Re: Unsafe GUCs and ALTER SYSTEM WAS: Re: ALTER SYSTEM SET
| От | Josh Berkus |
|---|---|
| Тема | Re: Unsafe GUCs and ALTER SYSTEM WAS: Re: ALTER SYSTEM SET |
| Дата | |
| Msg-id | 51FFF0A5.4030005@agliodbs.com обсуждение исходный текст |
| Ответ на | Re: Re: ALTER SYSTEM SET command to change postgresql.conf parameters (RE: Proposal for Allow postgresql.conf values to be changed via SQL [review]) (Dimitri Fontaine <dimitri@2ndQuadrant.fr>) |
| Ответы |
Re: Unsafe GUCs and ALTER SYSTEM WAS: Re: ALTER SYSTEM
SET
|
| Список | pgsql-hackers |
On 08/05/2013 11:28 AM, Stephen Frost wrote: > * Josh Berkus (josh@agliodbs.com) wrote: >> Nope. ALTER SYSTEM, from my POV, is mainly for folks who *don't* use >> Puppet/Chef/whatever. > > Ok, that's fine, but let's try to avoid making life difficult for those > who *do* use puppet/chef/whatever. This capability runs a very high > risk of that by allowing a DBA who *isn't* a sysadmin to go modifying > things that depend on external-to-PG factors. See thread "Disabling ALTER SYSTEM SET". In short, I agree with you. > >> Here's where I see ALTER SYSTEM being useful: >> >> * invididually managed servers with out centralized management (i.e. one >> DBA, one server). >> * developer machines (i.e. laptops and vms) > > The above strikes me as being already dealt with through pgAdmin and the > 'admin pack', if the user wants a GUI to use for modifying these > parameters (which seems like what they'd primairly get out of ALTER > SYSTEM SET- pgAdmin, or whatever $gui wouldn't have to depend on the > admin pack). Except that forcing developers to install the admin pack and pgadmin to get this functionality is a high barrier to entry exactly where we don't want one. > >> * automated testing of tweaking performance parameters > > This sounds like you'd need tooling around it to make it work anyway, > which could probably handle modifying a text file, but even if not, > these paremeters may be on the 'safe' list. Well, frankly, it's the main reason why *I* want ALTER SYSTEM SET. It makes my job writing automated testing scripts easier. Certainly it was possible before, but there's value in "easier". And that's the reason I don't want you to take away the ability to modify shared_buffers et. al. ;-) On 08/05/2013 11:30 AM, Stefan Kaltenbrunner wrote:> Nevertheless my main point is that people _WILL_ use this as a simple > convinience tool not fully understanding all the complex implications, > and in a few years from now running people with superuser by default > (because people will create "cool little tools say to change stuff from > my tray or using $IOS app" that have a little small comment "make sure > to create the user "WITH SUPERUSER" and people will follow like lemmings. Most of our users not on Heroku are running with superuser as the app user now. Like, 95% of them based on my personal experience (because our object permissions management sucks). In that this feature will further discourage people from having a separate application user, there's some argument. However, it's really an argument for not having ALTER SYSTEM SET *at all* rather than restricting it to "safe" GUCs, no? -- Josh Berkus PostgreSQL Experts Inc. http://pgexperts.com
В списке pgsql-hackers по дате отправления: