Data directory on read-only media

From: Heikki Linnakangas <hlinnaka(at)iki(dot)fi>
To: pgsql-hackers(at)postgresql(dot)org
Subject: Data directory on read-only media
Date: 2005-11-20 20:39:49
Message-ID: Pine.OSF.4.61.0511201815450.399601@kosh.hut.fi
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

Hi,

I've been thinking about running postgres from read-only media. It's
handy for creating demo CDs etc. I hacked together a patch that allows
you to run Postgres without write permissions to the data directory.

Some changes are needed:

1. Force all transactions to be read-only, using the mechanisms alread in
place. This catches all the obvious INSERT/UPDATE/CREATE modifications.

2. Disable VACUUM, CLUSTER, and nextval/setval

3. Disable bgwriter and manual checkpoints.

4. Don't increment xid counter, just use a single xid for all
transactions. Otherwise we might reach the xid wrap-around point, and we
can't vacuum. It seems safe to me, am I missing anything?

5. Don't try to write buffers with commit hint modifications. Just discard
them.

6. Don't write the stats file, opts file, or user/group files.

7. Don't write free space map.

8. Disable two-phase commit.

9. Modify startup and shutdown routines so that they don't write control
file, checkpoint, or attempt recovery.

Tricky parts:

10. Temporary tables. Should they be created in /tmp instead of the
datadir, or just disabled? How about temporary views?

11. Temporary files in sorting and hash joins. Use /tmp?

12. Subtransactions. Even read-only transactions write to the
subtrans-files, don't they? Also, what happens to the subtrans system if
we reuse the same xid over and over again?

13. NOTIFY/LISTEN. I guess most people use NOTIFY/LISTEN for cache
coherency etc, so I don't think many people will miss it in read-only
mode. And there has been plans to refactor it to an in-memory thing
anyway.

14. How to put the system to read-only mode? It needs to be something that
makes it impossible to run another postmaster in read/write mode at the
same time, without requiring write access to the data dir. I'm thinking of
a utility that creates a special postmaster.pid file. When a postmaster
starts up and sees that special postmaster.pid file, it starts in
read-only mode. The system must be in clean shutdowned state.

Does anyone remember anything else that writes to disk?

The patch does most of the above. There's no utility yet to create the
special postmaster.pid file. Use "echo readonly > data/postmaster.pid"
instead.

Here's the patch:
http://users.tkk.fi/~hlinnaka/pgsql/readonly-20051120.diff

- Heikki

Responses

Browse pgsql-hackers by date

  From Date Subject
Next Message Tom Lane 2005-11-20 20:41:36 Re: Returning multiple result sets
Previous Message Heikki Linnakangas 2005-11-20 20:34:29 Re: Materialized views (Was Re: Improving count(*))