Обсуждение: Which parameters are only used on startup?
The following documentation comment has been logged on the website: Page: https://www.postgresql.org/docs/18/runtime-config-connection.html Description: Clarify that ssl_cert_file and ssl_key_file are only read on startup -- implying that the params can be changed and the files moved to the new location/name without requiring a restart. Of course a restart is good to validate that the params and files are configured correctly.
On Wed, Nov 26, 2025 at 09:34:18AM +0000, PG Doc comments form wrote: > The following documentation comment has been logged on the website: > > Page: https://www.postgresql.org/docs/18/runtime-config-connection.html > Description: > > Clarify that ssl_cert_file and ssl_key_file are only read on startup -- > implying that the params can be changed and the files moved to the new > location/name without requiring a restart. Of course a restart is good to > validate that the params and files are configured correctly. The docs say that you can only change this in postgresql.conf or on the command line. Changes to postgresql.conf requires pg_ctl reload or something similar. I am not aware of anyone else who thinks changing postgresql.conf and then reloading causes the session to use new ssl keys/files, and explaining that in the docs might be more confusing than helpful. -- Bruce Momjian <bruce@momjian.us> https://momjian.us EDB https://enterprisedb.com Do not let urgent matters crowd out time for investment in the future.
Bruce Momjian <bruce@momjian.us> writes:
> On Wed, Nov 26, 2025 at 09:34:18AM +0000, PG Doc comments form wrote:
>> Clarify that ssl_cert_file and ssl_key_file are only read on startup --
>> implying that the params can be changed and the files moved to the new
>> location/name without requiring a restart. Of course a restart is good to
>> validate that the params and files are configured correctly.
> The docs say that you can only change this in postgresql.conf or on the
> command line. Changes to postgresql.conf requires pg_ctl reload or
> something similar.
The actual problem with this change request is that it's wrong.
We've supported changing ssl_cert_file --- either the GUC value
or the file contents --- via "pg_ctl reload" or equivalent for
years now (cf. commits de41869b6, 6667d9a6d). So I don't see
anything wrong with the docs text as it stands.
regards, tom lane
On Mon, Dec 22, 2025 at 07:29:10PM -0500, Tom Lane wrote: > Bruce Momjian <bruce@momjian.us> writes: > > On Wed, Nov 26, 2025 at 09:34:18AM +0000, PG Doc comments form wrote: > >> Clarify that ssl_cert_file and ssl_key_file are only read on startup -- > >> implying that the params can be changed and the files moved to the new > >> location/name without requiring a restart. Of course a restart is good to > >> validate that the params and files are configured correctly. > > > The docs say that you can only change this in postgresql.conf or on the > > command line. Changes to postgresql.conf requires pg_ctl reload or > > something similar. > > The actual problem with this change request is that it's wrong. > We've supported changing ssl_cert_file --- either the GUC value > or the file contents --- via "pg_ctl reload" or equivalent for > years now (cf. commits de41869b6, 6667d9a6d). So I don't see > anything wrong with the docs text as it stands. I had trouble parsing his text too but I think the original poster's point was that changing these values don't affect a connected session. When the original poster says restart, I think he/she means restart the session, not the postmaster, but I am not 100% clear on that either. -- Bruce Momjian <bruce@momjian.us> https://momjian.us EDB https://enterprisedb.com Do not let urgent matters crowd out time for investment in the future.