Re: [HACKERS] read-only database

Satoshi Nagayasu wrote:
>
> Tom Lane wrote:
> > I'd view this as a postmaster state that propagates to backends.
> > Probably you'd enable it by means of a postmaster option, and the
> > only way to get out of it is to shut down and restart the postmaster
> > without the option.
>
> I've created a patch to make a postmaster read-only.
> (attached patch can be applied to 8.0.1)
>
> Read-only state can be enabled/disabled by the postmaster option,
> or the postgresql.conf option.
>
> If you start the postmaster with "-r" options,
> the cluster will go to read-only.
>
> % pg_ctl -o "-i -r" -D $PGDATA start
>
> Or if you set "readonly_cluster = true" in the postgresql.conf,
> the cluster will also become read-only.

Nice idea. I have attached a new patch which has a few adjustments.

First, we are moving away from using postmaster flags, and instead
encouraging people to use postgresql.conf, so I removed the -r flag but
added an entry in postgresql.conf for this. I can see why it might be
nice to have it as a postmaster flag, but at a certain point the number
of flags gets too confusing so postgresql.conf is better. Second, I
changed it so it can be modified by a sighup to the postmaster, which
can't be done with a postmaster flag.

Also, I renamed it to server_read_only because that seems more
consistent than readonly_cluster.

Also, I added documentation for this postgresql.conf variable.

With this change, I see we now have three read_only options:

transaction_read_only
default_transaction_read_only
server_read_only

The first one is not documented (should it be?) and I assume allows you
to query and change the READ ONLY status of a single transaction, while
default_transaction_read_only affects all new transactions for the
session, and server_read_only is for all transactions on the server.

It seems server_read_only is the same as default_transaction_read_only
except it can't be changed. It seems more like a secure version of
default_transaction_read_only rather than something new.

If we set default_transaction_read_only to true in postgresql.conf,
could we just prevent that from being changed by a session. As I
remember we have abandoned the idea of trying to limit session changes
to postgresql.conf values so maybe this is the way we have to go.

--
Bruce Momjian | http://candle.pha.pa.us
pgman(at)candle(dot)pha(dot)pa(dot)us | (610) 359-1001
+ If your life is a hard drive, | 13 Roberts Road
+ Christ can be your backup. | Newtown Square, Pennsylvania 19073