Robert Haas <robertmhaas@gmail.com> writes:
> On Fri, Feb 9, 2018 at 3:08 AM, Kyotaro HORIGUCHI
> <horiguchi.kyotaro@lab.ntt.co.jp> wrote:
>> I think that we can safely increase the fallback value to 20 with
>> which regtests are known not to fail.
> I propose an alternative fix: let's instead change the code like this:
> if (max_wal_senders > MaxConnections)
I think there is a bigger reason not to like that code. If you look
a bit wider at the context, we are independently constraining
max_wal_senders and ReservedBackends:
if (ReservedBackends >= MaxConnections)
{
write_stderr("%s: superuser_reserved_connections must be less than max_connections\n", progname);
ExitPostmaster(1);
}
if (max_wal_senders >= MaxConnections)
{
write_stderr("%s: max_wal_senders must be less than max_connections\n", progname);
ExitPostmaster(1);
}
But this is insufficient to prevent trouble, because elsewhere we learn that
* The last few connections slots are reserved for superusers. Although
* replication connections currently require superuser privileges, we
* don't allow them to consume the reserved slots, which are intended for
* interactive use.
Therefore, the condition that actually ought to be getting enforced here
is either "ReservedBackends + max_wal_senders < MaxConnections", or
"ReservedBackends + max_wal_senders <= MaxConnections", depending on
whether you think it's appropriate to require at least one not-reserved-
for-superusers connection slot to remain available if the walsenders
slots are fully populated.
Then, seeing that the factory defaults are ReservedBackends = 3 and
max_wal_senders = 10, something's got to give; there's no way that
max_connections = 10 can work with those. But what I would argue is that
of those three choices, the least defensible one is max_wal_senders = 10.
Where did that come from? What fraction of real-world installations will
need that? We don't choose defaults that overprovision small
installations by 5X or 10X anywhere else, so why here?
My proposal is to default max_wal_senders to perhaps 3, and leave
initdb's logic alone.
regards, tom lane