本文主要是介绍PostgreSQL的学习心得和知识总结(一百三十九)|深入理解PostgreSQL数据库GUC参数 allow_alter_system 的使用和原理,希望对大家解决编程问题提供一定的参考价值,需要的开发者们随着小编来一起学习吧!
目录结构
注:提前言明 本文借鉴了以下博主、书籍或网站的内容,其列表如下:
1、参考书籍:《PostgreSQL数据库内核分析》
2、参考书籍:《数据库事务处理的艺术:事务管理与并发控制》
3、PostgreSQL数据库仓库链接,点击前往
4、日本著名PostgreSQL数据库专家 铃木启修 网站主页,点击前往
5、参考书籍:《PostgreSQL中文手册》
6、参考书籍:《PostgreSQL指南:内幕探索》,点击前往
7、参考书籍:《事务处理 概念与技术》
8、PgSQL · 性能优化 · PostgreSQL TPC-C极限优化玩法,点击前往
1、本文内容全部来源于开源社区 GitHub和以上博主的贡献,本文也免费开源(可能会存在问题,评论区等待大佬们的指正)
2、本文目的:开源共享 抛砖引玉 一起学习
3、本文不提供任何资源 不存在任何交易 与任何组织和机构无关
4、大家可以根据需要自行 复制粘贴以及作为其他个人用途,但是不允许转载 不允许商用 (写作不易,还请见谅 💖)
5、本文内容基于PostgreSQL master源码开发而成
深入理解PostgreSQL数据库GUC参数 allow_alter_system 的使用和原理
- 文章快速说明索引
- 参数使用背景说明
- 背景
- 使用
- 参数实现源码解析
文章快速说明索引
学习目标:
做数据库内核开发久了就会有一种 少年得志,年少轻狂 的错觉,然鹅细细一品觉得自己其实不算特别优秀 远远没有达到自己想要的。也许光鲜的表面掩盖了空洞的内在,每每想到于此,皆有夜半临渊如履薄冰之感。为了睡上几个踏实觉,即日起 暂缓其他基于PostgreSQL数据库的兼容功能开发,近段时间 将着重于学习分享Postgres的基础知识和实践内幕。
学习内容:(详见目录)
1、深入理解PostgreSQL数据库GUC参数 allow_alter_system 的使用和原理
学习时间:
2024年04月21日 14:44:16
学习产出:
1、PostgreSQL数据库基础知识回顾 1个
2、CSDN 技术博客 1篇
3、PostgreSQL数据库内核深入学习
注:下面我们所有的学习环境是Centos8+PostgreSQL master +Oracle19C+MySQL8.0
postgres=# select version();version
------------------------------------------------------------------------------------------------------------PostgreSQL 17devel on x86_64-pc-linux-gnu, compiled by gcc (GCC) 8.5.0 20210514 (Red Hat 8.5.0-21), 64-bit
(1 row)postgres=##-----------------------------------------------------------------------------#SQL> select * from v$version; BANNER Oracle Database 19c EE Extreme Perf Release 19.0.0.0.0 - Production
BANNER_FULL Oracle Database 19c EE Extreme Perf Release 19.0.0.0.0 - Production Version 19.17.0.0.0
BANNER_LEGACY Oracle Database 19c EE Extreme Perf Release 19.0.0.0.0 - Production
CON_ID 0#-----------------------------------------------------------------------------#mysql> select version();
+-----------+
| version() |
+-----------+
| 8.0.27 |
+-----------+
1 row in set (0.06 sec)mysql>
参数使用背景说明
背景
2024/03/29日,PostgreSQL新增一个GUC参数,如下:
- Discussion: Possibility to disable
ALTER SYSTEM,点击前往
添加allow_alter_system GUC
这个被标记为PGC_SIGHUP,所以只能在配置文件中设置,不能在其他地方设置;并且它还被标记为GUC_DISALLOW_IN_AUTO_FILE,因此不能使用ALTER SYSTEM进行设置。当设置为 false 时,不允许使用 ALTER SYSTEM 命令
人们非常担心这会被误解为安全功能,但事实并非如此,因为坚定的超级用户可以通过多种方式绕过它。因此,我们在文档的措辞上做了很多工作,希望避免任何此类混乱
官方文档的解释,如下:
当allow_alter_system设置为off时,执行ALTER SYSTEM命令会返回错误。该参数只能在 postgresql.conf 文件或服务器命令行中设置。默认值是打开的
请注意,此设置不得视为安全功能。它仅禁用 ALTER SYSTEM 命令。它不会阻止超级用户使用其他 SQL 命令更改配置。超级用户有多种在操作系统级别执行 shell 命令的方法,因此可以修改 postgresql.auto.conf,无论此设置的值如何
关闭此设置适用于 PostgreSQL 配置由某些外部工具管理的环境。在这种环境中,善意的超级用户可能会错误地使用 ALTER SYSTEM 来更改配置,而不是使用外部工具。这可能会导致意外行为,例如外部工具在稍后更新配置时覆盖更改。将此参数设置为关闭可以帮助避免此类错误
该参数仅控制 ALTER SYSTEM 的使用。即使allow_alter_system设置为off,存储在postgresql.auto.conf中的设置也会生效
使用
接下来看一个简单的使用,示例1如下:
[postgres@localhost:~/test/bin]$ ./psql
psql (17devel)
Type "help" for help.postgres=# show timezone;TimeZone
---------------------America/Los_Angeles
(1 row)postgres=# set timezone = 'PRC';
SET
postgres=# show timezone;TimeZone
----------PRC
(1 row)postgres=# select now();now
-------------------------------2024-04-18 15:35:49.411729+08
(1 row)postgres=# reset timezone;
RESET
postgres=# show timezone;TimeZone
---------------------America/Los_Angeles
(1 row)postgres=# select now();now
-------------------------------2024-04-18 00:36:06.505543-07
(1 row)postgres=# alter system set timezone = 'PRC';
2024-04-18 00:36:23.026 PDT [30697] ERROR: ALTER SYSTEM is not allowed in this environment
2024-04-18 00:36:23.026 PDT [30697] STATEMENT: alter system set timezone = 'PRC';
ERROR: ALTER SYSTEM is not allowed in this environment
postgres=#
postgres=# show timezone;TimeZone
---------------------America/Los_Angeles
(1 row)postgres=# show allow_alter_system;allow_alter_system
--------------------off
(1 row)postgres=# alter system set allow_alter_system = on;
2024-04-18 00:40:03.694 PDT [30697] ERROR: ALTER SYSTEM is not allowed in this environment
2024-04-18 00:40:03.694 PDT [30697] STATEMENT: alter system set allow_alter_system = on;
ERROR: ALTER SYSTEM is not allowed in this environment
postgres=#
[postgres@localhost:~/test/bin]$ cat test/postgresql.conf | grep allow_alter_system
allow_alter_system = off
[postgres@localhost:~/test/bin]$
示例2,如下:
[postgres@localhost:~/test/bin]$ cat test/postgresql.conf | grep allow_alter_system
allow_alter_system = off
[postgres@localhost:~/test/bin]$
[postgres@localhost:~/test/bin]$ vim test/postgresql.auto.conf
[postgres@localhost:~/test/bin]$
[postgres@localhost:~/test/bin]$ cat test/postgresql.auto.conf
# Do not edit this file manually!
# It will be overwritten by the ALTER SYSTEM command.
allow_alter_system = on
[postgres@localhost:~/test/bin]$
[postgres@localhost:~/test/bin]$ ./pg_ctl restart -D test/
waiting for server to shut down....2024-04-24 23:05:34.217 PDT [30683] LOG: received fast shutdown request
2024-04-24 23:05:34.219 PDT [30683] LOG: aborting any active transactions
2024-04-24 23:05:34.220 PDT [30683] LOG: background worker "logical replication launcher" (PID 30689) exited with exit code 1
2024-04-24 23:05:34.221 PDT [30684] LOG: shutting down
2024-04-24 23:05:34.240 PDT [30683] LOG: database system is shut downdone
server stopped
waiting for server to start....2024-04-24 23:05:34.361 PDT [50234] LOG: starting PostgreSQL 17devel on x86_64-pc-linux-gnu, compiled by gcc (GCC) 8.5.0 20210514 (Red Hat 8.5.0-21), 64-bit
2024-04-24 23:05:34.361 PDT [50234] LOG: listening on IPv6 address "::1", port 5432
2024-04-24 23:05:34.361 PDT [50234] LOG: listening on IPv4 address "127.0.0.1", port 5432
2024-04-24 23:05:34.363 PDT [50234] LOG: listening on Unix socket "/tmp/.s.PGSQL.5432"
2024-04-24 23:05:34.366 PDT [50237] LOG: database system was shut down at 2024-04-24 23:05:34 PDT
2024-04-24 23:05:34.370 PDT [50234] LOG: database system is ready to accept connectionsdone
server started
[postgres@localhost:~/test/bin]$ ./psql
psql (17devel)
Type "help" for help.postgres=# show allow_alter_system;allow_alter_system
--------------------on
(1 row)postgres=# show timezone;TimeZone
---------------------America/Los_Angeles
(1 row)postgres=# alter system set timezone = 'PRC';
ALTER SYSTEM
postgres=# alter system set allow_alter_system = off;
2024-04-24 23:06:26.063 PDT [50248] ERROR: parameter "allow_alter_system" cannot be changed
2024-04-24 23:06:26.063 PDT [50248] STATEMENT: alter system set allow_alter_system = off;
ERROR: parameter "allow_alter_system" cannot be changed
postgres=#
参数实现源码解析
guc定义,如下:
// src\backend\utils\misc\guc_tables.c{/** This setting itself cannot be set by ALTER SYSTEM to avoid an* operator turning this setting off by using ALTER SYSTEM, without a* way to turn it back on.* * 此设置本身无法通过 ALTER SYSTEM 设置,以避免操作员使用 ALTER SYSTEM 关闭此设置* 而无法将其重新打开*/{"allow_alter_system", PGC_SIGHUP, COMPAT_OPTIONS_OTHER,gettext_noop("Allows running the ALTER SYSTEM command."),gettext_noop("Can be set to off for environments where global configuration ""changes should be made using a different method."),GUC_DISALLOW_IN_AUTO_FILE},&AllowAlterSystem,true,NULL, NULL, NULL},
该参数真实使用的逻辑,如下:
// src\backend\utils\misc\guc.c/** Execute ALTER SYSTEM statement.** Read the old PG_AUTOCONF_FILENAME file, merge in the new variable value,* and write out an updated file. If the command is ALTER SYSTEM RESET ALL,* we can skip reading the old file and just write an empty file.* 读取旧的 PG_AUTOCONF_FILENAME 文件,合并新的变量值,并写出更新的文件* 如果命令是 ALTER SYSTEM RESET ALL,我们可以跳过读取旧文件,只写入一个空文件** An LWLock is used to serialize updates of the configuration file.* LWLock 用于序列化配置文件的更新** In case of an error, we leave the original automatic* configuration file (PG_AUTOCONF_FILENAME) intact.* 如果出现错误,我们会保留原始自动配置文件(PG_AUTOCONF_FILENAME)不变*/
void
AlterSystemSetConfigFile(AlterSystemStmt *altersysstmt)
{char *name;char *value;bool resetall = false;ConfigVariable *head = NULL;ConfigVariable *tail = NULL;volatile int Tmpfd;char AutoConfFileName[MAXPGPATH];char AutoConfTmpFileName[MAXPGPATH];/** Extract statement arguments*/name = altersysstmt->setstmt->name;if (!AllowAlterSystem)ereport(ERROR,(errcode(ERRCODE_FEATURE_NOT_SUPPORTED),errmsg("ALTER SYSTEM is not allowed in this environment")));switch (altersysstmt->setstmt->kind){case VAR_SET_VALUE:value = ExtractSetVariableArgs(altersysstmt->setstmt);break;case VAR_SET_DEFAULT:case VAR_RESET:value = NULL;break;case VAR_RESET_ALL:value = NULL;resetall = true;break;default:elog(ERROR, "unrecognized alter system stmt type: %d",altersysstmt->setstmt->kind);break;}/** Check permission to run ALTER SYSTEM on the target variable*/if (!superuser()){if (resetall)ereport(ERROR,(errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),errmsg("permission denied to perform ALTER SYSTEM RESET ALL")));else{AclResult aclresult;aclresult = pg_parameter_aclcheck(name, GetUserId(),ACL_ALTER_SYSTEM);if (aclresult != ACLCHECK_OK)ereport(ERROR,(errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),errmsg("permission denied to set parameter \"%s\"",name)));}}/** Unless it's RESET_ALL, validate the target variable and value*/if (!resetall){struct config_generic *record;/* We don't want to create a placeholder if there's not one already */record = find_option(name, false, true, DEBUG5);if (record != NULL){/** Don't allow parameters that can't be set in configuration files* to be set in PG_AUTOCONF_FILENAME file.*/if ((record->context == PGC_INTERNAL) ||(record->flags & GUC_DISALLOW_IN_FILE) ||(record->flags & GUC_DISALLOW_IN_AUTO_FILE))ereport(ERROR,(errcode(ERRCODE_CANT_CHANGE_RUNTIME_PARAM),errmsg("parameter \"%s\" cannot be changed",name)));/** If a value is specified, verify that it's sane.*/if (value){union config_var_val newval;void *newextra = NULL;if (!parse_and_validate_value(record, name, value,PGC_S_FILE, ERROR,&newval, &newextra))ereport(ERROR,(errcode(ERRCODE_INVALID_PARAMETER_VALUE),errmsg("invalid value for parameter \"%s\": \"%s\"",name, value)));if (record->vartype == PGC_STRING && newval.stringval != NULL)guc_free(newval.stringval);guc_free(newextra);}}else{/** Variable not known; check we'd be allowed to create it. (We* cannot validate the value, but that's fine. A non-core GUC in* the config file cannot cause postmaster start to fail, so we* don't have to be too tense about possibly installing a bad* value.)*/(void) assignable_custom_variable_name(name, false, ERROR);}/** We must also reject values containing newlines, because the grammar* for config files doesn't support embedded newlines in string* literals.*/if (value && strchr(value, '\n'))ereport(ERROR,(errcode(ERRCODE_INVALID_PARAMETER_VALUE),errmsg("parameter value for ALTER SYSTEM must not contain a newline")));}/** PG_AUTOCONF_FILENAME and its corresponding temporary file are always in* the data directory, so we can reference them by simple relative paths.*/snprintf(AutoConfFileName, sizeof(AutoConfFileName), "%s",PG_AUTOCONF_FILENAME);snprintf(AutoConfTmpFileName, sizeof(AutoConfTmpFileName), "%s.%s",AutoConfFileName,"tmp");/** Only one backend is allowed to operate on PG_AUTOCONF_FILENAME at a* time. Use AutoFileLock to ensure that. We must hold the lock while* reading the old file contents.*/LWLockAcquire(AutoFileLock, LW_EXCLUSIVE);/** If we're going to reset everything, then no need to open or parse the* old file. We'll just write out an empty list.*/if (!resetall){struct stat st;if (stat(AutoConfFileName, &st) == 0){/* open old file PG_AUTOCONF_FILENAME */FILE *infile;infile = AllocateFile(AutoConfFileName, "r");if (infile == NULL)ereport(ERROR,(errcode_for_file_access(),errmsg("could not open file \"%s\": %m",AutoConfFileName)));/* parse it */if (!ParseConfigFp(infile, AutoConfFileName, CONF_FILE_START_DEPTH,LOG, &head, &tail))ereport(ERROR,(errcode(ERRCODE_CONFIG_FILE_ERROR),errmsg("could not parse contents of file \"%s\"",AutoConfFileName)));FreeFile(infile);}/** Now, replace any existing entry with the new value, or add it if* not present.*/replace_auto_config_value(&head, &tail, name, value);}/** Invoke the post-alter hook for setting this GUC variable. GUCs* typically do not have corresponding entries in pg_parameter_acl, so we* call the hook using the name rather than a potentially-non-existent* OID. Nonetheless, we pass ParameterAclRelationId so that this call* context can be distinguished from others. (Note that "name" will be* NULL in the RESET ALL case.)** We do this here rather than at the end, because ALTER SYSTEM is not* transactional. If the hook aborts our transaction, it will be cleaner* to do so before we touch any files.*/InvokeObjectPostAlterHookArgStr(ParameterAclRelationId, name,ACL_ALTER_SYSTEM,altersysstmt->setstmt->kind,false);/** To ensure crash safety, first write the new file data to a temp file,* then atomically rename it into place.** If there is a temp file left over due to a previous crash, it's okay to* truncate and reuse it.*/Tmpfd = BasicOpenFile(AutoConfTmpFileName,O_CREAT | O_RDWR | O_TRUNC);if (Tmpfd < 0)ereport(ERROR,(errcode_for_file_access(),errmsg("could not open file \"%s\": %m",AutoConfTmpFileName)));/** Use a TRY block to clean up the file if we fail. Since we need a TRY* block anyway, OK to use BasicOpenFile rather than OpenTransientFile.*/PG_TRY();{/* Write and sync the new contents to the temporary file */write_auto_conf_file(Tmpfd, AutoConfTmpFileName, head);/* Close before renaming; may be required on some platforms */close(Tmpfd);Tmpfd = -1;/** As the rename is atomic operation, if any problem occurs after this* at worst it can lose the parameters set by last ALTER SYSTEM* command.*/durable_rename(AutoConfTmpFileName, AutoConfFileName, ERROR);}PG_CATCH();{/* Close file first, else unlink might fail on some platforms */if (Tmpfd >= 0)close(Tmpfd);/* Unlink, but ignore any error */(void) unlink(AutoConfTmpFileName);PG_RE_THROW();}PG_END_TRY();FreeConfigVariables(head);LWLockRelease(AutoFileLock);
}
这篇关于PostgreSQL的学习心得和知识总结(一百三十九)|深入理解PostgreSQL数据库GUC参数 allow_alter_system 的使用和原理的文章就介绍到这儿,希望我们推荐的文章对编程师们有所帮助!
