Postgres Pro
Downloads
Home   >   mailing lists

Re: Unsafe GUCs and ALTER SYSTEM WAS: Re: ALTER SYSTEM SET - Mailing list pgsql-hackers

From Stefan Kaltenbrunner
Subject Re: Unsafe GUCs and ALTER SYSTEM WAS: Re: ALTER SYSTEM SET
Date
Msg-id 51FFEB95.9080605@kaltenbrunner.cc
Whole thread Raw
In response to Re: Unsafe GUCs and ALTER SYSTEM WAS: Re: ALTER SYSTEM SET  (Josh Berkus <josh@agliodbs.com>)
List pgsql-hackers
Tree view 
On 08/05/2013 08:02 PM, Josh Berkus wrote:
> On 08/05/2013 10:49 AM, Stephen Frost wrote:
>> Josh, I really have to ask- are these people who are implementing puppet
>> to control these configs really clamoring to have an 'ALTER SYSTEM' PG
>> command to have to code against instead of dealing with text files?  I
>> feel like you're arguing for these parameters to be modifiable through
>> ALTER SYSTEM on the grounds that these parameters need to be set at some
>> point and in some way and not because having them set through ALTER
>> SYSTEM actually makes any *sense*.
> 
> Nope.  ALTER SYSTEM, from my POV, is mainly for folks who *don't* use
> Puppet/Chef/whatever.  Here's where I see ALTER SYSTEM being useful:
> 
> * invididually managed servers with out centralized management (i.e. one
> DBA, one server).
> * developer machines (i.e. laptops and vms)
> * automated testing of tweaking performance parameters
> * setting logging parameters temporarily on systems under centralized
> management

overridding the configuration system, that will just lead to very
confused sysadmins why something that was configurated now behaves
differently and I cause operational hazards because people _WILL_ forget
changing those "temporary only" settings back?

> 
> For that reason, the only way in which I think it makes sense to try to
> make ALTER SYSTEM set work together with Puppet/Chef is in the rather
> limited context of modifying the logging settings for limited-time data
> collection.  Mostly, ALTER SYSTEM SET is for systems were people
> *aren't* using Puppet/Chef.

I tend to disagree, the current approach of ALTER SYSTEM requiring
superuser basically means:

* in a few years from now people will just use superuser over the
network for almost all stuff "because its easy and I can click around in
$gui", having potential "unsafe" operations available over the network
will in turn cause a lot of actual downtime (in a lot of cases the
reason why people want remote management is because the don't have
physical/shell access - so if they break stuff they cannot fix)

* for classic IaaS/SaaS/DBaaS the ALTER SYSTEM seems to be mostly
useless in the current form - because most of them will not or cannot
hand out flat out superuser (like if you run a managed service you might
want customers to be able to tweak some stuff but say not
archive/pitr/replication stuff because the responsibility for backups is
with the hosting company)




Stefan

pgsql-hackers by date:

Previous
From: Stephen Frost
Date:
Subject: Re: whichever ALTER SYSTEM thread is the right one
Next
From: Josh Berkus
Date:
Subject: Re: Disabling ALTER SYSTEM SET WAS: Re: ALTER SYSTEM SET command to change postgresql.conf parameters