Re: Unsafe GUCs and ALTER SYSTEM WAS: Re: ALTER SYSTEM SET - Mailing list pgsql-hackers
From | Stefan Kaltenbrunner |
---|---|
Subject | Re: Unsafe GUCs and ALTER SYSTEM WAS: Re: ALTER SYSTEM SET |
Date | |
Msg-id | 51FFECE3.3010104@kaltenbrunner.cc Whole thread Raw |
In response to | Re: Unsafe GUCs and ALTER SYSTEM WAS: Re: ALTER SYSTEM SET (Josh Berkus <josh@agliodbs.com>) |
List | pgsql-hackers |
On 08/05/2013 07:01 PM, Josh Berkus wrote: > Stephen, all: > > (forked from main ALTER SYSTEM discussion. this thread is meant to > discuss only this question: > > E) whether "unsafe" settings or "restart" settings should be allowed in > ALTER SYSTEM SET.) > > On 08/02/2013 01:48 PM, Stephen Frost wrote: >> Reflecting on this a bit more, I'm curious what your list-of-15 is. > > Based on serving literally hundreds of clients, the below are the > settings we change on client servers 50% or more of the time. Other > settings I touch maybe 10% of the time. THese are also, in general, the > settings which I modify when we create Puppet/Chef/Salt scripts for clients. > > listen_addresses*@ > shared_buffers*@ > work_mem > maintenance_work_mem > effective_cache_size > synchronous_commit (because of amazon) > wal_buffers*@ > checkpoint_segments*@ > checkpoint_completion_target* (because of ext3) > autovacuum* (turn off for data warehouses, > turn back on for very mistaken users) > stats_file_directory*@ > > replication/archiving settings as a set*@ > wal_level, max_wal_senders, wal_keep_segments, hot_standby, archive_mode > and archive_command > > logging settings as a set > logging_collector* > everything else > > * = requires a cold start to change > @ potentially can cause failure to restart > > Note that two of the settings, shared_buffers and wal_buffers, become > much less of an issue for restarting the system in 9.3. Also, it's > possible that Heikki's automated WAL log management might deal with > out-of-disk-space better than currently, which makes that less of a risk. > > However, you'll see that among the 11 core settings, 7 require a full > restart, and 5 could "potentially cause failure to restart". That means > that from my perspective, ALTER SYSTEM SET is at least 45% useless if it > can't touch unsafe settngs, and 63% useless if it can't touch any > setting which requires a restart. Adding the replication settings into > things makes stuff significantly worse that way, although ALTER SYSTEM > SET would be very useful for logging options provided that > logging_collector was turned on. not sure at all I agree with our "% useless" measure but we need to consider that having all of those available over remote means they will suddenly become "action at a distance" thingies, people will play with them more and randomly change stuff, and a lot of those can break the entire system because of say overrunning system resources. The same thing can happen now just as well, but having them available from remote will also result in tools doing this and people that have less information about the hardware and system or what else is going on on that box. Also we have to keep in mind that in most scenarios the logfile and potentially reported errors/warnings there will be useless because people will never see them... Stefan
pgsql-hackers by date: