On 08/05/2013 11:28 AM, Stephen Frost wrote:
> * Josh Berkus (josh@agliodbs.com) wrote:
>> Nope. ALTER SYSTEM, from my POV, is mainly for folks who *don't* use
>> Puppet/Chef/whatever.
>
> Ok, that's fine, but let's try to avoid making life difficult for those
> who *do* use puppet/chef/whatever. This capability runs a very high
> risk of that by allowing a DBA who *isn't* a sysadmin to go modifying
> things that depend on external-to-PG factors.
See thread "Disabling ALTER SYSTEM SET". In short, I agree with you.
>
>> Here's where I see ALTER SYSTEM being useful:
>>
>> * invididually managed servers with out centralized management (i.e. one
>> DBA, one server).
>> * developer machines (i.e. laptops and vms)
>
> The above strikes me as being already dealt with through pgAdmin and the
> 'admin pack', if the user wants a GUI to use for modifying these
> parameters (which seems like what they'd primairly get out of ALTER
> SYSTEM SET- pgAdmin, or whatever $gui wouldn't have to depend on the
> admin pack).
Except that forcing developers to install the admin pack and pgadmin to
get this functionality is a high barrier to entry exactly where we don't
want one.
>
>> * automated testing of tweaking performance parameters
>
> This sounds like you'd need tooling around it to make it work anyway,
> which could probably handle modifying a text file, but even if not,
> these paremeters may be on the 'safe' list.
Well, frankly, it's the main reason why *I* want ALTER SYSTEM SET. It
makes my job writing automated testing scripts easier. Certainly it was
possible before, but there's value in "easier".
And that's the reason I don't want you to take away the ability to
modify shared_buffers et. al. ;-)
On 08/05/2013 11:30 AM, Stefan Kaltenbrunner wrote:> Nevertheless my
main point is that people _WILL_ use this as a simple
> convinience tool not fully understanding all the complex implications,
> and in a few years from now running people with superuser by default
> (because people will create "cool little tools say to change stuff from
> my tray or using $IOS app" that have a little small comment "make sure
> to create the user "WITH SUPERUSER" and people will follow like lemmings.
Most of our users not on Heroku are running with superuser as the app
user now. Like, 95% of them based on my personal experience (because
our object permissions management sucks). In that this feature will
further discourage people from having a separate application user,
there's some argument. However, it's really an argument for not having
ALTER SYSTEM SET *at all* rather than restricting it to "safe" GUCs, no?
--
Josh Berkus
PostgreSQL Experts Inc.
http://pgexperts.com
