Thread: [DOCS] adduser is missing --system
The following documentation comment has been logged on the website: Page: https://www.postgresql.org/docs/9.6/static/install-short.html Description: Hi, regarding https://www.postgresql.org/docs/9.6/static/install-short.html adduser postgres should be adduser --system postgres otherwise you might face *PANIC: queueing for lock while waiting on another one due to systemd Config with RemoveIPC=true Kind regards, Jens -- Sent via pgsql-docs mailing list (pgsql-docs@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-docs
On Thu, Sep 28, 2017 at 6:33 AM, <jens@wilke.org> wrote: > The following documentation comment has been logged on the website: > > Page: https://www.postgresql.org/docs/9.6/static/install-short.html > Description: > > Hi, > > regarding > https://www.postgresql.org/docs/9.6/static/install-short.html > > adduser postgres > should be > adduser --system postgres > > otherwise you might face > *PANIC: queueing for lock while waiting on another one > > due to systemd Config with RemoveIPC=true This part of the documentation is really aimed at being short. Please note as well that this has been added to the documentation of Postgres 10 with this commit: commit: fbe7a3fa45f360e73ce141e51005a3e86cd1926c author: Peter Eisentraut <peter_e@gmx.net> date: Wed, 15 Feb 2017 10:46:31 -0500 doc: Add advice about systemd RemoveIPC Reviewed-by: Magnus Hagander <magnus@hagander.net> Here is the link to it: https://www.postgresql.org/docs/devel/static/kernel-resources.html#systemd-removeipc And the important quote: "Packaging and deployment scripts should be careful to create the postgres user as a system user by using useradd -r, adduser --system, or equivalent." -- Michael -- Sent via pgsql-docs mailing list (pgsql-docs@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-docs
Michael Paquier <michael.paquier@gmail.com> writes:
> Please note as well that this has been added to the documentation of Postgres
> 10 with this commit:
Yeah. I think Peter should back-patch that, but he hasn't yet.
The issue might be moot as of v10 anyway, because of this other commit:
Author: Tom Lane <tgl@sss.pgh.pa.us>
Branch: master Release: REL_10_STABLE [ecb0d20a9] 2016-10-09 18:03:45 -0400
Use unnamed POSIX semaphores, if available, on Linux and FreeBSD. We've had support for using unnamed POSIX
semaphoresinstead of System V semaphores for quite some time, but it was not used by default on any platform.
Sincemany systems have rather small limits on the number of SysV semaphores allowed, it seems desirable to switch to
POSIXsemaphores where they're available and don't create performance or kernel resource problems. Experimentation
byme shows that unnamed POSIX semaphores are at least as good as SysV semaphores on Linux, and we previously had a
reportfrom Maksym Sobolyev that FreeBSD is significantly worse with SysV semaphores than POSIX ones. So adjust those
twoplatforms to use unnamed POSIX semaphores, if configure can find the necessary library functions. If this goes
well,we may switch other platforms as well, but it would be advisable to test them individually first.
We didn't think about the systemd angle at the time, but this change
might make PG reasonably systemd-proof even without direct protection
from RemoveIPC. I've not tried to experiment though.
regards, tom lane
--
Sent via pgsql-docs mailing list (pgsql-docs@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-docs
I wrote: > The issue might be moot as of v10 anyway, because of this other commit: Ah, scratch that, I'd forgotten the discussion here: https://www.postgresql.org/message-id/flat/32387.1481079186%40sss.pgh.pa.us The switch to unnamed POSIX semaphores will help, but it's not a complete fix because default-configured systemd will still break DSM usage. In practice I think that means that parallel queries launching at the same moment you log out will fail. That's way more survivable than the semaphores going away, but it's still not very nice. regards, tom lane -- Sent via pgsql-docs mailing list (pgsql-docs@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-docs