Data directory on read-only media - Mailing list pgsql-hackers

From Heikki Linnakangas
Subject Data directory on read-only media
Date
Msg-id Pine.OSF.4.61.0511201815450.399601@kosh.hut.fi
Whole thread Raw
Responses Re: Data directory on read-only media
Re: Data directory on read-only media
Re: Data directory on read-only media
Tablespace on ramdisk
List pgsql-hackers
Hi,

I've been thinking about running postgres from read-only media. It's 
handy for creating demo CDs etc. I hacked together a patch that allows 
you to run Postgres without write permissions to the data directory.

Some changes are needed:

1. Force all transactions to be read-only, using the mechanisms alread in 
place. This catches all the obvious INSERT/UPDATE/CREATE modifications.

2. Disable VACUUM, CLUSTER, and nextval/setval

3. Disable bgwriter and manual checkpoints.

4. Don't increment xid counter, just use a single xid for all 
transactions. Otherwise we might reach the xid wrap-around point, and we 
can't vacuum. It seems safe to me, am I missing anything?

5. Don't try to write buffers with commit hint modifications. Just discard 
them.

6. Don't write the stats file, opts file, or user/group files.

7. Don't write free space map.

8. Disable two-phase commit.

9. Modify startup and shutdown routines so that they don't write control 
file, checkpoint, or attempt recovery.

Tricky parts:

10. Temporary tables. Should they be created in /tmp instead of the 
datadir, or just disabled? How about temporary views?

11. Temporary files in sorting and hash joins. Use /tmp?

12. Subtransactions. Even read-only transactions write to the 
subtrans-files, don't they? Also, what happens to the subtrans system if 
we reuse the same xid over and over again?

13. NOTIFY/LISTEN. I guess most people use NOTIFY/LISTEN for cache 
coherency etc, so I don't think many people will miss it in read-only 
mode. And there has been plans to refactor it to an in-memory thing 
anyway.

14. How to put the system to read-only mode? It needs to be something that 
makes it impossible to run another postmaster in read/write mode at the 
same time, without requiring write access to the data dir. I'm thinking of 
a utility that creates a special postmaster.pid file. When a postmaster 
starts up and sees that special postmaster.pid file, it starts in 
read-only mode. The system must be in clean shutdowned state.

Does anyone remember anything else that writes to disk?

The patch does most of the above. There's no utility yet to create the 
special postmaster.pid file. Use "echo readonly > data/postmaster.pid" 
instead.

Here's the patch:
http://users.tkk.fi/~hlinnaka/pgsql/readonly-20051120.diff

- Heikki


pgsql-hackers by date:

Previous
From: Tom Lane
Date:
Subject: Re: Returning multiple result sets
Next
From: Michael Fuhr
Date:
Subject: Plan chosen for PQexecParams