stefan
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Joshua D. Drake | 2013-08-05 18:16:19 | Autovacuum different in 9.2.4? |
| Previous Message | Stephen Frost | 2013-08-05 18:13:41 | Re: whichever ALTER SYSTEM thread is the right one |