10.0

Author: digoal

201703/20170312_01.md

@@ -0,0 +1,58 @@
+## PostgreSQL 10.0 主动防御 - 可配置是否允许执行不带where条件的update\delete   
+                
+### 作者                                                             
+digoal           
+                  
+### 日期             
+2017-03-12            
+              
+### 标签           
+PostgreSQL , 10.0 , 主动防御 , 是否允许执行不带where条件的update\delete  
+                
+----          
+                   
+## 背景          
+你是否曾经被不带where 条件的SQL误伤过呢？  
+  
+比如  
+  
+update tbl set amount=amount-100 where id=?;  
+  
+缺少where条件，就变成了  
+  
+update tbl set amount=amount-100;  
+  
+正常情况下，这样的SQL不应该在业务逻辑中出现。通常出现在SQL注入，又或者误操作中。  
+  
+如果你真的不小心执行了，那么全表的数据都会被删除或者更新，最快的恢复手段是flash back query，PostgreSQL中，可以使用xlog，生成UNDO，比如将xlog_level设置为logical，同时表的match必须设置为记录FULL OLD VALUE。  
+  
+那么就有方法从xlog中生成UNDO，flash back该表。  
+  
+flashback query属于被动防御的话，数据库有没有主动防御措施呢？  
+  
+## 主动防御  
+PostgreSQL提供了一个机制，允许你设置参数  
+  
++bool allow_empty_deletes = true;  
++bool allow_empty_updates = true;  
+  
+从而允许是否能执行不带where 条件的update或delete.  
+  
+这个参数可以设置为全局、会话级、用户级、库级、或者事务级别。  
+  
+设置后，你就能控制是否允许执行不带条件的update,delete了。  
+  
+## 扩展  
+其实不带where条件的update, delete还不够全面。比如where 1=1或者where true，都需要防范。  
+  
+还有我们甚至可以设置百分比（比如百分之多少的记录被UPDATE,DELETE时，或者超过多少记录被DML后，回退整个事务）  
+  
+通过PostgreSQL提供的钩子可以完成以上功能。  
+  
+## 参考  
+https://commitfest.postgresql.org/12/948/  
+  
+https://www.postgresql.org/message-id/flat/[email protected]#[email protected]  
+  
+https://www.postgresql.org/message-id/attachment/45216/training_wheels_001.patch  
+

201703/20170312_02.md

@@ -0,0 +1,152 @@
+## PostgreSQL 10.0 新增数十个IO等待事件监控  
+                  
+### 作者                                                               
+digoal             
+                    
+### 日期               
+2017-03-12              
+                
+### 标签             
+PostgreSQL , 10.0 , 等待事件 , IO   
+                  
+----            
+                     
+## 背景      
+PostgreSQL 10.0新增了数十个IO等待事件，描述系统调用的等待。  
+  
+```  
+Hi All,  
+  
+Attached is the patch, which extend the existing wait event infrastructure  
+to  
+implement the wait events for the disk I/O. Basically pg_stat_activity's  
+wait  
+event information to show data about disk I/O as well as IPC primitives.  
+  
+Implementation details:  
+  
+- Added PG_WAIT_IO to pgstat.h and a new enum WaitEventIO  
+- Added a wait_event_info argument to FileRead, FileWrite, FilePrefetch,  
+FileWriteback, FileSync, and FileTruncate. Set this wait event just before  
+performing the file system operation and clear it just after.  
+- Pass down an appropriate wait event from  caller of any of those  
+functions.  
+- Also set and clear a wait event around standalone calls to read(),  
+write(), fsync() in other parts of the system.  
+- Added documentation for all newly added wait event.  
+  
+Open issue:  
+- Might missed few standalone calls to read(), write(), etc which need  
+to pass the wait_event_info.  
+  
+Thanks to my colleague Robert Haas for his help in design.  
+  
+Please let me know your thought, and thanks for reading.  
+  
+Thanks,  
+Rushabh Lathia  
+www.EnterpriseDB.com  
+```  
+  
+IO等待事件如下  
+  
+```  
+ /* ----------  
++ * Wait Events - IO  
++ *  
++ * Use this category when a process is waiting for a IO.  
++ * ----------  
++ */  
++typedef enum  
++{  
++	WAIT_EVENT_READ_DATA_BLOCK,  
++	WAIT_EVENT_WRITE_DATA_BLOCK,  
++	WAIT_EVENT_SYNC_DATA_BLOCK,  
++	WAIT_EVENT_EXTEND_DATA_BLOCK,  
++	WAIT_EVENT_FLUSH_DATA_BLOCK,  
++	WAIT_EVENT_PREFETCH_DATA_BLOCK,  
++	WAIT_EVENT_WRITE_REWRITE_DATA_BLOCK,  
++	WAIT_EVENT_SYNC_REWRITE_DATA_BLOCK,  
++	WAIT_EVENT_TRUNCATE_RELATION_DATA_BLOCKS,  
++	WAIT_EVENT_SYNC_RELATION,  
++	WAIT_EVENT_SYNC_IMMED_RELATION,  
++	WAIT_EVENT_READ_BUFFILE,  
++	WAIT_EVENT_WRITE_BUFFILE,  
++	/* Wait event for XLOG */  
++	WAIT_EVENT_READ_XLOG,  
++	WAIT_EVENT_READ_COPY_XLOG,  
++	WAIT_EVENT_WRITE_XLOG,  
++	WAIT_EVENT_WRITE_INIT_XLOG_FILE,  
++	WAIT_EVENT_WRITE_COPY_XLOG_FILE,  
++	WAIT_EVENT_WRITE_BOOTSTRAP_XLOG,  
++	WAIT_EVENT_SYNC_INIT_XLOG_FILE,  
++	WAIT_EVENT_SYNC_COPY_XLOG_FILE,  
++	WAIT_EVENT_SYNC_BOOTSTRAP_XLOG,  
++	WAIT_EVENT_SYNC_ASSIGN_XLOG_SYNC_METHOD,  
++	/* Wait event for CONTROL_FILE */  
++	WAIT_EVENT_WRITE_CONTROL_FILE,  
++	WAIT_EVENT_WRITE_UPDATE_CONTROL_FILE,  
++	WAIT_EVENT_SYNC_WRITE_CONTROL_FILE,  
++	WAIT_EVENT_SYNC_UPDATE_CONTROL_FILE,  
++	WAIT_EVENT_READ_CONTROL_FILE,  
++	/* Wait event for REORDER BUFFER */  
++	WAIT_EVENT_READ_REORDER_BUFFER,  
++	WAIT_EVENT_WRITE_REORDER_BUFFER,  
++	/* Wait event for LOGICAL MAPPING */  
++	WAIT_EVENT_READ_APPLY_LOGICAL_MAPPING,  
++	WAIT_EVENT_WRITE_LOGICAL_MAPPING_REWRITE,  
++	WAIT_EVENT_SYNC_LOGICAL_MAPPING_REWRITE,  
++	WAIT_EVENT_SYNC_LOGICAL_MAPPING_REWRITE_HEAP,  
++	WAIT_EVENT_TRUNCATE_LOGICAL_MAPPING_REWRITE,  
++	/* Wait event for SNAPBUILD */  
++	WAIT_EVENT_WRITE_SNAPBUILD_SERIALIZE,  
++	WAIT_EVENT_READ_SNAPBUILD_RESTORE,  
++	WAIT_EVENT_SYNC_SNAPBUILD_SERIALIZE,  
++	/* Wait event for SNRU */  
++	WAIT_EVENT_READ_SLRU_PAGE,  
++	WAIT_EVENT_WRITE_SLRU_PAGE,  
++	WAIT_EVENT_SYNC_SLRU_FLUSH,  
++	WAIT_EVENT_SYNC_SLRU_WRITE_PAGE,  
++	/* Wait event for TIMELINE HISTORY */  
++	WAIT_EVENT_READ_TIMELINE_HISTORY_WALSENDER,  
++	WAIT_EVENT_READ_TIMELINE_HISTORY_WRITE,  
++	WAIT_EVENT_WRITE_TIMELINE_HISTORY,  
++	WAIT_EVENT_WRITE_TIMELINE_HISTORY_FILE,  
++	WAIT_EVENT_SYNC_TIMELINE_HISTORY_WRITE,  
++	WAIT_EVENT_SYNC_TIMELINE_HISTORY_FILE,  
++	/* Wait event for TWOPHASE FILE */  
++	WAIT_EVENT_READ_TWOPHASE_FILE,  
++	WAIT_EVENT_WRITE_RECREATE_TWOPHASE_FILE,  
++	WAIT_EVENT_SYNC_RECREATE_TWOPHASE_FILE,  
++	/* Wait event for SYSLOGGER */  
++	WAIT_EVENT_READ_SYSLOGGER_FILE,  
++	WAIT_EVENT_WRITE_SYSLOGGER_FILE,  
++	/* Wait event for REPLSLOT */  
++	WAIT_EVENT_READ_RESTORE_REPLSLOT,  
++	WAIT_EVENT_WRITE_REPLSLOT,  
++	WAIT_EVENT_SYNC_RESTORE_REPLSLOT,  
++	WAIT_EVENT_SYNC_SAVE_REPLSLOT,  
++	/* Wait event for copydir */  
++	WAIT_EVENT_READ_COPY_FILE,  
++	WAIT_EVENT_WRITE_COPY_FILE,  
++	/* Wait event RELMAP FILE */  
++	WAIT_EVENT_READ_LOAD_RELMAP_FILE,  
++	WAIT_EVENT_WRITE_RELMAP_FILE,  
++	WAIT_EVENT_SYNC_WRITE_RELMAP_FILE,  
++	/* Wait event for LOCK FILE */  
++	WAIT_EVENT_READ_CREATE_LOCK_FILE,  
++	WAIT_EVENT_READ_ADDTODATEDIR_LOCK_FILE,  
++	WAIT_EVENT_READ_RECHECKDATADIR_LOCK_FILE,  
++	WAIT_EVENT_WRITE_CREATE_LOCK_FILE,  
++	WAIT_EVENT_WRITE_ADDTODATEDIR_LOCK_FILE,  
++	WAIT_EVENT_SYNC_ADDTODATEDIR_LOCK_FILE,  
++	WAIT_EVENT_SYNC_CREATE_LOCK_FILE  
++} WaitEventIO;  
+```  
+  
+对于判断系统瓶颈，又多了一个有力信息。   
+  
+## 参考  
+https://commitfest.postgresql.org/13/975/  
+  
+https://www.postgresql.org/message-id/flat/CAGPqQf0LsYHXREPAZqYGVkDqHSyjf=KsD=k0GTVPAuzyThh-VQ@mail.gmail.com#CAGPqQf0LsYHXREPAZqYGVkDqHSyjf=KsD=k0GTVPAuzyThh-VQ@mail.gmail.com  

201703/20170312_03.md

@@ -0,0 +1,69 @@
+## PostgreSQL 10.0 内置角色 - 监控、管理用户会话  
+                    
+### 作者                                                                 
+digoal               
+                      
+### 日期                 
+2017-03-12                
+                  
+### 标签               
+PostgreSQL , 10.0 , 内置角色 , 监控角色 , 管理用户会话角色 , pg_backend_pid , pg_monitor    
+                    
+----              
+                       
+## 背景        
+PostgreSQL 10.0 开始植入了一些内置的角色，例如pg_backend_pid角色可用于cancel, terminate任何PID，除此之外没有其他超级用户的权限，这种用户可以给DBA或者给一些业务OWNER使用，便于它们在紧急情况下行使权力，杀掉一些会话。  
+  
+同时为了便于DBA或者业务OWNER查看到数据库的健康状况，PostgreSQL也增加了一个监控角色pg_monitor，拥有监控角色的权限后，可以查看一些统计信息。  
+  
+同时添加了一个角色pg_read_all_gucs，这个角色可以查看所有的GUC配置。  
+  
+```  
+Per the discussion at  
+https://www.postgresql.org/message-id/CA%2BOCxoyYxO%2BJmzv2Micj4uAaQdAi6nq0w25BPQgLLxsrvTmREw%40mail.gmail.com,  
+attached is a patch that implements the following:  
+  
+- Adds a default role called pg_monitor  
+- Gives members of the pg_monitor role full access to:  
+    pg_ls_logdir() and pg_ls_waldir()  
+    pg_stat_* views and functions  
+    pg_tablespace_size() and pg_database_size()  
+    Contrib modules:  
+        pg_buffercache,  
+        pg_freespacemap,  
+        pgrowlocks,  
+        pg_stat_statements,  
+        pgstattuple and  
+        pg_visibility (but NOT pg_truncate_visibility_map() )  
+- Adds a default role called pg_read_all_gucs  
+- Allows members of pg_read_all_gucs to, well, read all GUCs  
+- Grants pg_read_all_gucs to pg_monitor  
+  
+Note that updates to contrib modules followed the strategy recently  
+used in changes to pgstattuple following discussion here, in which the  
+installation SQL script is left at the prior version, and an update  
+script is added and default version number bumped to match that of the  
+upgrade script.  
+  
+Patch includes doc updates, and is dependent on my pg_ls_logdir() and  
+pg_ls_waldir() patch  
+(https://www.postgresql.org/message-id/CA+OCxow-X=D2fWdKy+HP+vQ1LtrgbsYQ=CshzZBqyFT5jOYrFw@mail.gmail.com).  
+  
+--   
+Dave Page  
+Blog: http://pgsnake.blogspot.com  
+Twitter: @pgsnake  
+  
+EnterpriseDB UK: http://www.enterprisedb.com  
+The Enterprise PostgreSQL Company  
+```  
+  
+未来PostgreSQL还会对植入更多的内置角色，让数据库的权限分组管理更加便捷。逐步形成像Oracle这样内部有许多角色可选的状况。  
+  
+## 参考  
+https://www.postgresql.org/message-id/attachment/49958/pg_monitor.diff  
+  
+https://www.postgresql.org/message-id/flat/CA+OCxoyRdsc1xyLfF9s698gUGyPXBs4CvJ+0Gwo8U65NmYJ7pw@mail.gmail.com#CA+OCxoyRdsc1xyLfF9s698gUGyPXBs4CvJ+0Gwo8U65NmYJ7pw@mail.gmail.com  
+  
+https://commitfest.postgresql.org/13/1031/  
+

201703/20170312_04.md

@@ -0,0 +1,75 @@
+## PostgreSQL 10.0 QUERY进度显示  
+                      
+### 作者                                                                   
+digoal                 
+                        
+### 日期                   
+2017-03-12                  
+                    
+### 标签                 
+PostgreSQL , 10.0 , query进度  
+                      
+----                
+                         
+## 背景          
+query进度的显示，有一个插件pg_query_state支持。  
+  
+PostgreSQL 10.0将在内核层面增加一个这样的支持。  
+  
+首先会在analye命令上尝试，但是它会设计为通用的视图，支持其他命令，诸如CREATE INDEX, VAUUM, CLUSTER等。  
+  
+```  
+Hello Hackers,  
+  
+Following is a proposal for reporting the progress of ANALYZE command:  
+  
+It seems that the following could be the phases of ANALYZE processing:  
+1. Collecting sample rows  
+2. Collecting inherited sample rows  
+3. Computing heap stats  
+4. Computing index stats  
+5. Cleaning up indexes  
+  
+The first phase is easy if there is no inheritance but in case of   
+inheritance we need to sample the blocks from multiple heaps.  
+Here the progress is counted against total number of blocks processed.  
+  
+The view provides the information of analyze command progress details as   
+follows  
+postgres=# \d pg_stat_progress_analyze  
+           View "pg_catalog.pg_stat_progress_analyze"  
+       Column       |  Type   | Collation | Nullable | Default  
+-------------------+---------+-----------+----------+---------  
+  pid               | integer |           |          |  
+  datid             | oid     |           |          |  
+  datname           | name    |           |          |  
+  relid             | oid     |           |          |  
+  phase             | text    |           |          |  
+  heap_blks_total   | bigint  |           |          |  
+  heap_blks_scanned | bigint  |           |          |  
+  total_sample_rows | bigint  |           |          |  
+  
+I feel this view information may be useful in checking the progress of   
+long running ANALYZE command.  
+  
+  
+The attached patch reports the different phases of analyze command.  
+Added this patch to CF 2017-03.  
+  
+Opinions?  
+  
+Note: Collecting inherited sample rows phase is not reported yet in the   
+patch.  
+  
+Regards,  
+Vinayak Pokale  
+NTT Open Source Software Center  
+```  
+    
+## 参考    
+[《官人要杯咖啡吗? - PostgreSQL实时监测PLAN tree的执行进度 - pg_query_state》](../201612/20161208_01.md)  
+  
+https://commitfest.postgresql.org/13/1053/  
+  
+https://www.postgresql.org/message-id/flat/[email protected]#[email protected]  
+