From: | Andres Freund <andres(at)anarazel(dot)de> |
---|---|
To: | Stephen Frost <sfrost(at)snowman(dot)net> |
Cc: | Michael Paquier <michael(at)paquier(dot)xyz>, Andrew Dunstan <andrew(dot)dunstan(at)2ndquadrant(dot)com>, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Michael Banck <michael(dot)banck(at)credativ(dot)de>, Postgres hackers <pgsql-hackers(at)postgresql(dot)org>, Daniel Gustafsson <daniel(at)yesql(dot)se>, Magnus Hagander <magnus(at)hagander(dot)net> |
Subject: | Re: pgsql: Add TAP tests for pg_verify_checksums |
Date: | 2018-10-19 20:57:24 |
Message-ID: | 20181019205724.ewnuhvrsanacihzq@alap3.anarazel.de |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-committers pgsql-hackers |
Hi,
On 2018-10-19 16:35:46 -0400, Stephen Frost wrote:
> The only justification for *not* doing this is that some extension
> author might have dumped files into our tablespace directory, something
> we've never claimed to support nor generally worried about in all the
> time that I can recall before this.
No, it's really not the only reason. As I said, testing is much less
likely to find cases where we're checksumming a short-lived file even
though we shouldn't, than making sure that checksummed files are
actually checksummed.
> > > Playing this further and assuming that extensions dropping files into
> > > tablespace directories is acceptable, what are we supposed to do when
> > > there's some direct conflict between a file that we want to create in a
> > > PG tablespace directory and a file that some extension dropped there?
> > > Create yet another subdirectory which we call
> > > "THIS_IS_REALLY_ONLY_FOR_PG"?
> >
> > Then it's a buggy extension. And we error out.
>
> Extensions writing into directories they shouldn't be makes them buggy
> even if the core code isn't likely to write to a particular filename,
> imv.
I'll just stop talking to you about this for now.
> > > What about two different extensions wanting to create files with the
> > > same names in the tablespace directories..?
> > >
> > > Experimentation is fine, of course, this is open source code and people
> > > should feel free to play with it, but we are not obligated to avoid
> > > breaking things when an extension author, through their experimentation,
> > > does something which is clearly not supported, like dropping files into
> > > PG's tablespace directories. Further, when it comes to our user's data,
> > > we should be taking a strict approach and accounting for everything,
> > > something that this whitelist-of-patterns-based approach to finding
> > > files to verify the checksums on doesn't do.
> >
> > It's not economically feasible to work on extensions that will only be
> > usable a year down the road.
>
> I listed out multiple other solutions to this problem which you
> summarily ignored.
Except that none of them really achieves the goals you can achieve by
having the files in the database (like DROP DATABASE working, for
starters).
> It's unfortunate that those other solutions weren't used and that,
> instead, this extension decided to drop files into PG's tablespace
> directories, but that doesn't mean we should condone or implicitly
> support that action.
This just seems pointlessly rigid. Our extension related APIs aren't
generally very good or well documented. Most non-trivial extensions that
add interesting things to the postgres ecosystem are going to need a few
not so pretty things to get going.
> I stand by my position that this patch should be reverted (with no
> offense or ill-will towards Michael, of course, I certainly appreciate
> his efforts to address the issues with pg_verify_checksums) and that we
> should move more of this code to identify files to verify the checksums
> on into libpgcommon and then use it from both pg_basebackup and
> pg_verify_checksums, to the extent possible, but that we make sure to
> account for all of the files in our tablespace and database directories.
What does that do, except break things that currently work? Sure, work
on a patch that fixes the architectural concerns, but what's the point
in reverting it until that's done?
> To the extent that this is an issue for extension authors, perhaps it
> would encourage them to work with us to have supported mechanisms
> instead of using hacks like dropping files into our tablespace
> directories and such instead of using another approach to manage files
> across multiple filesystems. I'd be kind of surprised if they really
> had an issue doing that and hopefully everyone would feel better about
> what these extensions are doing once they start using a mechanism that
> we actually support.
Haribabu has a patch, but it's on-top of pluggable storage, so not
exactly a small prerequisite.
Greetings,
Andres Freund
From | Date | Subject | |
---|---|---|---|
Next Message | Tom Lane | 2018-10-19 21:02:40 | pgsql: Update time zone data files to tzdata release 2018f. |
Previous Message | Stephen Frost | 2018-10-19 20:35:46 | Re: pgsql: Add TAP tests for pg_verify_checksums |
From | Date | Subject | |
---|---|---|---|
Next Message | Stephen Frost | 2018-10-19 21:32:58 | Re: pgsql: Add TAP tests for pg_verify_checksums |
Previous Message | Stephen Frost | 2018-10-19 20:35:46 | Re: pgsql: Add TAP tests for pg_verify_checksums |