Re: Superuser connect during smart shutdown

On 10/16/14, 11:46 PM, David G Johnston wrote:
> Tom Lane-2 wrote
>>> Something else mentioned was that once you start a smart shutdown you
>>> have no good way (other than limited ps output) to see what the shutdown
>>> is waiting on. I'd like to have some way to get back into the database
>>> to see what's going on. Perhaps we could allow superusers to connect
>>> while waiting for shutdown.
>>
>> I think this idea is going to founder on the fact that the postmaster
>> has no way to tell whether an incoming connection is for a superuser.
>> You don't find that out until you've connected to a database and run
>> a transaction (so you can read pg_authid). And by that point, you've
>> already had a catastrophic impact on any attempt to shut things down.
>
> This quote from the documentation seems suspect in light of your comment...
>
> "While backup mode is active, new connections will still be allowed, but
> only to superusers (this exception allows a superuser to connect to
> terminate online backup mode)."
>
> http://www.postgresql.org/docs/9.3/interactive/server-shutdown.html

check_hba() does

if (!check_role(port->user_name, roleid, hba->roles))
continue;

And check_role(char **newval, void **extra, GucSource source) does

is_superuser = ((Form_pg_authid) GETSTRUCT(roleTup))->rolsuper;
...
myextra->roleid = roleid;
myextra->is_superuser = is_superuser;
*extra = (void *) myextra;

So presumably with some changes to how we're calling check_role() we could determine if port->user_name is a superuser.

I also like the idea of specifying that a connection should be terminated by a smart shutdown; I agree that'd be useful for monitoring tools and what-not. If folks agree with that I can take a stab at implementing it.

Since I tend to be paranoid, I like smart being the default, but seems I'm in the minority there.
--
Jim Nasby, Data Architect, Blue Treble Consulting
Data in Trouble? Get it in Treble! http://BlueTreble.com