Index: doc/src/sgml/backup.sgml
===================================================================
RCS file: /cvsroot/pgsql/doc/src/sgml/backup.sgml,v
retrieving revision 2.139
diff -c -c -r2.139 backup.sgml
*** doc/src/sgml/backup.sgml 26 Jan 2010 06:45:31 -0000 2.139
--- doc/src/sgml/backup.sgml 3 Feb 2010 17:17:16 -0000
***************
*** 20,27 ****
File system level backupContinuous archiving
! Each has its own strengths and weaknesses.
! Each is discussed in turn below.
--- 20,26 ----
File system level backupContinuous archiving
! Each has its own strengths and weaknesses; each is discussed in turn below.
***************
*** 37,50 ****
pg_dump dbname > outfile
! As you see, pg_dump writes its results to the
standard output. We will see below how this can be useful.
pg_dump is a regular PostgreSQL
client application (albeit a particularly clever one). This means
! that you can do this backup procedure from any remote host that has
access to the database. But remember that pg_dump
does not operate with special permissions. In particular, it must
have read access to all tables that you want to back up, so in
--- 36,49 ----
pg_dump dbname > outfile
! As you see, pg_dump writes its result to the
standard output. We will see below how this can be useful.
pg_dump is a regular PostgreSQL
client application (albeit a particularly clever one). This means
! that you can perform this backup procedure from any remote host that has
access to the database. But remember that pg_dump
does not operate with special permissions. In particular, it must
have read access to all tables that you want to back up, so in
***************
*** 76,83 ****
Dumps created by pg_dump are internally consistent,
! that is, the dump represents a snapshot of the database as of the time
! pg_dump begins running. pg_dump does not
block other operations on the database while it is working.
(Exceptions are those operations that need to operate with an
exclusive lock, such as most forms of ALTER TABLE.)
--- 75,82 ----
Dumps created by pg_dump are internally consistent,
! meaning, the dump represents a snapshot of the database at the time
! pg_dump began running. pg_dump does not
block other operations on the database while it is working.
(Exceptions are those operations that need to operate with an
exclusive lock, such as most forms of ALTER TABLE.)
***************
*** 85,93 ****
! If your database schema relies on OIDs (for instance as foreign
keys) you must instruct pg_dump to dump the OIDs
! as well. To do this, use the command line
option.
--- 84,92 ----
! If your database schema relies on OIDs (for instance, as foreign
keys) you must instruct pg_dump to dump the OIDs
! as well. To do this, use the command-line
option.
***************
*** 102,144 ****
psql dbname < infile
! where infile is what
! you used as outfile
! for the pg_dump command. The database dbname will not be created by this
command, so you must create it yourself from template0
before executing psql (e.g., with
createdb -T template0 dbname). psql
! supports options similar to pg_dump's for specifying
the database server to connect to and the user name to use. See
the reference page for more information.
! Before restoring a SQL dump, all the users who own objects or were
granted permissions on objects in the dumped database must already
! exist. If they do not, then the restore will fail to recreate the
objects with the original ownership and/or permissions.
(Sometimes this is what you want, but usually it is not.)
By default, the psql script will continue to
! execute after an SQL error is encountered. You might wish to use the
! following command at the top of the script to alter that
behaviour and have psql exit with an
exit status of 3 if an SQL error occurs:
! \set ON_ERROR_STOP
! Either way, you will have an only partially restored database.
Alternatively, you can specify that the whole dump should be
restored as a single transaction, so the restore is either fully
completed or fully rolled back. This mode can be specified by
passing the
! Before restoring an SQL dump, all the users who own objects or were
granted permissions on objects in the dumped database must already
! exist. If they do not, the restore will fail to recreate the
objects with the original ownership and/or permissions.
(Sometimes this is what you want, but usually it is not.)
By default, the psql script will continue to
! execute after an SQL error is encountered. You might wish to run
! psql with
! the ON_ERROR_STOP variable set to alter that
behaviour and have psql exit with an
exit status of 3 if an SQL error occurs:
! psql --set ON_ERROR_STOP=on dbname < infile
! Either way, you will only have a partially restored database.
Alternatively, you can specify that the whole dump should be
restored as a single transaction, so the restore is either fully
completed or fully rolled back. This mode can be specified by
passing the
--- 196,206 ----
psql -f infile postgres
(Actually, you can specify any existing database name to start from,
! but if you are loading into an empty cluster then postgres
should usually be used.) It is always necessary to have
database superuser access when restoring a pg_dumpall
dump, as that is required to restore the role and tablespace information.
! If you use tablespaces, make sure that the tablespace paths in the
dump are appropriate for the new installation.
***************
*** 218,230 ****
Handling large databases
! Since PostgreSQL allows tables larger
! than the maximum file size on your system, it can be problematic
! to dump such a table to a file, since the resulting file will likely
! be larger than the maximum size allowed by your system. Since
! pg_dump can write to the standard output, you can
! use standard Unix tools to work around this possible problem.
! There are several ways to do it:
--- 217,227 ----
Handling large databases
! Some operating systems have maximum file size limits that cause
! problems when creating large pg_dump output files.
! Fortunately, pg_dump can write to the standard
! output, so you can use standard Unix tools to work around this
! potential problem. There are several possible methods:
***************
*** 255,261 ****
Use <command>split</>.
The split command
! allows you to split the output into pieces that are
acceptable in size to the underlying file system. For example, to
make chunks of 1 megabyte:
--- 252,258 ----
Use <command>split</>.
The split command
! allows you to split the output into smaller files that are
acceptable in size to the underlying file system. For example, to
make chunks of 1 megabyte:
***************
*** 310,320 ****
An alternative backup strategy is to directly copy the files that
! PostgreSQL uses to store the data in the database. In
! it is explained where these files
! are located, but you have probably found them already if you are
! interested in this method. You can use whatever method you prefer
! for doing usual file system backups, for example:
tar -cf backup.tar /usr/local/pgsql/data
--- 307,316 ----
An alternative backup strategy is to directly copy the files that
! PostgreSQL uses to store the data in the database;
! explains where these files
! are located. You can use whatever method you prefer
! for doing file system backups; for example:
tar -cf backup.tar /usr/local/pgsql/data
***************
*** 336,342 ****
an atomic snapshot of the state of the file system,
but also because of internal buffering within the server).
Information about stopping the server can be found in
! . Needless to say that you
also need to shut down the server before restoring the data.
--- 332,338 ----
an atomic snapshot of the state of the file system,
but also because of internal buffering within the server).
Information about stopping the server can be found in
! . Needless to say, you
also need to shut down the server before restoring the data.
***************
*** 347,354 ****
database, you might be tempted to try to back up or restore only certain
individual tables or databases from their respective files or
directories. This will not work because the
! information contained in these files contains only half the
! truth. The other half is in the commit log files
pg_clog/*, which contain the commit status of
all transactions. A table file is only usable with this
information. Of course it is also impossible to restore only a
--- 343,350 ----
database, you might be tempted to try to back up or restore only certain
individual tables or databases from their respective files or
directories. This will not work because the
! information contained in these files is not usable without
! the commit log files,
pg_clog/*, which contain the commit status of
all transactions. A table file is only usable with this
information. Of course it is also impossible to restore only a
***************
*** 371,381 ****
above) from the snapshot to a backup device, then release the frozen
snapshot. This will work even while the database server is running.
However, a backup created in this way saves
! the database files in a state where the database server was not
properly shut down; therefore, when you start the database server
! on the backed-up data, it will think the previous server instance had
! crashed and replay the WAL log. This is not a problem, just be aware of
! it (and be sure to include the WAL files in your backup).
--- 367,377 ----
above) from the snapshot to a backup device, then release the frozen
snapshot. This will work even while the database server is running.
However, a backup created in this way saves
! the database files in a state as if the database server was not
properly shut down; therefore, when you start the database server
! on the backed-up data, it will think the previous server instance
! crashed and will replay the WAL log. This is not a problem; just
! be aware of it (and be sure to include the WAL files in your backup).
***************
*** 386,392 ****
not be possible to use snapshot backup because the snapshots
must be simultaneous.
Read your file system documentation very carefully before trusting
! to the consistent-snapshot technique in such situations.
--- 382,388 ----
not be possible to use snapshot backup because the snapshots
must be simultaneous.
Read your file system documentation very carefully before trusting
! the consistent-snapshot technique in such situations.
***************
*** 411,419 ****
! Note that a file system backup will not necessarily be
! smaller than an SQL dump. On the contrary, it will most likely be
! larger. (pg_dump does not need to dump
the contents of indexes for example, just the commands to recreate
them.) However, taking a file system backup might be faster.
--- 407,414 ----
! Note that a file system backup will typically be larger
! than an SQL dump. (pg_dump does not need to dump
the contents of indexes for example, just the commands to recreate
them.) However, taking a file system backup might be faster.
***************
*** 437,467 ****
At all times, PostgreSQL maintains a
write ahead log (WAL) in the pg_xlog/
! subdirectory of the cluster's data directory. The log describes
every change made to the database's data files. This log exists
primarily for crash-safety purposes: if the system crashes, the
database can be restored to consistency by replaying the
log entries made since the last checkpoint. However, the existence
of the log makes it possible to use a third strategy for backing up
databases: we can combine a file-system-level backup with backup of
! the WAL files. If recovery is needed, we restore the backup and
! then replay from the backed-up WAL files to bring the backup up to
! current time. This approach is more complex to administer than
either of the previous approaches, but it has some significant
benefits:
! We do not need a perfectly consistent backup as the starting point.
Any internal inconsistency in the backup will be corrected by log
replay (this is not significantly different from what happens during
! crash recovery). So we don't need file system snapshot capability,
just tar or a similar archiving tool.
! Since we can string together an indefinitely long sequence of WAL files
for replay, continuous backup can be achieved simply by continuing to archive
the WAL files. This is particularly valuable for large databases, where
it might not be convenient to take a full backup frequently.
--- 432,462 ----
At all times, PostgreSQL maintains a
write ahead log (WAL) in the pg_xlog/
! subdirectory of the cluster's data directory. The log records
every change made to the database's data files. This log exists
primarily for crash-safety purposes: if the system crashes, the
database can be restored to consistency by replaying the
log entries made since the last checkpoint. However, the existence
of the log makes it possible to use a third strategy for backing up
databases: we can combine a file-system-level backup with backup of
! the WAL files. If recovery is needed, we restore the file system backup and
! then replay from the backed-up WAL files to bring the system to a
! current state. This approach is more complex to administer than
either of the previous approaches, but it has some significant
benefits:
! We do not need a perfectly consistent file system backup as the starting point.
Any internal inconsistency in the backup will be corrected by log
replay (this is not significantly different from what happens during
! crash recovery). So we do not need a file system snapshot capability,
just tar or a similar archiving tool.
! Since we can combine an indefinitely long sequence of WAL files
for replay, continuous backup can be achieved simply by continuing to archive
the WAL files. This is particularly valuable for large databases, where
it might not be convenient to take a full backup frequently.
***************
*** 469,475 ****
! There is nothing that says we have to replay the WAL entries all the
way to the end. We could stop the replay at any point and have a
consistent snapshot of the database as it was at that time. Thus,
this technique supports point-in-time recovery: it is
--- 464,470 ----
! It is not necessary to replay the WAL entries all the
way to the end. We could stop the replay at any point and have a
consistent snapshot of the database as it was at that time. Thus,
this technique supports point-in-time recovery: it is
***************
*** 521,528 ****
abstract WAL sequence. When not using WAL archiving, the system
normally creates just a few segment files and then
recycles them by renaming no-longer-needed segment files
! to higher segment numbers. It's assumed that a segment file whose
! contents precede the checkpoint-before-last is no longer of
interest and can be recycled.
--- 516,523 ----
abstract WAL sequence. When not using WAL archiving, the system
normally creates just a few segment files and then
recycles them by renaming no-longer-needed segment files
! to higher segment numbers. It's assumed that segment files whose
! contents precede the checkpoint-before-last are no longer of
interest and can be recycled.
***************
*** 535,541 ****
directory on another machine, write them onto a tape drive (ensuring that
you have a way of identifying the original name of each file), or batch
them together and burn them onto CDs, or something else entirely. To
! provide the database administrator with as much flexibility as possible,
PostgreSQL tries not to make any assumptions about how
the archiving will be done. Instead, PostgreSQL lets
the administrator specify a shell command to be executed to copy a
--- 530,536 ----
directory on another machine, write them onto a tape drive (ensuring that
you have a way of identifying the original name of each file), or batch
them together and burn them onto CDs, or something else entirely. To
! provide the database administrator with flexibility,
PostgreSQL tries not to make any assumptions about how
the archiving will be done. Instead, PostgreSQL lets
the administrator specify a shell command to be executed to copy a
***************
*** 552,562 ****
these settings will always be placed in the
postgresql.conf file.
In archive_command,
! any %p is replaced by the path name of the file to
! archive, while any %f is replaced by the file name only.
(The path name is relative to the current working directory,
i.e., the cluster's data directory.)
! Write %% if you need to embed an actual %
character in the command. The simplest useful command is something
like:
--- 547,557 ----
these settings will always be placed in the
postgresql.conf file.
In archive_command,
! %p is replaced by the path name of the file to
! archive, while %f is replaced by only the file name.
(The path name is relative to the current working directory,
i.e., the cluster's data directory.)
! Use %% if you need to embed an actual %
character in the command. The simplest useful command is something
like:
***************
*** 584,590 ****
It is important that the archive command return zero exit status if and
! only if it succeeded. Upon getting a zero result,
PostgreSQL will assume that the file has been
successfully archived, and will remove or recycle it. However, a nonzero
status tells PostgreSQL that the file was not archived;
--- 579,585 ----
It is important that the archive command return zero exit status if and
! only if it succeeds. Upon getting a zero result,
PostgreSQL will assume that the file has been
successfully archived, and will remove or recycle it. However, a nonzero
status tells PostgreSQL that the file was not archived;
***************
*** 602,608 ****
nonzero status in this case. We have found that cp -i does
this correctly on some platforms but not others. If the chosen command
does not itself handle this case correctly, you should add a command
! to test for pre-existence of the archive file. For example, something
like:
archive_command = 'test ! -f .../%f && cp %p .../%f'
--- 597,603 ----
nonzero status in this case. We have found that cp -i does
this correctly on some platforms but not others. If the chosen command
does not itself handle this case correctly, you should add a command
! to test for existence of the archive file. For example, something
like:
archive_command = 'test ! -f .../%f && cp %p .../%f'
***************
*** 620,633 ****
is reported appropriately so that the situation can be
resolved reasonably quickly. The pg_xlog/ directory will
continue to fill with WAL segment files until the situation is resolved.
! (If the filesystem containing pg_xlog/ fills up,
! PostgreSQL will do a PANIC shutdown. No prior
! transactions will be lost, but the database will be unavailable until
you free some space.)
! The speed of the archiving command is not important, so long as it can keep up
with the average rate at which your server generates WAL data. Normal
operation continues even if the archiving process falls a little behind.
If archiving falls significantly behind, this will increase the amount of
--- 615,628 ----
is reported appropriately so that the situation can be
resolved reasonably quickly. The pg_xlog/ directory will
continue to fill with WAL segment files until the situation is resolved.
! (If the file system containing pg_xlog/ fills up,
! PostgreSQL will do a PANIC shutdown. No committed
! transactions will be lost, but the database will remain offline until
you free some space.)
! The speed of the archiving command is unimportant as long as it can keep up
with the average rate at which your server generates WAL data. Normal
operation continues even if the archiving process falls a little behind.
If archiving falls significantly behind, this will increase the amount of
***************
*** 642,649 ****
In writing your archive command, you should assume that the file names to
be archived can be up to 64 characters long and can contain any
combination of ASCII letters, digits, and dots. It is not necessary to
! remember the original relative path (%p) but it is necessary to
! remember the file name (%f).
--- 637,644 ----
In writing your archive command, you should assume that the file names to
be archived can be up to 64 characters long and can contain any
combination of ASCII letters, digits, and dots. It is not necessary to
! preserve the original relative path (%p) but it is necessary to
! preserve the file name (%f).
***************
*** 667,673 ****
a limit on how old unarchived data can be, you can set
to force the server to switch
to a new WAL segment file at least that often. Note that archived
! files that are ended early due to a forced switch are still the same
length as completely full files. It is therefore unwise to set a very
short archive_timeout — it will bloat your archive
storage. archive_timeout settings of a minute or so are
--- 662,668 ----
a limit on how old unarchived data can be, you can set
to force the server to switch
to a new WAL segment file at least that often. Note that archived
! files that are archived early due to a forced switch are still the same
length as completely full files. It is therefore unwise to set a very
short archive_timeout — it will bloat your archive
storage. archive_timeout settings of a minute or so are
***************
*** 676,682 ****
Also, you can force a segment switch manually with
! pg_switch_xlog, if you want to ensure that a
just-finished transaction is archived as soon as possible. Other utility
functions related to WAL management are listed in .
--- 671,677 ----
Also, you can force a segment switch manually with
! pg_switch_xlog if you want to ensure that a
just-finished transaction is archived as soon as possible. Other utility
functions related to WAL management are listed in .
***************
*** 711,717 ****
! Connect to the database as a superuser, and issue the command:
SELECT pg_start_backup('label');
--- 706,712 ----
! Connect to the database as a superuser and issue the command:
SELECT pg_start_backup('label');
***************
*** 720,726 ****
full path where you intend to put the backup dump file.)
pg_start_backup creates a backup label file,
called backup_label, in the cluster directory with
! information about your backup.
--- 715,722 ----
full path where you intend to put the backup dump file.)
pg_start_backup creates a backup label file,
called backup_label, in the cluster directory with
! information about your backup, including the start time and label
! string.
***************
*** 735,743 ****
required for the checkpoint will be spread out over a significant
period of time, by default half your inter-checkpoint interval
(see the configuration parameter
! ). Usually
! this is what you want, because it minimizes the impact on query
! processing. If you just want to start the backup as soon as
possible, use:
SELECT pg_start_backup('label', true);
--- 731,739 ----
required for the checkpoint will be spread out over a significant
period of time, by default half your inter-checkpoint interval
(see the configuration parameter
! ). This is
! usually what you want, because it minimizes the impact on query
! processing. If you want to start the backup as soon as
possible, use:
SELECT pg_start_backup('label', true);
***************
*** 760,773 ****
SELECT pg_stop_backup();
This terminates the backup mode and performs an automatic switch to
! the next WAL segment. The reason for the switch is to arrange that
! the last WAL segment file written during the backup interval is
! immediately ready to archive.
! Once the WAL segment files used during the backup are archived, you are
done. The file identified by pg_stop_backup's result is
the last segment that is required to form a complete set of backup files.
pg_stop_backup does not return until the last segment has
--- 756,769 ----
SELECT pg_stop_backup();
This terminates the backup mode and performs an automatic switch to
! the next WAL segment. The reason for the switch is to arrange for
! the last WAL segment file written during the backup interval to be
! ready to archive.
! Once the WAL segment files active during the backup are archived, you are
done. The file identified by pg_stop_backup's result is
the last segment that is required to form a complete set of backup files.
pg_stop_backup does not return until the last segment has
***************
*** 788,797 ****
! Some backup tools that you might wish to use emit warnings or errors
if the files they are trying to copy change while the copy proceeds.
! This situation is normal, and not an error, when taking a base backup
! of an active database; so you need to ensure that you can distinguish
complaints of this sort from real errors. For example, some versions
of rsync return a separate exit code for
vanished source files, and you can write a driver script to
--- 784,793 ----
! Some file system backup tools emit warnings or errors
if the files they are trying to copy change while the copy proceeds.
! When taking a base backup of an active database, this situation is normal
! and not an error. However, you need to ensure that you can distinguish
complaints of this sort from real errors. For example, some versions
of rsync return a separate exit code for
vanished source files, and you can write a driver script to
***************
*** 804,810 ****
! It is not necessary to be very concerned about the amount of time elapsed
between pg_start_backup and the start of the actual backup,
nor between the end of the backup and pg_stop_backup; a
few minutes' delay won't hurt anything. (However, if you normally run the
--- 800,806 ----
! It is not necessary to be concerned about the amount of time elapsed
between pg_start_backup and the start of the actual backup,
nor between the end of the backup and pg_stop_backup; a
few minutes' delay won't hurt anything. (However, if you normally run the
***************
*** 812,834 ****
in performance between pg_start_backup and
pg_stop_backup, since full_page_writes is
effectively forced on during backup mode.) You must ensure that these
! steps are carried out in sequence without any possible
overlap, or you will invalidate the backup.
! Be certain that your backup dump includes all of the files underneath
the database cluster directory (e.g., /usr/local/pgsql/data).
If you are using tablespaces that do not reside underneath this directory,
be careful to include them as well (and be sure that your backup dump
! archives symbolic links as links, otherwise the restore will mess up
your tablespaces).
You can, however, omit from the backup dump the files within the
! pg_xlog/ subdirectory of the cluster directory. This
! slight complication is worthwhile because it reduces the risk
of mistakes when restoring. This is easy to arrange if
pg_xlog/ is a symbolic link pointing to someplace outside
the cluster directory, which is a common setup anyway for performance
--- 808,830 ----
in performance between pg_start_backup and
pg_stop_backup, since full_page_writes is
effectively forced on during backup mode.) You must ensure that these
! steps are carried out in sequence, without any possible
overlap, or you will invalidate the backup.
! Be certain that your backup dump includes all of the files under
the database cluster directory (e.g., /usr/local/pgsql/data).
If you are using tablespaces that do not reside underneath this directory,
be careful to include them as well (and be sure that your backup dump
! archives symbolic links as links, otherwise the restore will corrupt
your tablespaces).
You can, however, omit from the backup dump the files within the
! cluster's pg_xlog/ subdirectory. This
! slight adjustment is worthwhile because it reduces the risk
of mistakes when restoring. This is easy to arrange if
pg_xlog/ is a symbolic link pointing to someplace outside
the cluster directory, which is a common setup anyway for performance
***************
*** 836,847 ****
! To make use of the backup, you will need to keep around all the WAL
segment files generated during and after the file system backup.
To aid you in doing this, the pg_stop_backup function
creates a backup history file that is immediately
stored into the WAL archive area. This file is named after the first
! WAL segment file that you need to have to make use of the backup.
For example, if the starting WAL file is
0000000100001234000055CD the backup history file will be
named something like
--- 832,843 ----
! To make use of the backup, you will need to keep all the WAL
segment files generated during and after the file system backup.
To aid you in doing this, the pg_stop_backup function
creates a backup history file that is immediately
stored into the WAL archive area. This file is named after the first
! WAL segment file that you need for the file system backup.
For example, if the starting WAL file is
0000000100001234000055CD the backup history file will be
named something like
***************
*** 860,868 ****
The backup history file is just a small text file. It contains the
label string you gave to pg_start_backup, as well as
the starting and ending times and WAL segments of the backup.
! If you used the label to identify where the associated dump file is kept,
then the archived history file is enough to tell you which dump file to
! restore, should you need to do so.
--- 856,864 ----
The backup history file is just a small text file. It contains the
label string you gave to pg_start_backup, as well as
the starting and ending times and WAL segments of the backup.
! If you used the label to identify the associated dump file,
then the archived history file is enough to tell you which dump file to
! restore.
***************
*** 878,890 ****
It's also worth noting that the pg_start_backup function
makes a file named backup_label in the database cluster
! directory, which is then removed again by pg_stop_backup.
This file will of course be archived as a part of your backup dump file.
The backup label file includes the label string you gave to
pg_start_backup, as well as the time at which
pg_start_backup was run, and the name of the starting WAL
! file. In case of confusion it will
! therefore be possible to look inside a backup dump file and determine
exactly which backup session the dump file came from.
--- 874,886 ----
It's also worth noting that the pg_start_backup function
makes a file named backup_label in the database cluster
! directory, which is removed by pg_stop_backup.
This file will of course be archived as a part of your backup dump file.
The backup label file includes the label string you gave to
pg_start_backup, as well as the time at which
pg_start_backup was run, and the name of the starting WAL
! file. In case of confusion it is
! therefore possible to look inside a backup dump file and determine
exactly which backup session the dump file came from.
***************
*** 917,936 ****
location in case you need them later. Note that this precaution will
require that you have enough free space on your system to hold two
copies of your existing database. If you do not have enough space,
! you need at the least to copy the contents of the pg_xlog
! subdirectory of the cluster data directory, as it might contain logs which
were not archived before the system went down.
! Clean out all existing files and subdirectories under the cluster data
directory and under the root directories of any tablespaces you are using.
! Restore the database files from your base backup. Be careful that they
are restored with the right ownership (the database system user, not
root!) and with the right permissions. If you are using
tablespaces,
--- 913,932 ----
location in case you need them later. Note that this precaution will
require that you have enough free space on your system to hold two
copies of your existing database. If you do not have enough space,
! you should at least save the contents of the cluster's pg_xlog
! subdirectory, as it might contain logs which
were not archived before the system went down.
! Remove all existing files and subdirectories under the cluster data
directory and under the root directories of any tablespaces you are using.
! Restore the database files from your file system backup. Be sure that they
are restored with the right ownership (the database system user, not
root!) and with the right permissions. If you are using
tablespaces,
***************
*** 941,957 ****
Remove any files present in pg_xlog/; these came from the
! backup dump and are therefore probably obsolete rather than current.
! If you didn't archive pg_xlog/ at all, then recreate it,
being careful to ensure that you re-establish it as a symbolic link
if you had it set up that way before.
! If you had unarchived WAL segment files that you saved in step 2,
copy them into pg_xlog/. (It is best to copy them,
! not move them, so that you still have the unmodified files if a
problem occurs and you have to start over.)
--- 937,954 ----
Remove any files present in pg_xlog/; these came from the
! file system backup and are therefore probably obsolete rather than current.
! If you didn't archive pg_xlog/ at all, then recreate
! it with proper permissions,
being careful to ensure that you re-establish it as a symbolic link
if you had it set up that way before.
! If you have unarchived WAL segment files that you saved in step 2,
copy them into pg_xlog/. (It is best to copy them,
! not move them, so you still have the unmodified files if a
problem occurs and you have to start over.)
***************
*** 960,966 ****
Create a recovery command file recovery.conf in the cluster
data directory (see ). You might
also want to temporarily modify pg_hba.conf to prevent
! ordinary users from connecting until you are sure the recovery has worked.
--- 957,963 ----
Create a recovery command file recovery.conf in the cluster
data directory (see ). You might
also want to temporarily modify pg_hba.conf to prevent
! ordinary users from connecting until you are sure the recovery was successful.
***************
*** 971,998 ****
simply be restarted and it will continue recovery. Upon completion
of the recovery process, the server will rename
recovery.conf to recovery.done (to prevent
! accidentally re-entering recovery mode in case of a crash later) and then
commence normal database operations.
Inspect the contents of the database to ensure you have recovered to
! where you want to be. If not, return to step 1. If all is well,
! let in your users by restoring pg_hba.conf to normal.
! The key part of all this is to set up a recovery command file that
describes how you want to recover and how far the recovery should
run. You can use recovery.conf.sample (normally
! installed in the installation share/ directory) as a
prototype. The one thing that you absolutely must specify in
recovery.conf is the restore_command,
! which tells PostgreSQL how to get back archived
WAL file segments. Like the archive_command, this is
a shell command string. It can contain %f, which is
replaced by the name of the desired log file, and %p,
--- 968,995 ----
simply be restarted and it will continue recovery. Upon completion
of the recovery process, the server will rename
recovery.conf to recovery.done (to prevent
! accidentally re-entering recovery mode later) and then
commence normal database operations.
Inspect the contents of the database to ensure you have recovered to
! the desired state. If not, return to step 1. If all is well,
! allow your users to connect by restoring pg_hba.conf to normal.
! The key part of all this is to set up a recovery configuration file that
describes how you want to recover and how far the recovery should
run. You can use recovery.conf.sample (normally
! located in the installation's share/ directory) as a
prototype. The one thing that you absolutely must specify in
recovery.conf is the restore_command,
! which tells PostgreSQL how to retrieve archived
WAL file segments. Like the archive_command, this is
a shell command string. It can contain %f, which is
replaced by the name of the desired log file, and %p,
***************
*** 1006,1019 ****
restore_command = 'cp /mnt/server/archivedir/%f %p'
which will copy previously archived WAL segments from the directory
! /mnt/server/archivedir. You could of course use something
much more complicated, perhaps even a shell script that requests the
operator to mount an appropriate tape.
It is important that the command return nonzero exit status on failure.
! The command will be asked for files that are not present
in the archive; it must return nonzero when so asked. This is not an
error condition. Not all of the requested files will be WAL segment
files; you should also expect requests for files with a suffix of
--- 1003,1016 ----
restore_command = 'cp /mnt/server/archivedir/%f %p'
which will copy previously archived WAL segments from the directory
! /mnt/server/archivedir. Of course, you can use something
much more complicated, perhaps even a shell script that requests the
operator to mount an appropriate tape.
It is important that the command return nonzero exit status on failure.
! The command will be called requesting files that are not present
in the archive; it must return nonzero when so asked. This is not an
error condition. Not all of the requested files will be WAL segment
files; you should also expect requests for files with a suffix of
***************
*** 1025,1031 ****
WAL segments that cannot be found in the archive will be sought in
pg_xlog/; this allows use of recent un-archived segments.
! However segments that are available from the archive will be used in
preference to files in pg_xlog/. The system will not
overwrite the existing contents of pg_xlog/ when retrieving
archived files.
--- 1022,1028 ----
WAL segments that cannot be found in the archive will be sought in
pg_xlog/; this allows use of recent un-archived segments.
! However, segments that are available from the archive will be used in
preference to files in pg_xlog/. The system will not
overwrite the existing contents of pg_xlog/ when retrieving
archived files.
***************
*** 1034,1046 ****
Normally, recovery will proceed through all available WAL segments,
thereby restoring the database to the current point in time (or as
! close as we can get given the available WAL segments). So a normal
recovery will end with a file not found message, the exact text
of the error message depending upon your choice of
restore_command. You may also see an error message
at the start of recovery for a file named something like
00000001.history. This is also normal and does not
! indicate a problem in simple recovery situations. See
for discussion.
--- 1031,1043 ----
Normally, recovery will proceed through all available WAL segments,
thereby restoring the database to the current point in time (or as
! close as possible given the available WAL segments). Therefore, a normal
recovery will end with a file not found message, the exact text
of the error message depending upon your choice of
restore_command. You may also see an error message
at the start of recovery for a file named something like
00000001.history. This is also normal and does not
! indicate a problem in simple recovery situations; see
for discussion.
***************
*** 1058,1072 ****
The stop point must be after the ending time of the base backup, i.e.,
the end time of pg_stop_backup. You cannot use a base backup
! to recover to a time when that backup was still going on. (To
recover to such a time, you must go back to your previous base backup
and roll forward from there.)
! If recovery finds a corruption in the WAL data then recovery will
! complete at that point and the server will not start. In such a case the
recovery process could be re-run from the beginning, specifying a
recovery target before the point of corruption so that recovery
can complete normally.
--- 1055,1069 ----
The stop point must be after the ending time of the base backup, i.e.,
the end time of pg_stop_backup. You cannot use a base backup
! to recover to a time when that backup was in progress. (To
recover to such a time, you must go back to your previous base backup
and roll forward from there.)
! If recovery finds corrupted WAL data, recovery will
! halt at that point and the server will not start. In such a case the
recovery process could be re-run from the beginning, specifying a
recovery target before the point of corruption so that recovery
can complete normally.
***************
*** 1085,1091 ****
These settings can only be made in the recovery.conf
! file, and apply only for the duration of the recovery. They must be
reset for any subsequent recovery you wish to perform. They cannot be
changed once recovery has begun.
The parameters for streaming replication are described in
These settings can only be made in the recovery.conf
! file, and apply only for the duration of the recovery. (A sample file,
! share/recovery.conf.sample, exists in the installation's
! share/ directory.) They must be
reset for any subsequent recovery you wish to perform. They cannot be
changed once recovery has begun.
The parameters for streaming replication are described in %f in the string is
replaced by the name of the file to retrieve from the archive,
! and any %p is replaced by the path name to copy
! it to on the server.
(The path name is relative to the current working directory,
i.e., the cluster's data directory.)
Any %r is replaced by the name of the file containing the
last valid restart point. That is the earliest file that must be kept
to allow a restore to be restartable, so this information can be used
to truncate the archive to just the minimum required to support
! restart from the current restore. %r would typically be
! used in a warm-standby configuration
(see ).
! Write %% to embed an actual % character
! in the command.
! It is important for the command to return a zero exit status if and
only if it succeeds. The command will be asked for file
names that are not present in the archive; it must return nonzero
when so asked. Examples:
--- 1102,1123 ----
but optional for streaming replication.
Any %f in the string is
replaced by the name of the file to retrieve from the archive,
! and any %p is replaced by the copy destination path name
! on the server.
(The path name is relative to the current working directory,
i.e., the cluster's data directory.)
Any %r is replaced by the name of the file containing the
last valid restart point. That is the earliest file that must be kept
to allow a restore to be restartable, so this information can be used
to truncate the archive to just the minimum required to support
! restarting from the current restore. %r is typically only
! used by warm-standby configurations
(see ).
! Write %% to embed an actual % character.
+
! It is important for the command to return a zero exit status
only if it succeeds. The command will be asked for file
names that are not present in the archive; it must return nonzero
when so asked. Examples:
***************
*** 1221,1227 ****
Specifies recovering into a particular timeline. The default is
to recover along the same timeline that was current when the
! base backup was taken. You would only need to set this parameter
in complex re-recovery situations, where you need to return to
a state that itself was reached after a point-in-time recovery.
See for discussion.
--- 1220,1226 ----
Specifies recovering into a particular timeline. The default is
to recover along the same timeline that was current when the
! base backup was taken. You only need to set this parameter
in complex re-recovery situations, where you need to return to
a state that itself was reached after a point-in-time recovery.
See for discussion.
***************
*** 1245,1272 ****
The ability to restore the database to a previous point in time creates
some complexities that are akin to science-fiction stories about time
! travel and parallel universes. In the original history of the database,
! perhaps you dropped a critical table at 5:15PM on Tuesday evening, but
didn't realize your mistake until Wednesday noon.
Unfazed, you get out your backup, restore to the point-in-time 5:14PM
Tuesday evening, and are up and running. In this history of
! the database universe, you never dropped the table at all. But suppose
! you later realize this wasn't such a great idea after all, and would like
to return to sometime Wednesday morning in the original history.
You won't be able
to if, while your database was up-and-running, it overwrote some of the
! sequence of WAL segment files that led up to the time you now wish you
! could get back to. So you really want to distinguish the series of
WAL records generated after you've done a point-in-time recovery from
those that were generated in the original database history.
! To deal with these problems, PostgreSQL has a notion
! of timelines. Whenever an archive recovery is completed,
a new timeline is created to identify the series of WAL records
generated after that recovery. The timeline
! ID number is part of WAL segment file names, and so a new timeline does
not overwrite the WAL data generated by previous timelines. It is
in fact possible to archive many different timelines. While that might
seem like a useless feature, it's often a lifesaver. Consider the
--- 1244,1271 ----
The ability to restore the database to a previous point in time creates
some complexities that are akin to science-fiction stories about time
! travel and parallel universes. For example, in the original history of the database,
! suppose you dropped a critical table at 5:15PM on Tuesday evening, but
didn't realize your mistake until Wednesday noon.
Unfazed, you get out your backup, restore to the point-in-time 5:14PM
Tuesday evening, and are up and running. In this history of
! the database universe, you never dropped the table. But suppose
! you later realize this wasn't such a great idea, and would like
to return to sometime Wednesday morning in the original history.
You won't be able
to if, while your database was up-and-running, it overwrote some of the
! WAL segment files that led up to the time you now wish you
! could get back to. Thus, to avoid this, you need to distinguish the series of
WAL records generated after you've done a point-in-time recovery from
those that were generated in the original database history.
! To deal with this problem, PostgreSQL has a notion
! of timelines. Whenever an archive recovery completes,
a new timeline is created to identify the series of WAL records
generated after that recovery. The timeline
! ID number is part of WAL segment file names so a new timeline does
not overwrite the WAL data generated by previous timelines. It is
in fact possible to archive many different timelines. While that might
seem like a useless feature, it's often a lifesaver. Consider the
***************
*** 1275,1285 ****
until you find the best place to branch off from the old history. Without
timelines this process would soon generate an unmanageable mess. With
timelines, you can recover to any prior state, including
! states in timeline branches that you later abandoned.
! Each time a new timeline is created, PostgreSQL creates
a timeline history file that shows which timeline it branched
off from and when. These history files are necessary to allow the system
to pick the right WAL segment files when recovering from an archive that
--- 1274,1284 ----
until you find the best place to branch off from the old history. Without
timelines this process would soon generate an unmanageable mess. With
timelines, you can recover to any prior state, including
! states in timeline branches that you abandoned earlier.
! Every time a new timeline is created, PostgreSQL creates
a timeline history file that shows which timeline it branched
off from and when. These history files are necessary to allow the system
to pick the right WAL segment files when recovering from an archive that
***************
*** 1287,1301 ****
archive area just like WAL segment files. The history files are just
small text files, so it's cheap and appropriate to keep them around
indefinitely (unlike the segment files which are large). You can, if
! you like, add comments to a history file to make your own notes about
! how and why this particular timeline came to be. Such comments will be
especially valuable when you have a thicket of different timelines as
a result of experimentation.
The default behavior of recovery is to recover along the same timeline
! that was current when the base backup was taken. If you want to recover
into some child timeline (that is, you want to return to some state that
was itself generated after a recovery attempt), you need to specify the
target timeline ID in recovery.conf. You cannot recover into
--- 1286,1300 ----
archive area just like WAL segment files. The history files are just
small text files, so it's cheap and appropriate to keep them around
indefinitely (unlike the segment files which are large). You can, if
! you like, add comments to a history file to record your own notes about
! how and why this particular timeline was created. Such comments will be
especially valuable when you have a thicket of different timelines as
a result of experimentation.
The default behavior of recovery is to recover along the same timeline
! that was current when the base backup was taken. If you wish to recover
into some child timeline (that is, you want to return to some state that
was itself generated after a recovery attempt), you need to specify the
target timeline ID in recovery.conf. You cannot recover into
***************
*** 1319,1331 ****
for point-in-time recovery, yet are typically much faster to backup and
restore than pg_dump dumps. (They are also much larger
than pg_dump dumps, so in some cases the speed advantage
! could be negated.)
To prepare for standalone hot backups, set archive_mode to
on, and set up an archive_command that performs
! archiving only when a switch file exists. For example:
archive_command = 'test ! -f /var/lib/pgsql/backup_in_progress || cp -i %p /var/lib/pgsql/archive/%f < /dev/null'
--- 1318,1330 ----
for point-in-time recovery, yet are typically much faster to backup and
restore than pg_dump dumps. (They are also much larger
than pg_dump dumps, so in some cases the speed advantage
! might be negated.)
To prepare for standalone hot backups, set archive_mode to
on, and set up an archive_command that performs
! archiving only when a switch file exists. For example:
archive_command = 'test ! -f /var/lib/pgsql/backup_in_progress || cp -i %p /var/lib/pgsql/archive/%f < /dev/null'
***************
*** 1538,1544 ****
in continuous archiving mode, while each standby server operates in
continuous recovery mode, reading the WAL files from the primary. No
changes to the database tables are required to enable this capability,
! so it offers low administration overhead in comparison with some other
replication approaches. This configuration also has relatively low
performance impact on the primary server.
--- 1537,1543 ----
in continuous archiving mode, while each standby server operates in
continuous recovery mode, reading the WAL files from the primary. No
changes to the database tables are required to enable this capability,
! so it offers low administration overhead compared to some other
replication approaches. This configuration also has relatively low
performance impact on the primary server.
***************
*** 1549,1555 ****
implements file-based log shipping, which means that WAL records are
transferred one file (WAL segment) at a time. WAL files (16MB) can be
shipped easily and cheaply over any distance, whether it be to an
! adjacent system, another system on the same site or another system on
the far side of the globe. The bandwidth required for this technique
varies according to the transaction rate of the primary server.
Record-based log shipping is also possible with custom-developed
--- 1548,1554 ----
implements file-based log shipping, which means that WAL records are
transferred one file (WAL segment) at a time. WAL files (16MB) can be
shipped easily and cheaply over any distance, whether it be to an
! adjacent system, another system at the same site, or another system on
the far side of the globe. The bandwidth required for this technique
varies according to the transaction rate of the primary server.
Record-based log shipping is also possible with custom-developed
***************
*** 1563,1572 ****
failure: transactions not yet shipped will be lost. The length of the
window of data loss can be limited by use of the
archive_timeout parameter, which can be set as low
! as a few seconds if required. However such low settings will
! substantially increase the bandwidth requirements for file shipping.
If you need a window of less than a minute or so, it's probably better
! to look into record-based log shipping.
--- 1562,1571 ----
failure: transactions not yet shipped will be lost. The length of the
window of data loss can be limited by use of the
archive_timeout parameter, which can be set as low
! as a few seconds if required. However such a low setting will
! substantially increase the bandwidth required for file shipping.
If you need a window of less than a minute or so, it's probably better
! to consider record-based log shipping.
***************
*** 1587,1598 ****
It is usually wise to create the primary and standby servers
so that they are as similar as possible, at least from the
perspective of the database server. In particular, the path names
! associated with tablespaces will be passed across as-is, so both
primary and standby servers must have the same mount paths for
tablespaces if that feature is used. Keep in mind that if
is executed on the primary, any new mount point needed for it must
! be created on both the primary and all standby servers before the command
is executed. Hardware need not be exactly the same, but experience shows
that maintaining two identical systems is easier than maintaining two
dissimilar ones over the lifetime of the application and system.
--- 1586,1597 ----
It is usually wise to create the primary and standby servers
so that they are as similar as possible, at least from the
perspective of the database server. In particular, the path names
! associated with tablespaces will be passed across unmodified, so both
primary and standby servers must have the same mount paths for
tablespaces if that feature is used. Keep in mind that if
is executed on the primary, any new mount point needed for it must
! be created on the primary and all standby servers before the command
is executed. Hardware need not be exactly the same, but experience shows
that maintaining two identical systems is easier than maintaining two
dissimilar ones over the lifetime of the application and system.
***************
*** 1603,1609 ****
In general, log shipping between servers running different major
PostgreSQL release
! levels will not be possible. It is the policy of the PostgreSQL Global
Development Group not to make changes to disk formats during minor release
upgrades, so it is likely that running different minor release levels
on primary and standby servers will work successfully. However, no
--- 1602,1608 ----
In general, log shipping between servers running different major
PostgreSQL release
! levels is not possible. It is the policy of the PostgreSQL Global
Development Group not to make changes to disk formats during minor release
upgrades, so it is likely that running different minor release levels
on primary and standby servers will work successfully. However, no
***************
*** 1617,1629 ****
There is no special mode required to enable a standby server. The
! operations that occur on both primary and standby servers are entirely
normal continuous archiving and recovery tasks. The only point of
contact between the two database servers is the archive of WAL files
that both share: primary writing to the archive, standby reading from
! the archive. Care must be taken to ensure that WAL archives for separate
primary servers do not become mixed together or confused. The archive
! need not be large, if it is only required for the standby operation.
--- 1616,1628 ----
There is no special mode required to enable a standby server. The
! operations that occur on both primary and standby servers are
normal continuous archiving and recovery tasks. The only point of
contact between the two database servers is the archive of WAL files
that both share: primary writing to the archive, standby reading from
! the archive. Care must be taken to ensure that WAL archives from separate
primary servers do not become mixed together or confused. The archive
! need not be large if it is only required for standby operation.
***************
*** 1665,1695 ****
as a contrib module named pg_standby. It
should be used as a reference on how to correctly implement the logic
described above. It can also be extended as needed to support specific
! configurations or environments.
PostgreSQL does not provide the system
software required to identify a failure on the primary and notify
! the standby system and then the standby database server. Many such
! tools exist and are well integrated with other aspects required for
successful failover, such as IP address migration.
! The means for triggering failover is an important part of planning and
! design. The restore_command is executed in full once
! for each WAL file. The process running the restore_command
! is therefore created and dies for each file, so there is no daemon
! or server process and so we cannot use signals and a signal
! handler. A more permanent notification is required to trigger the
! failover. It is possible to use a simple timeout facility,
! especially if used in conjunction with a known
! archive_timeout setting on the primary. This is
! somewhat error prone since a network problem or busy primary server might
! be sufficient to initiate failover. A notification mechanism such
! as the explicit creation of a trigger file is less error prone, if
! this can be arranged.
--- 1664,1694 ----
as a contrib module named pg_standby. It
should be used as a reference on how to correctly implement the logic
described above. It can also be extended as needed to support specific
! configurations and environments.
PostgreSQL does not provide the system
software required to identify a failure on the primary and notify
! the standby database server. Many such tools exist and are well
! integrated with the operating system facilities required for
successful failover, such as IP address migration.
! The method for triggering failover is an important part of planning
! and design. One potential option is the restore_command
! command. It is executed once for each WAL file, but the process
! running the restore_command is created and dies for
! each file, so there is no daemon or server process, and we cannot
! use signals or a signal handler. Therefore, the
! restore_command is not suitable to trigger failover.
! It is possible to use a simple timeout facility, especially if
! used in conjunction with a known archive_timeout
! setting on the primary. However, this is somewhat error prone
! since a network problem or busy primary server might be sufficient
! to initiate failover. A notification mechanism such as the explicit
! creation of a trigger file is ideal, if this can be arranged.
***************
*** 1697,1703 ****
option of the restore_command. This option specifies the
last archive file name that needs to be kept to allow the recovery to
restart correctly. This can be used to truncate the archive once
! files are no longer required, if the archive is writable from the
standby server.
--- 1696,1702 ----
option of the restore_command. This option specifies the
last archive file name that needs to be kept to allow the recovery to
restart correctly. This can be used to truncate the archive once
! files are no longer required, assuming the archive is writable from the
standby server.
***************
*** 1711,1725 ****
! Set up primary and standby systems as near identically as
possible, including two identical copies of
PostgreSQL at the same release level.
! Set up continuous archiving from the primary to a WAL archive located
! in a directory on the standby server. Ensure that
,
and
--- 1710,1724 ----
! Set up primary and standby systems as nearly identical as
possible, including two identical copies of
PostgreSQL at the same release level.
! Set up continuous archiving from the primary to a WAL archive
! directory on the standby server. Ensure that
,
and
***************
*** 1777,1785 ****
! If the primary server fails and then immediately restarts, you must have
! a mechanism for informing it that it is no longer the primary. This is
! sometimes known as STONITH (Shoot the Other Node In The Head), which is
necessary to avoid situations where both systems think they are the
primary, which will lead to confusion and ultimately data loss.
--- 1776,1785 ----
! If the primary server fails and the standby server becomes the
! new primary, and then the old primary restarts, you must have
! a mechanism for informing old primary that it is no longer the primary. This is
! sometimes known as STONITH (Shoot The Other Node In The Head), which is
necessary to avoid situations where both systems think they are the
primary, which will lead to confusion and ultimately data loss.
***************
*** 1803,1809 ****
either on the former primary system when it comes up, or on a third,
possibly new, system. Once complete the primary and standby can be
considered to have switched roles. Some people choose to use a third
! server to provide backup to the new primary until the new standby
server is recreated,
though clearly this complicates the system configuration and
operational processes.
--- 1803,1809 ----
either on the former primary system when it comes up, or on a third,
possibly new, system. Once complete the primary and standby can be
considered to have switched roles. Some people choose to use a third
! server to provide backup for the new primary until the new standby
server is recreated,
though clearly this complicates the system configuration and
operational processes.
***************
*** 1834,1848 ****
to find out the file name and the exact byte offset within it of
the current end of WAL. It can then access the WAL file directly
and copy the data from the last known end of WAL through the current end
! over to the standby server(s). With this approach, the window for data
loss is the polling cycle time of the copying program, which can be very
! small, but there is no wasted bandwidth from forcing partially-used
segment files to be archived. Note that the standby servers'
! restore_command scripts still deal in whole WAL files,
so the incrementally copied data is not ordinarily made available to
the standby servers. It is of use only when the primary dies —
then the last partial WAL file is fed to the standby before allowing
! it to come up. So correct implementation of this process requires
cooperation of the restore_command script with the data
copying program.
--- 1834,1848 ----
to find out the file name and the exact byte offset within it of
the current end of WAL. It can then access the WAL file directly
and copy the data from the last known end of WAL through the current end
! over to the standby servers. With this approach, the window for data
loss is the polling cycle time of the copying program, which can be very
! small, and there is no wasted bandwidth from forcing partially-used
segment files to be archived. Note that the standby servers'
! restore_command scripts can only deal with whole WAL files,
so the incrementally copied data is not ordinarily made available to
the standby servers. It is of use only when the primary dies —
then the last partial WAL file is fed to the standby before allowing
! it to come up. The correct implementation of this process requires
cooperation of the restore_command script with the data
copying program.
***************
*** 2090,2099 ****
! If we take a backup of the standby server's data directory while it is processing
! logs shipped from the primary, we will be able to reload that data and
restart the standby's recovery process from the last restart point.
! We no longer need to keep WAL files from before the restart point.
If we need to recover, it will be faster to recover from the incrementally
updated backup than from the original base backup.
--- 2090,2100 ----
! If we take a file system backup of the standby server's data
! directory while it is processing
! logs shipped from the primary, we will be able to reload that backup and
restart the standby's recovery process from the last restart point.
! We no longer need to keep WAL files from before the standby's restart point.
If we need to recover, it will be faster to recover from the incrementally
updated backup than from the original base backup.
***************
*** 2106,2112 ****
backup. You can do this by running pg_controldata
on the standby server to inspect the control file and determine the
current checkpoint WAL location, or by using the
! log_checkpoints option to print values to the server log.
--- 2107,2114 ----
backup. You can do this by running pg_controldata
on the standby server to inspect the control file and determine the
current checkpoint WAL location, or by using the
! log_checkpoints option to print values to the standby's
! server log.
***************
*** 2892,2918 ****
! As a general rule, the internal data storage format is subject to
! change between major releases of PostgreSQL (where
! the number after the first dot changes). This does not apply to
! different minor releases under the same major release (where the
! number after the second dot changes); these always have compatible
! storage formats. For example, releases 8.1.1, 8.2.3, and 8.3 are
! not compatible, whereas 8.2.3 and 8.2.4 are. When you update
! between compatible versions, you can simply replace the executables
! and reuse the data directory on disk. Otherwise you need to back
! up your data and restore it on the new server. This has to be done
! using pg_dump; file system level backup methods
! obviously won't work. There are checks in place that prevent you
! from using a data directory with an incompatible version of
! PostgreSQL, so no great harm can be done by
! trying to start the wrong server version on a data directory.
It is recommended that you use the pg_dump and
pg_dumpall programs from the newer version of
! PostgreSQL, to take advantage of any enhancements
that might have been made in these programs. Current releases of the
dump programs can read data from any server version back to 7.0.
--- 2894,2928 ----
! PostgreSQL major versions are represented by the
! first two digit groups of the version number, e.g. 8.4.
! PostgreSQL minor versions are represented by the
! the third group of version digits, i.e., 8.4.2 is the second minor
! release of 8.4. Minor releases never change the internal storage
! format and are always compatible with earlier and later minor
! releases of the same major version number, i.e. 8.4.2 is compatible
! with 8.4, 8.4.1 and 8.4.6. To update between compatible versions,
! you simply replace the executables while the server is down and
! restart the server. The data directory remains unchanged —
! minor upgrades are that simple.
!
!
!
! For major releases of PostgreSQL, the
! internal data storage format is subject to change. When migrating
! data from one major version of PostgreSQL to another,
! you need to back up your data and restore it on the new server.
! This must be done using pg_dump; file system level
! backup methods will not work. There are checks in place that prevent
! you from using a data directory with an incompatible version of
! PostgreSQL, so no great harm can be done
! by trying to start the wrong server version on a data directory.
It is recommended that you use the pg_dump and
pg_dumpall programs from the newer version of
! PostgreSQL, to take advantage of enhancements
that might have been made in these programs. Current releases of the
dump programs can read data from any server version back to 7.0.
***************
*** 2926,2934 ****
pg_dumpall -p 5432 | psql -d postgres -p 6543
! to transfer your data. Or use an intermediate file if you want.
! Then you can shut down the old server and start the new server at
! the port the old one was running at. You should make sure that the
old database is not updated after you begin to run
pg_dumpall, otherwise you will lose that data. See for information on how to prohibit
--- 2936,2944 ----
pg_dumpall -p 5432 | psql -d postgres -p 6543
! to transfer your data. Or use an intermediate file if you wish.
! Then you can shut down the old server and start the new server using
! the port the old one was running on. You should make sure that the
old database is not updated after you begin to run
pg_dumpall, otherwise you will lose that data. See for information on how to prohibit
***************
*** 2949,2961 ****
If you cannot or do not want to run two servers in parallel, you can
do the backup step before installing the new version, bring down
! the server, move the old version out of the way, install the new
version, start the new server, and restore the data. For example:
pg_dumpall > backup
pg_ctl stop
mv /usr/local/pgsql /usr/local/pgsql.old
cd ~/postgresql-&version;
gmake install
initdb -D /usr/local/pgsql/data
--- 2959,2972 ----
If you cannot or do not want to run two servers in parallel, you can
do the backup step before installing the new version, bring down
! the old server, move the old version out of the way, install the new
version, start the new server, and restore the data. For example:
pg_dumpall > backup
pg_ctl stop
mv /usr/local/pgsql /usr/local/pgsql.old
+ # Rename any tablespace directories as well
cd ~/postgresql-&version;
gmake install
initdb -D /usr/local/pgsql/data
***************
*** 2976,2982 ****
This is usually not a big problem, but if you plan on using two
installations in parallel for a while you should assign them
different installation directories at build time. (This problem
! is rectified in PostgreSQL 8.0 and later, so long
as you move all subdirectories containing installed files together;
for example if /usr/local/postgres/bin/ goes to
/usr/local/postgres.old/bin/, then
--- 2987,2993 ----
This is usually not a big problem, but if you plan on using two
installations in parallel for a while you should assign them
different installation directories at build time. (This problem
! is rectified in PostgreSQL version 8.0 and later, so long
as you move all subdirectories containing installed files together;
for example if /usr/local/postgres/bin/ goes to
/usr/local/postgres.old/bin/, then
Index: doc/src/sgml/catalogs.sgml
===================================================================
RCS file: /cvsroot/pgsql/doc/src/sgml/catalogs.sgml,v
retrieving revision 2.219
diff -c -c -r2.219 catalogs.sgml
*** doc/src/sgml/catalogs.sgml 22 Jan 2010 16:40:18 -0000 2.219
--- doc/src/sgml/catalogs.sgml 3 Feb 2010 17:17:17 -0000
***************
*** 5569,5575 ****
inserted before a datum of this type so that it begins on the
specified boundary. The alignment reference is the beginning
of the first datum in the sequence.
!
Possible values are:
--- 5569,5577 ----
inserted before a datum of this type so that it begins on the
specified boundary. The alignment reference is the beginning
of the first datum in the sequence.
!
!
!
Possible values are:
Index: doc/src/sgml/charset.sgml
===================================================================
RCS file: /cvsroot/pgsql/doc/src/sgml/charset.sgml,v
retrieving revision 2.95
diff -c -c -r2.95 charset.sgml
*** doc/src/sgml/charset.sgml 18 May 2009 08:59:28 -0000 2.95
--- doc/src/sgml/charset.sgml 3 Feb 2010 17:17:17 -0000
***************
*** 6,13 ****
This chapter describes the available localization features from the
point of view of the administrator.
! PostgreSQL supports localization with
! two approaches:
--- 6,13 ----
This chapter describes the available localization features from the
point of view of the administrator.
! PostgreSQL supports two localization
! facilities:
***************
*** 67,76 ****
(sv) as spoken
in Sweden (SE). Other possibilities might be
en_US (U.S. English) and fr_CA (French
! Canadian). If more than one character set can be useful for a
locale then the specifications look like this:
! cs_CZ.ISO8859-2. What locales are available under what
! names on your system depends on what was provided by the operating
system vendor and what was installed. On most Unix systems, the command
locale -a will provide a list of available locales.
Windows uses more verbose locale names, such as German_Germany
--- 67,76 ----
(sv) as spoken
in Sweden (SE). Other possibilities might be
en_US (U.S. English) and fr_CA (French
! Canadian). If more than one character set can be used for a
locale then the specifications look like this:
! cs_CZ.ISO8859-2. What locales are available on your
! system under what names depends on what was provided by the operating
system vendor and what was installed. On most Unix systems, the command
locale -a will provide a list of available locales.
Windows uses more verbose locale names, such as German_Germany
***************
*** 80,87 ****
Occasionally it is useful to mix rules from several locales, e.g.,
use English collation rules but Spanish messages. To support that, a
! set of locale subcategories exist that control only a certain
! aspect of the localization rules:
--- 80,87 ----
Occasionally it is useful to mix rules from several locales, e.g.,
use English collation rules but Spanish messages. To support that, a
! set of locale subcategories exist that control only certain
! aspects of the localization rules:
***************
*** 127,139 ****
! The nature of some locale categories is that their value has to be
fixed when the database is created. You can use different settings
for different databases, but once a database is created, you cannot
change them for that database anymore. LC_COLLATE
! and LC_CTYPE are these categories. They affect
the sort order of indexes, so they must be kept fixed, or indexes on
! text columns will become corrupt. The default values for these
categories are determined when initdb is run, and
those values are used when new databases are created, unless
specified otherwise in the CREATE DATABASE command.
--- 127,139 ----
! Some locale categories must have their values
fixed when the database is created. You can use different settings
for different databases, but once a database is created, you cannot
change them for that database anymore. LC_COLLATE
! and LC_CTYPE are these type of categories. They affect
the sort order of indexes, so they must be kept fixed, or indexes on
! text columns would become corrupt. The default values for these
categories are determined when initdb is run, and
those values are used when new databases are created, unless
specified otherwise in the CREATE DATABASE command.
***************
*** 146,152 ****
linkend="runtime-config-client-format"> for details). The values
that are chosen by initdb are actually only written
into the configuration file postgresql.conf to
! serve as defaults when the server is started. If you delete these
assignments from postgresql.conf then the
server will inherit the settings from its execution environment.
--- 146,152 ----
linkend="runtime-config-client-format"> for details). The values
that are chosen by initdb are actually only written
into the configuration file postgresql.conf to
! serve as defaults when the server is started. If you disable these
assignments from postgresql.conf then the
server will inherit the settings from its execution environment.
***************
*** 178,184 ****
settings for the purpose of setting the language of messages. If
in doubt, please refer to the documentation of your operating
system, in particular the documentation about
! gettext, for more information.
--- 178,184 ----
settings for the purpose of setting the language of messages. If
in doubt, please refer to the documentation of your operating
system, in particular the documentation about
! gettext.
***************
*** 320,327 ****
An important restriction, however, is that each database's character set
! must be compatible with the database's LC_CTYPE and
! LC_COLLATE locale settings. For C or
POSIX locale, any character set is allowed, but for other
locales there is only one character set that will work correctly.
(On Windows, however, UTF-8 encoding can be used with any locale.)
--- 320,328 ----
An important restriction, however, is that each database's character set
! must be compatible with the database's LC_CTYPE (character
! classification) and LC_COLLATE (string sort order) locale
! settings. For C or
POSIX locale, any character set is allowed, but for other
locales there is only one character set that will work correctly.
(On Windows, however, UTF-8 encoding can be used with any locale.)
***************
*** 543,549 ****
LATIN1 with Euro and accentsYes1
! ISO885915LATIN10
--- 544,550 ----
LATIN1 with Euro and accentsYes1
! ISO885915LATIN10
***************
*** 694,700 ****
! Not all APIs support all the listed character sets. For example, the
PostgreSQL
JDBC driver does not support MULE_INTERNAL, LATIN6,
LATIN8, and LATIN10.
--- 695,701 ----
! Not all client APIs support all the listed character sets. For example, the
PostgreSQL
JDBC driver does not support MULE_INTERNAL, LATIN6,
LATIN8, and LATIN10.
***************
*** 710,716 ****
much a declaration that a specific encoding is in use, as a declaration
of ignorance about the encoding. In most cases, if you are
working with any non-ASCII data, it is unwise to use the
! SQL_ASCII setting, because
PostgreSQL will be unable to help you by
converting or validating non-ASCII characters.
--- 711,717 ----
much a declaration that a specific encoding is in use, as a declaration
of ignorance about the encoding. In most cases, if you are
working with any non-ASCII data, it is unwise to use the
! SQL_ASCII setting because
PostgreSQL will be unable to help you by
converting or validating non-ASCII characters.
***************
*** 720,736 ****
Setting the Character Set
! initdb defines the default character set
for a PostgreSQL cluster. For example,
initdb -E EUC_JP
! sets the default character set (encoding) to
EUC_JP (Extended Unix Code for Japanese). You
can use instead of
! if you prefer to type longer option strings.
If no option is
given, initdb attempts to determine the appropriate
encoding to use based on the specified or default locale.
--- 721,737 ----
Setting the Character Set
! initdb defines the default character set (encoding)
for a PostgreSQL cluster. For example,
initdb -E EUC_JP
! sets the default character set to
EUC_JP (Extended Unix Code for Japanese). You
can use instead of
! if you prefer longer option strings.
If no option is
given, initdb attempts to determine the appropriate
encoding to use based on the specified or default locale.
***************
*** 762,769 ****
The encoding for a database is stored in the system catalog
pg_database. You can see it by using the
! option or the \l command
! of psql.
$ psql -l
--- 763,770 ----
The encoding for a database is stored in the system catalog
pg_database. You can see it by using the
! psql option or the
! \l command.
$ psql -l
***************
*** 784,794 ****
On most modern operating systems, PostgreSQL
! can determine which character set is implied by an LC_CTYPE
setting, and it will enforce that only the matching database encoding is
used. On older systems it is your responsibility to ensure that you use
the encoding expected by the locale you have selected. A mistake in
! this area is likely to lead to strange misbehavior of locale-dependent
operations such as sorting.
--- 785,795 ----
On most modern operating systems, PostgreSQL
! can determine which character set is implied by the LC_CTYPE
setting, and it will enforce that only the matching database encoding is
used. On older systems it is your responsibility to ensure that you use
the encoding expected by the locale you have selected. A mistake in
! this area is likely to lead to strange behavior of locale-dependent
operations such as sorting.
***************
*** 1190,1198 ****
If the conversion of a particular character is not possible
— suppose you chose EUC_JP for the
! server and LATIN1 for the client, then some
! Japanese characters do not have a representation in
! LATIN1 — then an error is reported.
--- 1191,1199 ----
If the conversion of a particular character is not possible
— suppose you chose EUC_JP for the
! server and LATIN1 for the client, and some
! Japanese characters are returned that do not have a representation in
! LATIN1 — an error is reported.
***************
*** 1249,1255 ****
! UTF-8 is defined here.
--- 1250,1257 ----
! UTF-8 (8-bit UCS/Unicode Transformation
! Format) is defined here.
Index: doc/src/sgml/client-auth.sgml
===================================================================
RCS file: /cvsroot/pgsql/doc/src/sgml/client-auth.sgml,v
retrieving revision 1.130
diff -c -c -r1.130 client-auth.sgml
*** doc/src/sgml/client-auth.sgml 2 Feb 2010 19:09:36 -0000 1.130
--- doc/src/sgml/client-auth.sgml 3 Feb 2010 17:17:17 -0000
***************
*** 162,168 ****
hostnossl
! This record type has the opposite logic to hostssl:
it only matches connection attempts made over
TCP/IP that do not use SSL.
--- 162,168 ----
hostnossl
! This record type has the opposite behavior of hostssl;
it only matches connection attempts made over
TCP/IP that do not use SSL.
***************
*** 218,224 ****
Specifies the client machine IP address range that this record
matches. This field contains an IP address in standard dotted decimal
! notation and a CIDR mask length. (IP addresses can only be
specified numerically, not as domain or host names.) The mask
length indicates the number of high-order bits of the client
IP address that must match. Bits to the right of this must
--- 218,224 ----
Specifies the client machine IP address range that this record
matches. This field contains an IP address in standard dotted decimal
! notation and a CIDR mask length. (IP addresses can only be
specified numerically, not as domain or host names.) The mask
length indicates the number of high-order bits of the client
IP address that must match. Bits to the right of this must
***************
*** 238,244 ****
Typical examples of a CIDR-address are
172.20.143.89/32 for a single host, or
172.20.143.0/24 for a small network, or
! 10.6.0.0/16 for a larger one.
To specify a single host, use a CIDR mask of 32 for IPv4 or
128 for IPv6. In a network address, do not omit trailing zeroes.
--- 238,245 ----
Typical examples of a CIDR-address are
172.20.143.89/32 for a single host, or
172.20.143.0/24 for a small network, or
! 10.6.0.0/16 for a larger one.
! 0.0.0.0/0 (all balls) represents all addresses.
To specify a single host, use a CIDR mask of 32 for IPv4 or
128 for IPv6. In a network address, do not omit trailing zeroes.
***************
*** 296,303 ****
Allow the connection unconditionally. This method
allows anyone that can connect to the
PostgreSQL database server to login as
! any PostgreSQL user they like,
! without the need for a password. See for details.
--- 297,304 ----
Allow the connection unconditionally. This method
allows anyone that can connect to the
PostgreSQL database server to login as
! any PostgreSQL user they wish,
! without the need for a password or any other authentication. See for details.
***************
*** 308,314 ****
Reject the connection unconditionally. This is useful for
! filtering out certain hosts from a group.
--- 309,318 ----
Reject the connection unconditionally. This is useful for
! filtering out certain hosts from a group, e.g. a
! reject line blocks a specific host from connecting,
! but a later line allows the remaining hosts in a specific
! network to connect.
***************
*** 388,394 ****
ldap
! Authenticate using an LDAP server. See for details.
--- 392,398 ----
ldap
! Authenticate using an LDAP server. See for details.
***************
*** 473,479 ****
the main server process receives a
SIGHUPSIGHUP
signal. If you edit the file on an
! active system, you will need to signal the server
(using pg_ctl reload or kill -HUP) to make it
re-read the file.
--- 477,483 ----
the main server process receives a
SIGHUPSIGHUP
signal. If you edit the file on an
! active system, you will need to signal the postmaster
(using pg_ctl reload or kill -HUP) to make it
re-read the file.
***************
*** 485,491 ****
CONNECT privilege for the database. If you wish to
restrict which users can connect to which databases, it's usually
easier to control this by granting/revoking CONNECT privilege
! than to put the rules into pg_hba.conf entries.
--- 489,495 ----
CONNECT privilege for the database. If you wish to
restrict which users can connect to which databases, it's usually
easier to control this by granting/revoking CONNECT privilege
! than to put the rules in pg_hba.conf entries.
***************
*** 498,504 ****
Example <filename>pg_hba.conf</filename> entries
! # Allow any user on the local system to connect to any database under
# any database user name using Unix-domain sockets (the default for local
# connections).
#
--- 502,508 ----
Example <filename>pg_hba.conf</filename> entries
! # Allow any user on the local system to connect to any database with
# any database user name using Unix-domain sockets (the default for local
# connections).
#
***************
*** 517,523 ****
# Allow any user from any host with IP address 192.168.93.x to connect
# to database "postgres" as the same user name that ident reports for
! # the connection (typically the Unix user name).
#
# TYPE DATABASE USER CIDR-ADDRESS METHOD
host postgres all 192.168.93.0/24 ident
--- 521,527 ----
# Allow any user from any host with IP address 192.168.93.x to connect
# to database "postgres" as the same user name that ident reports for
! # the connection (typically the operating system user name).
#
# TYPE DATABASE USER CIDR-ADDRESS METHOD
host postgres all 192.168.93.0/24 ident
***************
*** 531,538 ****
# In the absence of preceding "host" lines, these two lines will
# reject all connections from 192.168.54.1 (since that entry will be
# matched first), but allow Kerberos 5 connections from anywhere else
! # on the Internet. The zero mask means that no bits of the host IP
! # address are considered so it matches any host.
#
# TYPE DATABASE USER CIDR-ADDRESS METHOD
host all all 192.168.54.1/32 reject
--- 535,542 ----
# In the absence of preceding "host" lines, these two lines will
# reject all connections from 192.168.54.1 (since that entry will be
# matched first), but allow Kerberos 5 connections from anywhere else
! # on the Internet. The zero mask causes no bits of the host IP
! # address to be considered, so it matches any host.
#
# TYPE DATABASE USER CIDR-ADDRESS METHOD
host all all 192.168.54.1/32 reject
***************
*** 654,660 ****
when the main server process receives a
SIGHUPSIGHUP
signal. If you edit the file on an
! active system, you will need to signal the server
(using pg_ctl reload or kill -HUP) to make it
re-read the file.
--- 658,664 ----
when the main server process receives a
SIGHUPSIGHUP
signal. If you edit the file on an
! active system, you will need to signal the postmaster
(using pg_ctl reload or kill -HUP) to make it
re-read the file.
***************
*** 663,678 ****
A pg_ident.conf file that could be used in
conjunction with the pg_hba.conf file in is shown in . In this example setup, anyone
logged in to a machine on the 192.168 network that does not have the
! Unix user name bryanh, ann, or
robert would not be granted access. Unix user
robert would only be allowed access when he tries to
connect as PostgreSQL user bob, not
as robert or anyone else. ann would
only be allowed to connect as ann. User
bryanh would be allowed to connect as either
! bryanh himself or as guest1.
--- 667,682 ----
A pg_ident.conf file that could be used in
conjunction with the pg_hba.conf file in is shown in . In this example, anyone
logged in to a machine on the 192.168 network that does not have the
! operating system user name bryanh, ann, or
robert would not be granted access. Unix user
robert would only be allowed access when he tries to
connect as PostgreSQL user bob, not
as robert or anyone else. ann would
only be allowed to connect as ann. User
bryanh would be allowed to connect as either
! bryanh or as guest1.
***************
*** 759,765 ****
The password-based authentication methods are md5
and password. These methods operate
similarly except for the way that the password is sent across the
! connection: respectively, MD5-hashed and clear-text.
--- 763,769 ----
The password-based authentication methods are md5
and password. These methods operate
similarly except for the way that the password is sent across the
! connection, i.e. respectively, MD5-hashed and clear-text.
***************
*** 780,787 ****
catalog. Passwords can be managed with the SQL commands
and
,
! e.g., CREATE USER foo WITH PASSWORD 'secret';.
! By default, that is, if no password has been set up, the stored password
is null and password authentication will always fail for that user.
--- 784,791 ----
catalog. Passwords can be managed with the SQL commands
and
,
! e.g., CREATE USER foo WITH PASSWORD 'secret'.
! If no password has been set up for a user, the stored password
is null and password authentication will always fail for that user.
***************
*** 802,808 ****
authentication according to RFC 1964. GSSAPI
provides automatic authentication (single sign-on) for systems
that support it. The authentication itself is secure, but the
! data sent over the database connection will be in clear unless
SSL is used.
--- 806,812 ----
authentication according to RFC 1964. GSSAPI
provides automatic authentication (single sign-on) for systems
that support it. The authentication itself is secure, but the
! data sent over the database connection will be send unencrypted unless
SSL is used.
***************
*** 877,883 ****
When using Kerberos authentication,
SSPI works the same way
! GSSAPI does. See
for details.
--- 881,887 ----
When using Kerberos authentication,
SSPI works the same way
! GSSAPI does; see
for details.
***************
*** 941,947 ****
Kerberos is an industry-standard secure
authentication system suitable for distributed computing over a public
network. A description of the Kerberos system
! is far beyond the scope of this document; in full generality it can be
quite complex (yet powerful). The
Kerberos FAQ or
--- 945,951 ----
Kerberos is an industry-standard secure
authentication system suitable for distributed computing over a public
network. A description of the Kerberos system
! is beyond the scope of this document; in full generality it can be
quite complex (yet powerful). The
Kerberos FAQ or
***************
*** 973,980 ****
changed from the default postgres at build time using
./configure --with-krb-srvnam=whatever.
In most environments,
! this parameter never needs to be changed. However, to support multiple
! PostgreSQL installations on the same host it is necessary.
Some Kerberos implementations might also require a different service name,
such as Microsoft Active Directory which requires the service name
to be in uppercase (POSTGRES).
--- 977,985 ----
changed from the default postgres at build time using
./configure --with-krb-srvnam=whatever.
In most environments,
! this parameter never needs to be changed. However, it is necessary
! when supporting multiple PostgreSQL installations
! on the same host.
Some Kerberos implementations might also require a different service name,
such as Microsoft Active Directory which requires the service name
to be in uppercase (POSTGRES).
***************
*** 1005,1011 ****
of the key file is specified by the configuration
parameter. The default is
! /usr/local/pgsql/etc/krb5.keytab (or whichever
directory was specified as sysconfdir at build time).
--- 1010,1016 ----
of the key file is specified by the configuration
parameter. The default is
! /usr/local/pgsql/etc/krb5.keytab (or whatever
directory was specified as sysconfdir at build time).
***************
*** 1035,1041 ****
Apache web server, you can use
AuthType KerberosV5SaveCredentials with a
mod_perl script. This gives secure
! database access over the web, no extra passwords required.
--- 1040,1046 ----
Apache web server, you can use
AuthType KerberosV5SaveCredentials with a
mod_perl script. This gives secure
! database access over the web, with no additional passwords required.
***************
*** 1137,1149 ****
Since PostgreSQL knows both X and
Y when a physical connection is established, it
can interrogate the ident server on the host of the connecting
! client and could theoretically determine the operating system user
! for any given connection this way.
The drawback of this procedure is that it depends on the integrity
! of the client: if the client machine is untrusted or compromised
an attacker could run just about any program on port 113 and
return any user name he chooses. This authentication method is
therefore only appropriate for closed networks where each client
--- 1142,1154 ----
Since PostgreSQL knows both X and
Y when a physical connection is established, it
can interrogate the ident server on the host of the connecting
! client and can theoretically determine the operating system user
! for any given connection.
The drawback of this procedure is that it depends on the integrity
! of the client: if the client machine is untrusted or compromised,
an attacker could run just about any program on port 113 and
return any user name he chooses. This authentication method is
therefore only appropriate for closed networks where each client
***************
*** 1562,1568 ****
The server log might contain more information about an
authentication failure than is reported to the client. If you are
! confused about the reason for a failure, check the log.
--- 1567,1573 ----
The server log might contain more information about an
authentication failure than is reported to the client. If you are
! confused about the reason for a failure, check the server log.
Index: doc/src/sgml/config.sgml
===================================================================
RCS file: /cvsroot/pgsql/doc/src/sgml/config.sgml,v
retrieving revision 1.248
diff -c -c -r1.248 config.sgml
*** doc/src/sgml/config.sgml 1 Feb 2010 13:40:28 -0000 1.248
--- doc/src/sgml/config.sgml 3 Feb 2010 17:17:17 -0000
***************
*** 21,30 ****
All parameter names are case-insensitive. Every parameter takes a
value of one of five types: Boolean, integer, floating point,
! string or enum. Boolean values can be written as ON,
! OFF, TRUE,
! FALSE, YES,
! NO, 1, 0
(all case-insensitive) or any unambiguous prefix of these.
--- 21,30 ----
All parameter names are case-insensitive. Every parameter takes a
value of one of five types: Boolean, integer, floating point,
! string or enum. Boolean values can be written as on,
! off, true,
! false, yes,
! no, 1, 0
(all case-insensitive) or any unambiguous prefix of these.
***************
*** 66,73 ****
One parameter is specified per line. The equal sign between name and
value is optional. Whitespace is insignificant and blank lines are
! ignored. Hash marks (#) introduce comments
! anywhere. Parameter values that are not simple identifiers or
numbers must be single-quoted. To embed a single quote in a parameter
value, write either two quotes (preferred) or backslash-quote.
--- 66,73 ----
One parameter is specified per line. The equal sign between name and
value is optional. Whitespace is insignificant and blank lines are
! ignored. Hash marks (#) designate the rest of the
! line as a comment. Parameter values that are not simple identifiers or
numbers must be single-quoted. To embed a single quote in a parameter
value, write either two quotes (preferred) or backslash-quote.
***************
*** 155,163 ****
values for the parameter. Some parameters cannot be changed via
SET: for example, if they control behavior that
cannot be changed without restarting the entire
! PostgreSQL server. Also, some parameters can
! be modified via SET or ALTER by superusers,
! but not by ordinary users.
--- 155,163 ----
values for the parameter. Some parameters cannot be changed via
SET: for example, if they control behavior that
cannot be changed without restarting the entire
! PostgreSQL server. Also,
! some SET or ALTER parameter modifications
! require superuser permission.
***************
*** 329,335 ****
at all, in which case only Unix-domain sockets can be used to connect
to it.
The default value is localhost,
! which allows only local loopback connections to be
made. While client authentication () allows fine-grained control
over who can access the server, listen_addresses
--- 329,335 ----
at all, in which case only Unix-domain sockets can be used to connect
to it.
The default value is localhost,
! which allows only local TCP/IP loopback connections to be
made. While client authentication () allows fine-grained control
over who can access the server, listen_addresses
***************
*** 440,447 ****
server.) In combination with the parameter
unix_socket_permissions this can be used as
an additional access control mechanism for Unix-domain connections.
! By default this is the empty string, which selects the default
! group for the current user. This parameter can only be set at
server start.
--- 440,447 ----
server.) In combination with the parameter
unix_socket_permissions this can be used as
an additional access control mechanism for Unix-domain connections.
! By default this is the empty string, which uses the default
! group of the server user. This parameter can only be set at
server start.
***************
*** 457,463 ****
Sets the access permissions of the Unix-domain socket. Unix-domain
sockets use the usual Unix file system permission set.
The parameter value is expected to be a numeric mode
! specification in the form accepted by the
chmod and umask
system calls. (To use the customary octal format the number
must start with a 0 (zero).)
--- 457,463 ----
Sets the access permissions of the Unix-domain socket. Unix-domain
sockets use the usual Unix file system permission set.
The parameter value is expected to be a numeric mode
! specified in the format accepted by the
chmod and umask
system calls. (To use the customary octal format the number
must start with a 0 (zero).)
***************
*** 469,475 ****
0770 (only user and group, see also
unix_socket_group) and 0700
(only user). (Note that for a Unix-domain socket, only write
! permission matters and so there is no point in setting or revoking
read or execute permissions.)
--- 469,475 ----
0770 (only user and group, see also
unix_socket_group) and 0700
(only user). (Note that for a Unix-domain socket, only write
! permission matters, so there is no point in setting or revoking
read or execute permissions.)
***************
*** 581,587 ****
Maximum time to complete client authentication, in seconds. If a
would-be client has not completed the authentication protocol in
! this much time, the server breaks the connection. This prevents
hung clients from occupying a connection indefinitely.
The default is one minute (1m).
This parameter can only be set in the postgresql.conf
--- 581,587 ----
Maximum time to complete client authentication, in seconds. If a
would-be client has not completed the authentication protocol in
! this much time, the server closes the connection. This prevents
hung clients from occupying a connection indefinitely.
The default is one minute (1m).
This parameter can only be set in the postgresql.conf
***************
*** 707,714 ****
With this parameter enabled, you can still create ordinary global
users. Simply append @ when specifying the user
! name in the client. The @ will be stripped off
! before the user name is looked up by the server.
--- 707,715 ----
With this parameter enabled, you can still create ordinary global
users. Simply append @ when specifying the user
! name in the client, e.g. joe@. The @
! will be stripped off before the user name is looked up by the
! server.
***************
*** 783,797 ****
session. These are session-local buffers used only for access to
temporary tables. The default is eight megabytes
(8MB). The setting can be changed within individual
! sessions, but only up until the first use of temporary tables
! within a session; subsequent attempts to change the value will
have no effect on that session.
A session will allocate temporary buffers as needed up to the limit
given by temp_buffers. The cost of setting a large
! value in sessions that do not actually need a lot of temporary
buffers is only a buffer descriptor, or about 64 bytes, per
increment in temp_buffers. However if a buffer is
actually used an additional 8192 bytes will be consumed for it
--- 784,798 ----
session. These are session-local buffers used only for access to
temporary tables. The default is eight megabytes
(8MB). The setting can be changed within individual
! sessions, but only before the first use of temporary tables
! within the session; subsequent attempts to change the value will
have no effect on that session.
A session will allocate temporary buffers as needed up to the limit
given by temp_buffers. The cost of setting a large
! value in sessions that do not actually need many temporary
buffers is only a buffer descriptor, or about 64 bytes, per
increment in temp_buffers. However if a buffer is
actually used an additional 8192 bytes will be consumed for it
***************
*** 849,861 ****
Specifies the amount of memory to be used by internal sort operations
! and hash tables before switching to temporary disk files. The value
defaults to one megabyte (1MB).
Note that for a complex query, several sort or hash operations might be
! running in parallel; each one will be allowed to use as much memory
! as this value specifies before it starts to put data into temporary
files. Also, several running sessions could be doing such operations
! concurrently. So the total memory used could be many
times the value of work_mem; it is necessary to
keep this fact in mind when choosing the value. Sort operations are
used for ORDER BY, DISTINCT, and
--- 850,862 ----
Specifies the amount of memory to be used by internal sort operations
! and hash tables before writing to temporary disk files. The value
defaults to one megabyte (1MB).
Note that for a complex query, several sort or hash operations might be
! running in parallel; each operation will be allowed to use as much memory
! as this value specifies before it starts to write data into temporary
files. Also, several running sessions could be doing such operations
! concurrently. Therefore, the total memory used could be many
times the value of work_mem; it is necessary to
keep this fact in mind when choosing the value. Sort operations are
used for ORDER BY, DISTINCT, and
***************
*** 873,879 ****
! Specifies the maximum amount of memory to be used in maintenance
operations, such as VACUUM, CREATE
INDEX, and ALTER TABLE ADD FOREIGN KEY. It defaults
to 16 megabytes (16MB). Since only one of these
--- 874,880 ----
! Specifies the maximum amount of memory to be used by maintenance
operations, such as VACUUM, CREATE
INDEX, and ALTER TABLE ADD FOREIGN KEY. It defaults
to 16 megabytes (16MB). Since only one of these
***************
*** 916,924 ****
the actual kernel limit will mean that a runaway recursive function
can crash an individual backend process. On platforms where
PostgreSQL can determine the kernel limit,
! it will not let you set this variable to an unsafe value. However,
! not all platforms provide the information, so caution is recommended
! in selecting a value.
--- 917,925 ----
the actual kernel limit will mean that a runaway recursive function
can crash an individual backend process. On platforms where
PostgreSQL can determine the kernel limit,
! the server will not allow this variable to be set to an unsafe
! value. However, not all platforms provide the information,
! so caution is recommended in selecting a value.
***************
*** 942,948 ****
a safe per-process limit, you don't need to worry about this setting.
But on some platforms (notably, most BSD systems), the kernel will
allow individual processes to open many more files than the system
! can really support when a large number of processes all try to open
that many files. If you find yourself seeing Too many open
files failures, try reducing this setting.
This parameter can only be set at server start.
--- 943,949 ----
a safe per-process limit, you don't need to worry about this setting.
But on some platforms (notably, most BSD systems), the kernel will
allow individual processes to open many more files than the system
! can actually support if many processes all try to open
that many files. If you find yourself seeing Too many open
files failures, try reducing this setting.
This parameter can only be set at server start.
***************
*** 957,970 ****
! This variable specifies one or more shared libraries that are
! to be preloaded at server start. If more than one library is to be
! loaded, separate their names with commas. For example,
'$libdir/mylib' would cause
mylib.so (or on some platforms,
mylib.sl) to be preloaded from the installation's
standard library directory.
! This parameter can only be set at server start.
--- 958,971 ----
! This variable specifies one or more shared libraries
! to be preloaded at server start. For example,
'$libdir/mylib' would cause
mylib.so (or on some platforms,
mylib.sl) to be preloaded from the installation's
standard library directory.
! If more than one library is to be loaded, separate their names
! with commas. This parameter can only be set at server start.
***************
*** 1024,1038 ****
various I/O operations that are performed. When the accumulated
cost reaches a limit (specified by
vacuum_cost_limit), the process performing
! the operation will sleep for a while (specified by
! vacuum_cost_delay). Then it will reset the
counter and continue execution.
The intent of this feature is to allow administrators to reduce
the I/O impact of these commands on concurrent database
! activity. There are many situations in which it is not very
important that maintenance commands like
VACUUM and ANALYZE finish
quickly; however, it is usually very important that these
--- 1025,1039 ----
various I/O operations that are performed. When the accumulated
cost reaches a limit (specified by
vacuum_cost_limit), the process performing
! the operation will sleep for a short period of time, as specified by
! vacuum_cost_delay. Then it will reset the
counter and continue execution.
The intent of this feature is to allow administrators to reduce
the I/O impact of these commands on concurrent database
! activity. There are many situations where it is not
important that maintenance commands like
VACUUM and ANALYZE finish
quickly; however, it is usually very important that these
***************
*** 1156,1170 ****
There is a separate server
process called the background writer, whose function
! is to issue writes of dirty shared buffers. The intent is
! that server processes handling user queries should seldom or never have
! to wait for a write to occur, because the background writer will do it.
! However there is a net overall
! increase in I/O load, because a repeatedly-dirtied page might
! otherwise be written only once per checkpoint interval, but the
! background writer might write it several times in the same interval.
! The parameters discussed in this subsection can be used to
! tune the behavior for local needs.
--- 1157,1171 ----
There is a separate server
process called the background writer, whose function
! is to issue writes of dirty (new or modified) shared
! buffers. It writes shared buffers so server processes handling
! user queries seldom or never need to wait for a write to occur.
! However, the background writer does cause a net overall
! increase in I/O load, because while a repeatedly-dirtied page might
! otherwise be written only once per checkpoint interval, the
! background writer might write it several times as it is dirtied
! in the same interval. The parameters discussed in this subsection
! can be used to tune the behavior for local needs.
***************
*** 1329,1335 ****
allowed to do its best in buffering, ordering, and delaying
writes. This can result in significantly improved performance.
However, if the system crashes, the results of the last few
! committed transactions might be lost in part or whole. In the
worst case, unrecoverable data corruption might occur.
(Crashes of the database software itself are not
a risk factor here. Only an operating-system-level crash
--- 1330,1338 ----
allowed to do its best in buffering, ordering, and delaying
writes. This can result in significantly improved performance.
However, if the system crashes, the results of the last few
! committed transactions might be completely lost, or worse,
! might appear partially committed, leaving the database in an
! inconsistent state. In the
worst case, unrecoverable data corruption might occur.
(Crashes of the database software itself are not
a risk factor here. Only an operating-system-level crash
***************
*** 1357,1363 ****
! This parameter can only be set in the postgresql.conf
file or on the server command line.
If you turn this parameter off, also consider turning off
.
--- 1360,1366 ----
! fsync can only be set in the postgresql.conf
file or on the server command line.
If you turn this parameter off, also consider turning off
.
***************
*** 1409,1415 ****
Method used for forcing WAL updates out to disk.
If fsync is off then this setting is irrelevant,
! since updates will not be forced out at all.
Possible values are:
--- 1412,1418 ----
Method used for forcing WAL updates out to disk.
If fsync is off then this setting is irrelevant,
! since WAL file updates will not be forced out at all.
Possible values are:
***************
*** 1468,1475 ****
that contains a mix of old and new data. The row-level change data
normally stored in WAL will not be enough to completely restore
such a page during post-crash recovery. Storing the full page image
! guarantees that the page can be correctly restored, but at a price
! in increasing the amount of data that must be written to WAL.
(Because WAL replay always starts from a checkpoint, it is sufficient
to do this during the first change of each page after a checkpoint.
Therefore, one way to reduce the cost of full-page writes is to
--- 1471,1478 ----
that contains a mix of old and new data. The row-level change data
normally stored in WAL will not be enough to completely restore
such a page during post-crash recovery. Storing the full page image
! guarantees that the page can be correctly restored, but at the price
! of increasing the amount of data that must be written to WAL.
(Because WAL replay always starts from a checkpoint, it is sufficient
to do this during the first change of each page after a checkpoint.
Therefore, one way to reduce the cost of full-page writes is to
***************
*** 1483,1489 ****
fsync, though smaller. It might be safe to turn off
this parameter if you have hardware (such as a battery-backed disk
controller) or file-system software that reduces
! the risk of partial page writes to an acceptably low level (e.g., ReiserFS 4).
--- 1486,1492 ----
fsync, though smaller. It might be safe to turn off
this parameter if you have hardware (such as a battery-backed disk
controller) or file-system software that reduces
! the risk of partial page writes to an acceptably low level (e.g., ZFS).
***************
*** 1630,1637 ****
! Specifies the target length of checkpoints, as a fraction of
! the checkpoint interval. The default is 0.5.
This parameter can only be set in the postgresql.conf
file or on the server command line.
--- 1633,1640 ----
! Specifies the target of checkpoint completion, as a fraction of
! total time between checkpoints. The default is 0.5.
This parameter can only be set in the postgresql.conf
file or on the server command line.
***************
*** 1671,1677 ****
When archive_mode is enabled, completed WAL segments
! can be sent to archive storage by setting
.
archive_mode and archive_command are
separate variables so that archive_command can be
--- 1674,1680 ----
When archive_mode is enabled, completed WAL segments
! are sent to archive storage by setting
.
archive_mode and archive_command are
separate variables so that archive_command can be
***************
*** 1688,1697 ****
! The shell command to execute to archive a completed segment of
! the WAL file series. Any %p in the string is
replaced by the path name of the file to archive, and any
! %f is replaced by the file name only.
(The path name is relative to the working directory of the server,
i.e., the cluster's data directory.)
Use %% to embed an actual % character in the
--- 1691,1700 ----
! The shell command to execute to archive a completed WAL file
! segment. Any %p in the string is
replaced by the path name of the file to archive, and any
! %f is replaced by only the file name.
(The path name is relative to the working directory of the server,
i.e., the cluster's data directory.)
Use %% to embed an actual % character in the
***************
*** 1701,1709 ****
file or on the server command line. It is ignored unless
archive_mode was enabled at server start.
If archive_command is an empty string (the default) while
! archive_mode is enabled, then WAL archiving is temporarily
disabled, but the server continues to accumulate WAL segment files in
! the expectation that a command will soon be provided.
It is important for the command to return a zero exit status if
--- 1704,1716 ----
file or on the server command line. It is ignored unless
archive_mode was enabled at server start.
If archive_command is an empty string (the default) while
! archive_mode is enabled, WAL archiving is temporarily
disabled, but the server continues to accumulate WAL segment files in
! the expectation that a command will soon be provided. Setting
! archive_mode to a command that does nothing but
! return true, e.g. /bin/true, effectively disables
! archiving, but also breaks the chain of WAL files needed for
! archive recovery, so it should only be used in unusual circumstances.
It is important for the command to return a zero exit status if
***************
*** 1723,1733 ****
! The is only invoked on
completed WAL segments. Hence, if your server generates little WAL
traffic (or has slack periods where it does so), there could be a
long delay between the completion of a transaction and its safe
! recording in archive storage. To put a limit on how old unarchived
data can be, you can set archive_timeout to force the
server to switch to a new WAL segment file periodically. When this
parameter is greater than zero, the server will switch to a new
--- 1730,1740 ----
! The is only invoked for
completed WAL segments. Hence, if your server generates little WAL
traffic (or has slack periods where it does so), there could be a
long delay between the completion of a transaction and its safe
! recording in archive storage. To limit how old unarchived
data can be, you can set archive_timeout to force the
server to switch to a new WAL segment file periodically. When this
parameter is greater than zero, the server will switch to a new
***************
*** 1854,1869 ****
These configuration parameters provide a crude method of
influencing the query plans chosen by the query optimizer. If
the default plan chosen by the optimizer for a particular query
! is not optimal, a temporary solution can be found by using one
of these configuration parameters to force the optimizer to
! choose a different plan. Turning one of these settings off
! permanently is seldom a good idea, however.
Better ways to improve the quality of the
plans chosen by the optimizer include adjusting the , running more
! frequently, increasing the value of the configuration parameter,
and increasing the amount of statistics collected for
specific columns using ALTER TABLE SET
--- 1861,1875 ----
These configuration parameters provide a crude method of
influencing the query plans chosen by the query optimizer. If
the default plan chosen by the optimizer for a particular query
! is not optimal, a temporary solution is to use one
of these configuration parameters to force the optimizer to
! choose a different plan.
Better ways to improve the quality of the
plans chosen by the optimizer include adjusting the , running manually, increasing
! the value of the configuration parameter,
and increasing the amount of statistics collected for
specific columns using ALTER TABLE SET
***************
*** 1950,1956 ****
Enables or disables the query planner's use of nested-loop join
! plans. It's not possible to suppress nested-loop joins entirely,
but turning this variable off discourages the planner from using
one if there are other methods available. The default is
on.
--- 1956,1962 ----
Enables or disables the query planner's use of nested-loop join
! plans. It is impossible to suppress nested-loop joins entirely,
but turning this variable off discourages the planner from using
one if there are other methods available. The default is
on.
***************
*** 1969,1975 ****
Enables or disables the query planner's use of sequential scan
! plan types. It's not possible to suppress sequential scans
entirely, but turning this variable off discourages the planner
from using one if there are other methods available. The
default is on.
--- 1975,1981 ----
Enables or disables the query planner's use of sequential scan
! plan types. It is impossible to suppress sequential scans
entirely, but turning this variable off discourages the planner
from using one if there are other methods available. The
default is on.
***************
*** 1985,1991 ****
Enables or disables the query planner's use of explicit sort
! steps. It's not possible to suppress explicit sorts entirely,
but turning this variable off discourages the planner from
using one if there are other methods available. The default
is on.
--- 1991,1997 ----
Enables or disables the query planner's use of explicit sort
! steps. It is impossible to suppress explicit sorts entirely,
but turning this variable off discourages the planner from
using one if there are other methods available. The default
is on.
***************
*** 2017,2024 ****
The cost variables described in this section are measured
on an arbitrary scale. Only their relative values matter, hence
scaling them all up or down by the same factor will result in no change
! in the planner's choices. Traditionally, these variables have been
! referenced to sequential page fetches as the unit of cost; that is,
seq_page_cost is conventionally set to 1.0
and the other cost variables are set with reference to that. But
you can use a different scale if you prefer, such as actual execution
--- 2023,2030 ----
The cost variables described in this section are measured
on an arbitrary scale. Only their relative values matter, hence
scaling them all up or down by the same factor will result in no change
! in the planner's choices. By default, these cost variables are based on
! the cost of sequential page fetches; that is,
seq_page_cost is conventionally set to 1.0
and the other cost variables are set with reference to that. But
you can use a different scale if you prefer, such as actual execution
***************
*** 2029,2035 ****
Unfortunately, there is no well-defined method for determining ideal
values for the cost variables. They are best treated as averages over
! the entire mix of queries that a particular installation will get. This
means that changing them on the basis of just a few experiments is very
risky.
--- 2035,2041 ----
Unfortunately, there is no well-defined method for determining ideal
values for the cost variables. They are best treated as averages over
! the entire mix of queries that a particular installation will receive. This
means that changing them on the basis of just a few experiments is very
risky.
***************
*** 2193,2200 ****
Enables or disables genetic query optimization.
This is on by default. It is usually best not to turn it off in
! production; the geqo_threshold variable provides a
! more granular way to control use of GEQO.
--- 2199,2206 ----
Enables or disables genetic query optimization.
This is on by default. It is usually best not to turn it off in
! production; the geqo_threshold variable provides
! more granular control of GEQO.
***************
*** 2211,2217 ****
FULL OUTER JOIN construct counts as only one FROM
item.) The default is 12. For simpler queries it is usually best
to use the deterministic, exhaustive planner, but for queries with
! many tables the deterministic planner takes too long.
--- 2217,2224 ----
FULL OUTER JOIN construct counts as only one FROM
item.) The default is 12. For simpler queries it is usually best
to use the deterministic, exhaustive planner, but for queries with
! many tables the deterministic planner takes too long, often
! longer than the penalty of executing a suboptimal plan.
***************
*** 2320,2327 ****
! Sets the default statistics target for table columns that have
! not had a column-specific target set via ALTER TABLE
SET STATISTICS. Larger values increase the time needed to
do ANALYZE, but might improve the quality of the
planner's estimates. The default is 100. For more information
--- 2327,2334 ----
! Sets the default statistics target for table columns without
! a column-specific target set via ALTER TABLE
SET STATISTICS. Larger values increase the time needed to
do ANALYZE, but might improve the quality of the
planner's estimates. The default is 100. For more information
***************
*** 2349,2355 ****
partition (examine constraints only for inheritance child
tables and UNION ALL subqueries).
partition is the default setting.
!
When this parameter allows it for a particular table, the planner
--- 2356,2364 ----
partition (examine constraints only for inheritance child
tables and UNION ALL subqueries).
partition is the default setting.
! It is often used with inheritance and partitioned tables to
! improve performance.
!
When this parameter allows it for a particular table, the planner
***************
*** 2366,2374 ****
With constraint exclusion enabled, this SELECT
! will not scan child1000 at all. This can
! improve performance when inheritance is used to build
! partitioned tables.
--- 2375,2381 ----
With constraint exclusion enabled, this SELECT
! will not scan child1000 at all, improving performance.
***************
*** 2449,2456 ****
for most uses. Setting it to 1 prevents any reordering of
explicit JOINs. Thus, the explicit join order
specified in the query will be the actual order in which the
! relations are joined. The query planner does not always choose
! the optimal join order; advanced users can elect to
temporarily set this variable to 1, and then specify the join
order they desire explicitly.
For more information see .
--- 2456,2463 ----
for most uses. Setting it to 1 prevents any reordering of
explicit JOINs. Thus, the explicit join order
specified in the query will be the actual order in which the
! relations are joined. Because the query planner does not always choose
! the optimal join order, advanced users can elect to
temporarily set this variable to 1, and then specify the join
order they desire explicitly.
For more information see .
***************
*** 2505,2511 ****
If csvlog is included in log_destination,
log entries are output in comma separated
! value format, which is convenient for loading them into programs.
See for details.
logging_collector must be enabled to generate
CSV-format log output.
--- 2512,2519 ----
If csvlog is included in log_destination,
log entries are output in comma separated
! value (CSV) format, which is convenient for
! loading logs into programs.
See for details.
logging_collector must be enabled to generate
CSV-format log output.
***************
*** 2521,2527 ****
LOCAL0 through LOCAL7 (see ), but the default
syslog configuration on most platforms
! will discard all such messages. You will need to add something like
local0.* /var/log/postgresql
--- 2529,2535 ----
LOCAL0 through LOCAL7 (see ), but the default
syslog configuration on most platforms
! will discard all such messages. You will need to add something like:
local0.* /var/log/postgresql
***************
*** 2539,2547 ****
! This parameter allows messages sent to stderr,
! and CSV-format log output, to be
! captured and redirected into log files.
This approach is often more useful than
logging to syslog, since some types of messages
might not appear in syslog output (a common example
--- 2547,2554 ----
! This parameter captures plain and CSV-format log messages
! sent to stderr and redirects them into log files.
This approach is often more useful than
logging to syslog, since some types of messages
might not appear in syslog output (a common example
***************
*** 2832,2838 ****
Controls the amount of detail written in the server log for each
message that is logged. Valid values are TERSE,
DEFAULT, and VERBOSE, each adding more
! fields to displayed messages.
Only superusers can change this setting.
--- 2839,2849 ----
Controls the amount of detail written in the server log for each
message that is logged. Valid values are TERSE,
DEFAULT, and VERBOSE, each adding more
! fields to displayed messages. VERBOSE logging
! output includes the SQLSTATE error
! code and the source code file name, function name,
! and line number that generated the error.
Only superusers can change this setting.
***************
*** 2845,2852 ****
! Controls whether or not the SQL statement that causes an error
! condition will be recorded in the server log. The current
SQL statement is included in the log entry for any message of
the specified severity or higher.
Valid values are DEBUG5,
--- 2856,2863 ----
! Controls which SQL statements that cause an error
! condition are recorded in the server log. The current
SQL statement is included in the log entry for any message of
the specified severity or higher.
Valid values are DEBUG5,
***************
*** 3165,3171 ****
By default, connection log messages only show the IP address of the
! connecting host. Turning on this parameter causes logging of the
host name as well. Note that depending on your host name resolution
setup this might impose a non-negligible performance penalty.
This parameter can only be set in the postgresql.conf
--- 3176,3182 ----
By default, connection log messages only show the IP address of the
! connecting host. Turning this parameter on causes logging of the
host name as well. Note that depending on your host name resolution
setup this might impose a non-negligible performance penalty.
This parameter can only be set in the postgresql.conf
***************
*** 3312,3318 ****
If you set a nonempty value for log_line_prefix,
you should usually make its last character be a space, to provide
visual separation from the rest of the log line. A punctuation
! character could be used too.
--- 3323,3329 ----
If you set a nonempty value for log_line_prefix,
you should usually make its last character be a space, to provide
visual separation from the rest of the log line. A punctuation
! character can be used too.
***************
*** 3392,3402 ****
! Controls logging of use of temporary files.
Temporary files can be
created for sorts, hashes, and temporary query results.
A log entry is made for each temporary file when it is deleted.
! A value of zero logs all temporary files, while positive
values log only files whose size is greater than or equal to
the specified number of kilobytes. The
default setting is -1, which disables such logging.
--- 3403,3413 ----
! Controls logging of temporary file names and sizes.
Temporary files can be
created for sorts, hashes, and temporary query results.
A log entry is made for each temporary file when it is deleted.
! A value of zero logs all temporary file information, while positive
values log only files whose size is greater than or equal to
the specified number of kilobytes. The
default setting is -1, which disables such logging.
***************
*** 3415,3421 ****
Sets the time zone used for timestamps written in the log.
Unlike , this value is cluster-wide,
so that all sessions will report timestamps consistently.
! The default is unknown, which means to use whatever
the system environment specifies as the time zone. See for more information.
This parameter can only be set in the postgresql.conf
--- 3426,3432 ----
Sets the time zone used for timestamps written in the log.
Unlike , this value is cluster-wide,
so that all sessions will report timestamps consistently.
! The default is unknown, which means use whatever
the system environment specifies as the time zone. See for more information.
This parameter can only be set in the postgresql.conf
***************
*** 3432,3438 ****
Including csvlog in the log_destination list
provides a convenient way to import log files into a database table.
! This option emits log lines in comma-separated-value format,
with these columns:
timestamp with milliseconds,
user name,
--- 3443,3450 ----
Including csvlog in the log_destination list
provides a convenient way to import log files into a database table.
! This option emits log lines in comma-separated-values
! (CSV) format,
with these columns:
timestamp with milliseconds,
user name,
***************
*** 3503,3509 ****
There are a few things you need to do to simplify importing CSV log
! files easily and automatically:
--- 3515,3521 ----
There are a few things you need to do to simplify importing CSV log
! files:
***************
*** 3575,3585 ****
Enables the collection of information on the currently
! executing command of each session, along with the time at
! which that command began execution. This parameter is on by
default. Note that even when enabled, this information is not
visible to all users, only to superusers and the user owning
! the session being reported on; so it should not represent a
security risk.
Only superusers can change this setting.
--- 3587,3597 ----
Enables the collection of information on the currently
! executing command of each session, along with the time when
! that command began execution. This parameter is on by
default. Note that even when enabled, this information is not
visible to all users, only to superusers and the user owning
! the session being reported on, so it should not represent a
security risk.
Only superusers can change this setting.
***************
*** 3666,3673 ****
Sets the directory to store temporary statistics data in. This can be
a path relative to the data directory or an absolute path. The default
! is pg_stat_tmp. Pointing this at a RAM based
! filesystem will decrease physical I/O requirements and can lead to
improved performance.
This parameter can only be set in the postgresql.conf
file or on the server command line.
--- 3678,3685 ----
Sets the directory to store temporary statistics data in. This can be
a path relative to the data directory or an absolute path. The default
! is pg_stat_tmp. Pointing this at a RAM-based
! file system will decrease physical I/O requirements and can lead to
improved performance.
This parameter can only be set in the postgresql.conf
file or on the server command line.
***************
*** 3701,3709 ****
! For each query, write performance statistics of the respective
module to the server log. This is a crude profiling
! instrument. log_statement_stats reports total
statement statistics, while the others report per-module statistics.
log_statement_stats cannot be enabled together with
any of the per-module options. All of these options are disabled by
--- 3713,3722 ----
! For each query, output performance statistics of the respective
module to the server log. This is a crude profiling
! instrument, similar to the Unix getrusage() operating
! system facility. log_statement_stats reports total
statement statistics, while the others report per-module statistics.
log_statement_stats cannot be enabled together with
any of the per-module options. All of these options are disabled by
***************
*** 3742,3748 ****
Controls whether the server should run the
autovacuum launcher daemon. This is on by default; however,
! must also be turned on for
autovacuum to work.
This parameter can only be set in the postgresql.conf
file or on the server command line.
--- 3755,3761 ----
Controls whether the server should run the
autovacuum launcher daemon. This is on by default; however,
! must also be enabled for
autovacuum to work.
This parameter can only be set in the postgresql.conf
file or on the server command line.
***************
*** 3800,3806 ****
database. In each round the daemon examines the
database and issues VACUUM and ANALYZE commands
as needed for tables in that database. The delay is measured
! in seconds, and the default is one minute (1m).
This parameter can only be set in the postgresql.conf
file or on the server command line.
--- 3813,3819 ----
database. In each round the daemon examines the
database and issues VACUUM and ANALYZE commands
as needed for tables in that database. The delay is measured
! in seconds, and the default is one minute (1min).
This parameter can only be set in the postgresql.conf
file or on the server command line.
***************
*** 3965,3971 ****
This variable specifies the order in which schemas are searched
when an object (table, data type, function, etc.) is referenced by a
! simple name with no schema component. When there are objects of
identical names in different schemas, the one found first
in the search path is used. An object that is not in any of the
schemas in the search path can only be referenced by specifying
--- 3978,3984 ----
This variable specifies the order in which schemas are searched
when an object (table, data type, function, etc.) is referenced by a
! simple name with no schema specified. When there are objects of
identical names in different schemas, the one found first
in the search path is used. An object that is not in any of the
schemas in the search path can only be referenced by specifying
***************
*** 3973,3979 ****
! The value for search_path has to be a comma-separated
list of schema names. If one of the list items is
the special value $user, then the schema
having the name returned by SESSION_USER is substituted, if there
--- 3986,3992 ----
! The value for search_path must be a comma-separated
list of schema names. If one of the list items is
the special value $user, then the schema
having the name returned by SESSION_USER is substituted, if there
***************
*** 3993,4001 ****
pg_temp_nnn, is always searched if it
exists. It can be explicitly listed in the path by using the
alias pg_temp. If it is not listed in the path then
! it is searched first (before even pg_catalog). However,
the temporary schema is only searched for relation (table, view,
! sequence, etc) and data type names. It will never be searched for
function or operator names.
--- 4006,4014 ----
pg_temp_nnn, is always searched if it
exists. It can be explicitly listed in the path by using the
alias pg_temp. If it is not listed in the path then
! it is searched first (even before pg_catalog). However,
the temporary schema is only searched for relation (table, view,
! sequence, etc) and data type names. It is never searched for
function or operator names.
***************
*** 4022,4028 ****
via the SQL function
current_schemas(). This is not quite the same as
examining the value of search_path, since
! current_schemas() shows how the requests
appearing in search_path were resolved.
--- 4035,4041 ----
via the SQL function
current_schemas(). This is not quite the same as
examining the value of search_path, since
! current_schemas() shows how the items
appearing in search_path were resolved.
***************
*** 4075,4085 ****
tablespacetemporary
! This variable specifies tablespace(s) in which to create temporary
objects (temp tables and indexes on temp tables) when a
CREATE command does not explicitly specify a tablespace.
Temporary files for purposes such as sorting large data sets
! are also created in these tablespace(s).
--- 4088,4098 ----
tablespacetemporary
! This variable specifies tablespaces in which to create temporary
objects (temp tables and indexes on temp tables) when a
CREATE command does not explicitly specify a tablespace.
Temporary files for purposes such as sorting large data sets
! are also created in these tablespaces.
***************
*** 4210,4217 ****
milliseconds, starting from the time the command arrives at the server
from the client. If log_min_error_statement is set to
ERROR or lower, the statement that timed out will also be
! logged. A value of zero (the default) turns off the
! limitation.
--- 4223,4229 ----
milliseconds, starting from the time the command arrives at the server
from the client. If log_min_error_statement is set to
ERROR or lower, the statement that timed out will also be
! logged. A value of zero (the default) turns this off.
***************
*** 4527,4533 ****
Only superusers can change this setting, because it affects the
! messages sent to the server log as well as to the client.
--- 4539,4547 ----
Only superusers can change this setting, because it affects the
! messages sent to the server log as well as to the client, and
! an improper value might obscure the readability of the server
! logs.
***************
*** 4631,4642 ****
! The value for dynamic_library_path has to be a
list of absolute directory paths separated by colons (or semi-colons
on Windows). If a list element starts
with the special string $libdir, the
compiled-in PostgreSQL package
! library directory is substituted for $libdir. This
is where the modules provided by the standard
PostgreSQL distribution are installed.
(Use pg_config --pkglibdir to find out the name of
--- 4645,4656 ----
! The value for dynamic_library_path must be a
list of absolute directory paths separated by colons (or semi-colons
on Windows). If a list element starts
with the special string $libdir, the
compiled-in PostgreSQL package
! library directory is substituted for $libdir; this
is where the modules provided by the standard
PostgreSQL distribution are installed.
(Use pg_config --pkglibdir to find out the name of
***************
*** 4674,4680 ****
! Soft upper limit of the size of the set returned by GIN index. For more
information see .
--- 4688,4694 ----
! Soft upper limit of the size of the set returned by GIN index scans. For more
information see .
***************
*** 4711,4717 ****
! There is no performance advantage to loading a library at session
start rather than when it is first used. Rather, the intent of
this feature is to allow debugging or performance-measurement
libraries to be loaded into specific sessions without an explicit
--- 4725,4732 ----
! Unlike local_preload_libraries, there is no
! performance advantage to loading a library at session
start rather than when it is first used. Rather, the intent of
this feature is to allow debugging or performance-measurement
libraries to be loaded into specific sessions without an explicit
***************
*** 4761,4770 ****
This is the amount of time, in milliseconds, to wait on a lock
before checking to see if there is a deadlock condition. The
! check for deadlock is relatively slow, so the server doesn't run
it every time it waits for a lock. We optimistically assume
that deadlocks are not common in production applications and
! just wait on the lock for a while before starting the check for a
deadlock. Increasing this value reduces the amount of time
wasted in needless deadlock checks, but slows down reporting of
real deadlock errors. The default is one second (1s),
--- 4776,4785 ----
This is the amount of time, in milliseconds, to wait on a lock
before checking to see if there is a deadlock condition. The
! check for deadlock is relatively expensive, so the server doesn't run
it every time it waits for a lock. We optimistically assume
that deadlocks are not common in production applications and
! just wait on the lock for a while before checking for a
deadlock. Increasing this value reduces the amount of time
wasted in needless deadlock checks, but slows down reporting of
real deadlock errors. The default is one second (1s),
***************
*** 4792,4798 ****
! The shared lock table is created to track locks on
max_locks_per_transaction * ( + ) objects (e.g., tables);
--- 4807,4813 ----
! The shared lock table tracks locks on
max_locks_per_transaction * ( + ) objects (e.g., tables);
***************
*** 4889,4895 ****
Note that in a standard-conforming string literal, \ just
! means \ anyway. This parameter affects the handling of
non-standard-conforming literals, including
escape string syntax (E'...').
--- 4904,4910 ----
Note that in a standard-conforming string literal, \ just
! means \ anyway. This parameter only affects the handling of
non-standard-conforming literals, including
escape string syntax (E'...').
***************
*** 4908,4916 ****
newly-created tables, if neither WITH OIDS
nor WITHOUT OIDS is specified. It also
determines whether OIDs will be included in tables created by
! SELECT INTO. In PostgreSQL
! 8.1 default_with_oids is off by default; in
! prior versions of PostgreSQL, it
was on by default.
--- 4923,4930 ----
newly-created tables, if neither WITH OIDS
nor WITHOUT OIDS is specified. It also
determines whether OIDs will be included in tables created by
! SELECT INTO. The parameter is off
! by default; in PostgreSQL 8.0 and earlier, it
was on by default.
***************
*** 4983,4989 ****
This controls the inheritance semantics. If turned off,
! subtables are not included by various commands by default; basically
an implied ONLY key word. This was added for
compatibility with releases prior to 7.1. See
for more information.
--- 4997,5003 ----
This controls the inheritance semantics. If turned off,
! subtables are not accessed by various commands by default; basically
an implied ONLY key word. This was added for
compatibility with releases prior to 7.1. See
for more information.
***************
*** 5006,5017 ****
PostgreSQL to have its historical
behavior of treating backslashes as escape characters.
The default will change to on in a future release
! to improve compatibility with the standard.
Applications can check this
parameter to determine how string literals will be processed.
The presence of this parameter can also be taken as an indication
that the escape string syntax (E'...') is supported.
! Escape string syntax should be used if an application desires
backslashes to be treated as escape characters.
--- 5020,5032 ----
PostgreSQL to have its historical
behavior of treating backslashes as escape characters.
The default will change to on in a future release
! to improve compatibility with the SQL standard.
Applications can check this
parameter to determine how string literals will be processed.
The presence of this parameter can also be taken as an indication
that the escape string syntax (E'...') is supported.
! Escape string syntax ()
! should be used if an application desires
backslashes to be treated as escape characters.
***************
*** 5072,5082 ****
null values, so if you use that interface to access the database you
might want to turn this option on. Since expressions of the
form expr = NULL always
! return the null value (using the correct interpretation) they are not
! very useful and do not appear often in normal applications, so
this option does little harm in practice. But new users are
frequently confused about the semantics of expressions
! involving null values, so this option is not on by default.
--- 5087,5097 ----
null values, so if you use that interface to access the database you
might want to turn this option on. Since expressions of the
form expr = NULL always
! return the null value (using the SQL standard interpretation), they are not
! very useful and do not appear often in normal applications so
this option does little harm in practice. But new users are
frequently confused about the semantics of expressions
! involving null values, so this option is off by default.
***************
*** 5200,5206 ****
less than the value of NAMEDATALEN when building
the server. The default value of NAMEDATALEN is
64; therefore the default
! max_identifier_length is 63 bytes.
--- 5215,5222 ----
less than the value of NAMEDATALEN when building
the server. The default value of NAMEDATALEN is
64; therefore the default
! max_identifier_length is 63 bytes, which
! can be less than 63 characters when using multi-byte encodings.
***************
*** 5355,5362 ****
module for a specific class is loaded, it will add the proper variable
definitions for its class name, convert any placeholder
values according to those definitions, and issue warnings for any
! placeholders of its class that remain (which presumably would be
! misspelled configuration variables).
--- 5371,5377 ----
module for a specific class is loaded, it will add the proper variable
definitions for its class name, convert any placeholder
values according to those definitions, and issue warnings for any
! unrecognized placeholders of its class that remain.
***************
*** 5377,5385 ****
The following parameters are intended for work on the
! PostgreSQL source, and in some cases
to assist with recovery of severely damaged databases. There
! should be no reason to use them in a production database setup.
As such, they have been excluded from the sample
postgresql.conf file. Note that many of these
parameters require special source compilation flags to work at all.
--- 5392,5400 ----
The following parameters are intended for work on the
! PostgreSQL source code, and in some cases
to assist with recovery of severely damaged databases. There
! should be no reason to use them on a production database.
As such, they have been excluded from the sample
postgresql.conf file. Note that many of these
parameters require special source compilation flags to work at all.
***************
*** 5445,5451 ****
If nonzero, a delay of this many seconds occurs when a new
server process is started, after it conducts the
! authentication procedure. This is intended to give an
opportunity to attach to the server process with a debugger.
This parameter cannot be changed after session start.
--- 5460,5466 ----
If nonzero, a delay of this many seconds occurs when a new
server process is started, after it conducts the
! authentication procedure. This is intended to give developers an
opportunity to attach to the server process with a debugger.
This parameter cannot be changed after session start.
***************
*** 5461,5467 ****
If nonzero, a delay of this many seconds occurs just after a
new server process is forked, before it conducts the
! authentication procedure. This is intended to give an
opportunity to attach to the server process with a debugger to
trace down misbehavior in authentication.
This parameter can only be set in the postgresql.conf
--- 5476,5482 ----
If nonzero, a delay of this many seconds occurs just after a
new server process is forked, before it conducts the
! authentication procedure. This is intended to give developers an
opportunity to attach to the server process with a debugger to
trace down misbehavior in authentication.
This parameter can only be set in the postgresql.conf
***************
*** 5482,5488 ****
commands. or
must be
DEBUG1 or lower to send this output to the
! client or server log, respectively.
--- 5497,5503 ----
commands. or
must be
DEBUG1 or lower to send this output to the
! client or server logs, respectively.
***************
*** 5719,5727 ****
namely all the rows on the damaged page. But it allows you to get
past the error and retrieve rows from any undamaged pages that might
be present in the table. So it is useful for recovering data if
! corruption has occurred due to hardware or software error. You should
generally not set this on until you have given up hope of recovering
! data from the damaged page(s) of a table. The
default setting is off, and it can only be changed
by a superuser.
--- 5734,5742 ----
namely all the rows on the damaged page. But it allows you to get
past the error and retrieve rows from any undamaged pages that might
be present in the table. So it is useful for recovering data if
! corruption has occurred due to a hardware or software error. You should
generally not set this on until you have given up hope of recovering
! data from the damaged pages of a table. The
default setting is off, and it can only be changed
by a superuser.
Index: doc/src/sgml/diskusage.sgml
===================================================================
RCS file: /cvsroot/pgsql/doc/src/sgml/diskusage.sgml,v
retrieving revision 1.18
diff -c -c -r1.18 diskusage.sgml
*** doc/src/sgml/diskusage.sgml 31 Jan 2007 20:56:16 -0000 1.18
--- doc/src/sgml/diskusage.sgml 3 Feb 2010 17:17:17 -0000
***************
*** 18,27 ****
Each table has a primary heap disk file where most of the data is
stored. If the table has any columns with potentially-wide values,
! there is also a TOAST file associated with the table,
which is used to store values too wide to fit comfortably in the main
table (see ). There will be one index on the
! TOAST table, if present. There might also be indexes associated
with the base table. Each table and index is stored in a separate disk
file — possibly more than one file, if the file would exceed one
gigabyte. Naming conventions for these files are described in
Each table has a primary heap disk file where most of the data is
stored. If the table has any columns with potentially-wide values,
! there also might be a TOAST file associated with the table,
which is used to store values too wide to fit comfortably in the main
table (see ). There will be one index on the
! TOAST table, if present. There also might be indexes associated
with the base table. Each table and index is stored in a separate disk
file — possibly more than one file, if the file would exceed one
gigabyte. Naming conventions for these files are described in
! You can monitor disk space from three ways: using
SQL functions listed in ,
using VACUUM information, and from the command line
using the tools in contrib/oid2name. The SQL functions
--- 29,35 ----
! You can monitor disk space three ways: using
SQL functions listed in ,
using VACUUM information, and from the command line
using the tools in contrib/oid2name. The SQL functions
***************
*** 60,72 ****
like the following:
SELECT relname, relpages
! FROM pg_class,
! (SELECT reltoastrelid FROM pg_class
! WHERE relname = 'customer') ss
! WHERE oid = ss.reltoastrelid
! OR oid = (SELECT reltoastidxid FROM pg_class
! WHERE oid = ss.reltoastrelid)
! ORDER BY relname;
relname | relpages
----------------------+----------
--- 60,74 ----
like the following:
SELECT relname, relpages
! FROM pg_class,
! (SELECT reltoastrelid
! FROM pg_class
! WHERE relname = 'customer') AS ss
! WHERE oid = ss.reltoastrelid OR
! oid = (SELECT reltoastidxid
! FROM pg_class
! WHERE oid = ss.reltoastrelid)
! ORDER BY relname;
relname | relpages
----------------------+----------
***************
*** 79,89 ****
You can easily display index sizes, too:
SELECT c2.relname, c2.relpages
! FROM pg_class c, pg_class c2, pg_index i
! WHERE c.relname = 'customer'
! AND c.oid = i.indrelid
! AND c2.oid = i.indexrelid
! ORDER BY c2.relname;
relname | relpages
----------------------+----------
--- 81,91 ----
You can easily display index sizes, too:
SELECT c2.relname, c2.relpages
! FROM pg_class c, pg_class c2, pg_index i
! WHERE c.relname = 'customer' AND
! c.oid = i.indrelid AND
! c2.oid = i.indexrelid
! ORDER BY c2.relname;
relname | relpages
----------------------+----------
***************
*** 95,101 ****
It is easy to find your largest tables and indexes using this
information:
! SELECT relname, relpages FROM pg_class ORDER BY relpages DESC;
relname | relpages
----------------------+----------
--- 97,105 ----
It is easy to find your largest tables and indexes using this
information:
! SELECT relname, relpages
! FROM pg_class
! ORDER BY relpages DESC;
relname | relpages
----------------------+----------
***************
*** 105,113 ****
! You can also use contrib/oid2name to show disk usage. See
! README.oid2name in that directory for examples. It includes a script that
! shows disk usage for each database.
--- 109,116 ----
! You can also use contrib/oid2name to show disk usage; see
! for more details and examples.
***************
*** 116,122 ****
The most important disk monitoring task of a database administrator
! is to make sure the disk doesn't grow full. A filled data disk will
not result in data corruption, but it might prevent useful activity
from occurring. If the disk holding the WAL files grows full, database
server panic and consequent shutdown might occur.
--- 119,125 ----
The most important disk monitoring task of a database administrator
! is to make sure the disk doesn't become full. A filled data disk will
not result in data corruption, but it might prevent useful activity
from occurring. If the disk holding the WAL files grows full, database
server panic and consequent shutdown might occur.
***************
*** 140,146 ****
If your system supports per-user disk quotas, then the database
will naturally be subject to whatever quota is placed on the user
the server runs as. Exceeding the quota will have the same bad
! effects as running out of space entirely.
--- 143,149 ----
If your system supports per-user disk quotas, then the database
will naturally be subject to whatever quota is placed on the user
the server runs as. Exceeding the quota will have the same bad
! effects as running out of disk space entirely.
Index: doc/src/sgml/high-availability.sgml
===================================================================
RCS file: /cvsroot/pgsql/doc/src/sgml/high-availability.sgml,v
retrieving revision 1.36
diff -c -c -r1.36 high-availability.sgml
*** doc/src/sgml/high-availability.sgml 15 Jan 2010 09:18:59 -0000 1.36
--- doc/src/sgml/high-availability.sgml 3 Feb 2010 17:17:17 -0000
***************
*** 67,73 ****
Performance must be considered in any choice. There is usually a
trade-off between functionality and
! performance. For example, a full synchronous solution over a slow
network might cut performance by more than half, while an asynchronous
one might have a minimal performance impact.
--- 67,73 ----
Performance must be considered in any choice. There is usually a
trade-off between functionality and
! performance. For example, a fully synchronous solution over a slow
network might cut performance by more than half, while an asynchronous
one might have a minimal performance impact.
***************
*** 89,95 ****
Shared disk failover avoids synchronization overhead by having only one
copy of the database. It uses a single disk array that is shared by
multiple servers. If the main database server fails, the standby server
! is able to mount and start the database as though it was recovering from
a database crash. This allows rapid failover with no data loss.
--- 89,95 ----
Shared disk failover avoids synchronization overhead by having only one
copy of the database. It uses a single disk array that is shared by
multiple servers. If the main database server fails, the standby server
! is able to mount and start the database as though it were recovering from
a database crash. This allows rapid failover with no data loss.
***************
*** 149,155 ****
A PITR warm standby server can be kept more up-to-date using the
streaming replication feature built into PostgreSQL 8.5
! onwards.
--- 149,155 ----
A PITR warm standby server can be kept more up-to-date using the
streaming replication feature built into PostgreSQL 8.5
! onwards; see .
***************
*** 190,196 ****
If queries are simply broadcast unmodified, functions like
random(), CURRENT_TIMESTAMP, and
! sequences would have different values on different servers.
This is because each server operates independently, and because
SQL queries are broadcast (and not actual modified rows). If
this is unacceptable, either the middleware or the application
--- 190,196 ----
If queries are simply broadcast unmodified, functions like
random(), CURRENT_TIMESTAMP, and
! sequences can have different values on different servers.
This is because each server operates independently, and because
SQL queries are broadcast (and not actual modified rows). If
this is unacceptable, either the middleware or the application
Index: doc/src/sgml/install-win32.sgml
===================================================================
RCS file: /cvsroot/pgsql/doc/src/sgml/install-win32.sgml,v
retrieving revision 1.55
diff -c -c -r1.55 install-win32.sgml
*** doc/src/sgml/install-win32.sgml 12 Jan 2010 20:13:32 -0000 1.55
--- doc/src/sgml/install-win32.sgml 3 Feb 2010 17:17:17 -0000
***************
*** 388,394 ****
! To change the schedule used (default is the parallel), append it to the
command line like:
--- 388,394 ----
! To change the schedule used (default is parallel), append it to the
command line like:
***************
*** 544,552 ****
Normally you do not need to install any of the client files. You should
place the libpq.dll file in the same directory
as your applications executable file. Do not install
! libpq.dll into your Windows, System or System32
! directory unless absolutely necessary.
! If this file is installed using a setup program, it should
be installed with version checking using the
VERSIONINFO resource included in the file, to
ensure that a newer version of the library is not overwritten.
--- 544,553 ----
Normally you do not need to install any of the client files. You should
place the libpq.dll file in the same directory
as your applications executable file. Do not install
! libpq.dll into your Windows,
! System or System32 directory unless
! absolutely necessary.
! If this file is installed using a setup program, then it should
be installed with version checking using the
VERSIONINFO resource included in the file, to
ensure that a newer version of the library is not overwritten.
Index: doc/src/sgml/installation.sgml
===================================================================
RCS file: /cvsroot/pgsql/doc/src/sgml/installation.sgml,v
retrieving revision 1.340
diff -c -c -r1.340 installation.sgml
*** doc/src/sgml/installation.sgml 28 Jan 2010 23:59:52 -0000 1.340
--- doc/src/sgml/installation.sgml 3 Feb 2010 17:17:17 -0000
***************
*** 1106,1112 ****
a larger segment size. This can be helpful to reduce the number of
file descriptors consumed when working with very large tables.
But be careful not to select a value larger than is supported
! by your platform and the filesystem(s) you intend to use. Other
tools you might wish to use, such as tar, could
also set limits on the usable file size.
It is recommended, though not absolutely required, that this value
--- 1106,1112 ----
a larger segment size. This can be helpful to reduce the number of
file descriptors consumed when working with very large tables.
But be careful not to select a value larger than is supported
! by your platform and the file systems you intend to use. Other
tools you might wish to use, such as tar, could
also set limits on the usable file size.
It is recommended, though not absolutely required, that this value
Index: doc/src/sgml/maintenance.sgml
===================================================================
RCS file: /cvsroot/pgsql/doc/src/sgml/maintenance.sgml,v
retrieving revision 1.97
diff -c -c -r1.97 maintenance.sgml
*** doc/src/sgml/maintenance.sgml 16 Nov 2009 21:32:06 -0000 1.97
--- doc/src/sgml/maintenance.sgml 3 Feb 2010 17:17:17 -0000
***************
*** 17,29 ****
discussed here are required, but they
are repetitive in nature and can easily be automated using standard
tools such as cron scripts or
! Windows' Task Scheduler. But it is the database
administrator's responsibility to set up appropriate scripts, and to
check that they execute successfully.
! One obvious maintenance task is creation of backup copies of the data on a
regular schedule. Without a recent backup, you have no chance of recovery
after a catastrophe (disk failure, fire, mistakenly dropping a critical
table, etc.). The backup and recovery mechanisms available in
--- 17,29 ----
discussed here are required, but they
are repetitive in nature and can easily be automated using standard
tools such as cron scripts or
! Windows' Task Scheduler. It is the database
administrator's responsibility to set up appropriate scripts, and to
check that they execute successfully.
! One obvious maintenance task is the creation of backup copies of the data on a
regular schedule. Without a recent backup, you have no chance of recovery
after a catastrophe (disk failure, fire, mistakenly dropping a critical
table, etc.). The backup and recovery mechanisms available in
***************
*** 118,124 ****
the standard form of VACUUM can run in parallel with production
database operations. (Commands such as SELECT,
INSERT, UPDATE, and
! DELETE will continue to function as normal, though you
will not be able to modify the definition of a table with commands such as
ALTER TABLE while it is being vacuumed.)
VACUUM FULL requires exclusive lock on the table it is
--- 118,124 ----
the standard form of VACUUM can run in parallel with production
database operations. (Commands such as SELECT,
INSERT, UPDATE, and
! DELETE will continue to function normally, though you
will not be able to modify the definition of a table with commands such as
ALTER TABLE while it is being vacuumed.)
VACUUM FULL requires exclusive lock on the table it is
***************
*** 151,161 ****
UPDATE or DELETE of a row does not
immediately remove the old version of the row.
This approach is necessary to gain the benefits of multiversion
! concurrency control (see ): the row version
must not be deleted while it is still potentially visible to other
transactions. But eventually, an outdated or deleted row version is no
longer of interest to any transaction. The space it occupies must then be
! reclaimed for reuse by new rows, to avoid infinite growth of disk
space requirements. This is done by running VACUUM.
--- 151,161 ----
UPDATE or DELETE of a row does not
immediately remove the old version of the row.
This approach is necessary to gain the benefits of multiversion
! concurrency control (MVCC, see ): the row version
must not be deleted while it is still potentially visible to other
transactions. But eventually, an outdated or deleted row version is no
longer of interest to any transaction. The space it occupies must then be
! reclaimed for reuse by new rows, to avoid unbounded growth of disk
space requirements. This is done by running VACUUM.
***************
*** 309,322 ****
statistics more frequently than others if your application requires it.
In practice, however, it is usually best to just analyze the entire
database, because it is a fast operation. ANALYZE uses a
! statistical random sampling of the rows of a table rather than reading
every single row.
Although per-column tweaking of ANALYZE frequency might not be
! very productive, you might well find it worthwhile to do per-column
adjustment of the level of detail of the statistics collected by
ANALYZE. Columns that are heavily used in WHERE
clauses and have highly irregular data distributions might require a
--- 309,322 ----
statistics more frequently than others if your application requires it.
In practice, however, it is usually best to just analyze the entire
database, because it is a fast operation. ANALYZE uses a
! statistically random sampling of the rows of a table rather than reading
every single row.
Although per-column tweaking of ANALYZE frequency might not be
! very productive, you might find it worthwhile to do per-column
adjustment of the level of detail of the statistics collected by
ANALYZE. Columns that are heavily used in WHERE
clauses and have highly irregular data distributions might require a
***************
*** 341,351 ****
numbers: a row version with an insertion XID greater than the current
transaction's XID is in the future and should not be visible
to the current transaction. But since transaction IDs have limited size
! (32 bits at this writing) a cluster that runs for a long time (more
than 4 billion transactions) would suffer transaction ID
wraparound: the XID counter wraps around to zero, and all of a sudden
transactions that were in the past appear to be in the future — which
! means their outputs become invisible. In short, catastrophic data loss.
(Actually the data is still there, but that's cold comfort if you cannot
get at it.) To avoid this, it is necessary to vacuum every table
in every database at least once every two billion transactions.
--- 341,351 ----
numbers: a row version with an insertion XID greater than the current
transaction's XID is in the future and should not be visible
to the current transaction. But since transaction IDs have limited size
! (32 bits) a cluster that runs for a long time (more
than 4 billion transactions) would suffer transaction ID
wraparound: the XID counter wraps around to zero, and all of a sudden
transactions that were in the past appear to be in the future — which
! means their output become invisible. In short, catastrophic data loss.
(Actually the data is still there, but that's cold comfort if you cannot
get at it.) To avoid this, it is necessary to vacuum every table
in every database at least once every two billion transactions.
***************
*** 353,360 ****
The reason that periodic vacuuming solves the problem is that
! PostgreSQL distinguishes a special XID
! FrozenXID. This XID is always considered older
than every normal XID. Normal XIDs are
compared using modulo-231 arithmetic. This means
that for every normal XID, there are two billion XIDs that are
--- 353,361 ----
The reason that periodic vacuuming solves the problem is that
! PostgreSQL reserves a special XID
! as FrozenXID. This XID does not follow the normal XID
! comparison rules and is always considered older
than every normal XID. Normal XIDs are
compared using modulo-231 arithmetic. This means
that for every normal XID, there are two billion XIDs that are
***************
*** 365,376 ****
the next two billion transactions, no matter which normal XID we are
talking about. If the row version still exists after more than two billion
transactions, it will suddenly appear to be in the future. To
! prevent data loss, old row versions must be reassigned the XID
FrozenXID sometime before they reach the
two-billion-transactions-old mark. Once they are assigned this
special XID, they will appear to be in the past to all
normal transactions regardless of wraparound issues, and so such
! row versions will be good until deleted, no matter how long that is.
This reassignment of old XIDs is handled by VACUUM.
--- 366,377 ----
the next two billion transactions, no matter which normal XID we are
talking about. If the row version still exists after more than two billion
transactions, it will suddenly appear to be in the future. To
! prevent this, old row versions must be reassigned the XID
FrozenXID sometime before they reach the
two-billion-transactions-old mark. Once they are assigned this
special XID, they will appear to be in the past to all
normal transactions regardless of wraparound issues, and so such
! row versions will be valid until deleted, no matter how long that is.
This reassignment of old XIDs is handled by VACUUM.
***************
*** 398,411 ****
The maximum time that a table can go unvacuumed is two billion
! transactions minus the vacuum_freeze_min_age that was used
! when VACUUM last scanned the whole table. If it were to go
unvacuumed for longer than
that, data loss could result. To ensure that this does not happen,
autovacuum is invoked on any table that might contain XIDs older than the
age specified by the configuration parameter . (This will happen even if
! autovacuum is otherwise disabled.)
--- 399,412 ----
The maximum time that a table can go unvacuumed is two billion
! transactions minus the vacuum_freeze_min_age value at
! the time VACUUM last scanned the whole table. If it were to go
unvacuumed for longer than
that, data loss could result. To ensure that this does not happen,
autovacuum is invoked on any table that might contain XIDs older than the
age specified by the configuration parameter . (This will happen even if
! autovacuum is disabled.)
***************
*** 416,425 ****
For tables that are regularly vacuumed for space reclamation purposes,
this is of little importance. However, for static tables
(including tables that receive inserts, but no updates or deletes),
! there is no need for vacuuming for space reclamation, and so it can
be useful to try to maximize the interval between forced autovacuums
on very large static tables. Obviously one can do this either by
! increasing autovacuum_freeze_max_age or by decreasing
vacuum_freeze_min_age.
--- 417,426 ----
For tables that are regularly vacuumed for space reclamation purposes,
this is of little importance. However, for static tables
(including tables that receive inserts, but no updates or deletes),
! there is no need to vacuum for space reclamation, so it can
be useful to try to maximize the interval between forced autovacuums
on very large static tables. Obviously one can do this either by
! increasing autovacuum_freeze_max_age or decreasing
vacuum_freeze_min_age.
***************
*** 444,453 ****
The sole disadvantage of increasing autovacuum_freeze_max_age
(and vacuum_freeze_table_age along with it)
is that the pg_clog subdirectory of the database cluster
! will take more space, because it must store the commit status for all
transactions back to the autovacuum_freeze_max_age horizon.
The commit status uses two bits per transaction, so if
! autovacuum_freeze_max_age has its maximum allowed value of
a little less than two billion, pg_clog can be expected to
grow to about half a gigabyte. If this is trivial compared to your
total database size, setting autovacuum_freeze_max_age to
--- 445,454 ----
The sole disadvantage of increasing autovacuum_freeze_max_age
(and vacuum_freeze_table_age along with it)
is that the pg_clog subdirectory of the database cluster
! will take more space, because it must store the commit status of all
transactions back to the autovacuum_freeze_max_age horizon.
The commit status uses two bits per transaction, so if
! autovacuum_freeze_max_age is set to its maximum allowed value of
a little less than two billion, pg_clog can be expected to
grow to about half a gigabyte. If this is trivial compared to your
total database size, setting autovacuum_freeze_max_age to
***************
*** 530,536 ****
superuser, else it will fail to process system catalogs and thus not
be able to advance the database's datfrozenxid.)
If these warnings are
! ignored, the system will shut down and refuse to execute any new
transactions once there are fewer than 1 million transactions left
until wraparound:
--- 531,537 ----
superuser, else it will fail to process system catalogs and thus not
be able to advance the database's datfrozenxid.)
If these warnings are
! ignored, the system will shut down and refuse to start any new
transactions once there are fewer than 1 million transactions left
until wraparound:
***************
*** 592,605 ****
The setting limits how many
workers may be running at any time. If several large tables all become
eligible for vacuuming in a short amount of time, all autovacuum workers
! may become occupied with vacuuming those tables for a long period.
This would result
in other tables and databases not being vacuumed until a worker became
! available. There is not a limit on how many workers might be in a
single database, but workers do try to avoid repeating work that has
already been done by other workers. Note that the number of running
! workers does not count towards the nor
! the limits.
--- 593,606 ----
The setting limits how many
workers may be running at any time. If several large tables all become
eligible for vacuuming in a short amount of time, all autovacuum workers
! might become occupied with vacuuming those tables for a long period.
This would result
in other tables and databases not being vacuumed until a worker became
! available. There is no limit on how many workers might be in a
single database, but workers do try to avoid repeating work that has
already been done by other workers. Note that the number of running
! workers does not count towards or
! limits.
***************
*** 699,734 ****
! In PostgreSQL releases before 7.4, periodic reindexing
! was frequently necessary to avoid index bloat, due to lack of
! internal space reclamation in B-tree indexes. Any situation in which the
! range of index keys changed over time — for example, an index on
! timestamps in a table where old entries are eventually deleted —
! would result in bloat, because index pages for no-longer-needed portions
! of the key range were not reclaimed for re-use. Over time, the index size
! could become indefinitely much larger than the amount of useful data in it.
!
!
!
! In PostgreSQL 7.4 and later, index pages that have become
! completely empty are reclaimed for re-use. There is still a possibility
! for inefficient use of space: if all but a few index keys on a page have
! been deleted, the page remains allocated. So a usage pattern in which all
! but a few keys in each range are eventually deleted will see poor use of
! space. For such usage patterns, periodic reindexing is recommended.
The potential for bloat in non-B-tree indexes has not been well
! characterized. It is a good idea to keep an eye on the index's physical
size when using any non-B-tree index type.
! Also, for B-tree indexes a freshly-constructed index is somewhat faster to
! access than one that has been updated many times, because logically
adjacent pages are usually also physically adjacent in a newly built index.
! (This consideration does not currently apply to non-B-tree indexes.) It
might be worthwhile to reindex periodically just to improve access speed.
--- 700,725 ----
! Index pages that have become
! completely empty are reclaimed for re-use. However, here is still the possibility
! of inefficient use of space: if all but a few index keys on a page have
! been deleted, the page remains allocated. Therefore, a usage
! pattern in which most, but not all, keys in each range are eventually
! deleted will see poor use of space. For such usage patterns,
! periodic reindexing is recommended.
The potential for bloat in non-B-tree indexes has not been well
! researched. It is a good idea to periodically monitor the index's physical
size when using any non-B-tree index type.
! Also, for B-tree indexes, a freshly-constructed index is slightly faster to
! access than one that has been updated many times because logically
adjacent pages are usually also physically adjacent in a newly built index.
! (This consideration does not apply to non-B-tree indexes.) It
might be worthwhile to reindex periodically just to improve access speed.
***************
*** 744,754 ****
It is a good idea to save the database server's log output
! somewhere, rather than just routing it to /dev/null.
! The log output is invaluable when it comes time to diagnose
problems. However, the log output tends to be voluminous
! (especially at higher debug levels) and you won't want to save it
! indefinitely. You need to rotate the log files so that
new log files are started and old ones removed after a reasonable
period of time.
--- 735,745 ----
It is a good idea to save the database server's log output
! somewhere, rather than just discarding it via /dev/null.
! The log output is invaluable when diagnosing
problems. However, the log output tends to be voluminous
! (especially at higher debug levels) so you won't want to save it
! indefinitely. You need to rotate the log files so that
new log files are started and old ones removed after a reasonable
period of time.
***************
*** 758,764 ****
postgres into a
file, you will have log output, but
the only way to truncate the log file is to stop and restart
! the server. This might be OK if you are using
PostgreSQL in a development environment,
but few production servers would find this behavior acceptable.
--- 749,755 ----
postgres into a
file, you will have log output, but
the only way to truncate the log file is to stop and restart
! the server. This might be acceptable if you are using
PostgreSQL in a development environment,
but few production servers would find this behavior acceptable.
***************
*** 766,782 ****
A better approach is to send the server's
stderr output to some type of log rotation program.
! There is a built-in log rotation program, which you can use by
setting the configuration parameter logging_collector to
true in postgresql.conf. The control
parameters for this program are described in . You can also use this approach
! to capture the log data in machine readable CSV format.
Alternatively, you might prefer to use an external log rotation
! program, if you have one that you are already using with other
server software. For example, the rotatelogs
tool included in the Apache distribution
can be used with PostgreSQL. To do this,
--- 757,774 ----
A better approach is to send the server's
stderr output to some type of log rotation program.
! There is a built-in log rotation facility, which you can use by
setting the configuration parameter logging_collector to
true in postgresql.conf. The control
parameters for this program are described in . You can also use this approach
! to capture the log data in machine readable CSV
! (comma-separated values) format.
Alternatively, you might prefer to use an external log rotation
! program if you have one that you are already using with other
server software. For example, the rotatelogs
tool included in the Apache distribution
can be used with PostgreSQL. To do this,
***************
*** 794,800 ****
Another production-grade approach to managing log output is to
! send it all to syslog and let
syslog deal with file rotation. To do this, set the
configuration parameter log_destination to syslog
(to log to syslog only) in
--- 786,792 ----
Another production-grade approach to managing log output is to
! send it to syslog and let
syslog deal with file rotation. To do this, set the
configuration parameter log_destination to syslog
(to log to syslog only) in
***************
*** 810,824 ****
On many systems, however, syslog is not very reliable,
particularly with large log messages; it might truncate or drop messages
just when you need them the most. Also, on Linux,
! syslog will sync each message to disk, yielding poor
! performance. (You can use a - at the start of the file name
in the syslog configuration file to disable syncing.)
Note that all the solutions described above take care of starting new
log files at configurable intervals, but they do not handle deletion
! of old, no-longer-interesting log files. You will probably want to set
up a batch job to periodically delete old log files. Another possibility
is to configure the rotation program so that old log files are overwritten
cyclically.
--- 802,816 ----
On many systems, however, syslog is not very reliable,
particularly with large log messages; it might truncate or drop messages
just when you need them the most. Also, on Linux,
! syslog will flush each message to disk, yielding poor
! performance. (You can use a - at the start of the file name
in the syslog configuration file to disable syncing.)
Note that all the solutions described above take care of starting new
log files at configurable intervals, but they do not handle deletion
! of old, no-longer-useful log files. You will probably want to set
up a batch job to periodically delete old log files. Another possibility
is to configure the rotation program so that old log files are overwritten
cyclically.
Index: doc/src/sgml/manage-ag.sgml
===================================================================
RCS file: /cvsroot/pgsql/doc/src/sgml/manage-ag.sgml,v
retrieving revision 2.60
diff -c -c -r2.60 manage-ag.sgml
*** doc/src/sgml/manage-ag.sgml 19 Dec 2009 01:49:02 -0000 2.60
--- doc/src/sgml/manage-ag.sgml 3 Feb 2010 17:17:17 -0000
***************
*** 25,31 ****
A database is a named collection of SQL objects
(database objects). Generally, every database
object (tables, functions, etc.) belongs to one and only one
! database. (But there are a few system catalogs, for example
pg_database, that belong to a whole cluster and
are accessible from each database within the cluster.) More
accurately, a database is a collection of schemas and the schemas
--- 25,31 ----
A database is a named collection of SQL objects
(database objects). Generally, every database
object (tables, functions, etc.) belongs to one and only one
! database. (However there are a few system catalogs, for example
pg_database, that belong to a whole cluster and
are accessible from each database within the cluster.) More
accurately, a database is a collection of schemas and the schemas
***************
*** 38,52 ****
When connecting to the database server, a client must specify in
its connection request the name of the database it wants to connect
to. It is not possible to access more than one database per
! connection. (But an application is not restricted in the number of
! connections it opens to the same or other databases.) Databases are
physically separated and access control is managed at the
connection level. If one PostgreSQL server
instance is to house projects or users that should be separate and
for the most part unaware of each other, it is therefore
recommendable to put them into separate databases. If the projects
or users are interrelated and should be able to use each other's
! resources they should be put in the same database, but possibly
into separate schemas. Schemas are a purely logical structure and who can
access what is managed by the privilege system. More information about
managing schemas is in .
--- 38,52 ----
When connecting to the database server, a client must specify in
its connection request the name of the database it wants to connect
to. It is not possible to access more than one database per
! connection. However, an application is not restricted in the number of
! connections it opens to the same or other databases. Databases are
physically separated and access control is managed at the
connection level. If one PostgreSQL server
instance is to house projects or users that should be separate and
for the most part unaware of each other, it is therefore
recommendable to put them into separate databases. If the projects
or users are interrelated and should be able to use each other's
! resources, they should be put in the same database but possibly
into separate schemas. Schemas are a purely logical structure and who can
access what is managed by the privilege system. More information about
managing schemas is in .
***************
*** 94,100 ****
where name follows the usual rules for
SQL identifiers. The current role automatically
becomes the owner of the new database. It is the privilege of the
! owner of a database to remove it later on (which also removes all
the objects in it, even if they have a different owner).
--- 94,100 ----
where name follows the usual rules for
SQL identifiers. The current role automatically
becomes the owner of the new database. It is the privilege of the
! owner of a database to remove it later (which also removes all
the objects in it, even if they have a different owner).
***************
*** 123,136 ****
new database is created within the
cluster, template1 is essentially cloned.
This means that any changes you make in template1 are
! propagated to all subsequently created databases. Therefore it is
! unwise to use template1 for real work, but when
! used judiciously this feature can be convenient. More details
appear in .
! As a convenience, there is a program that you can
execute from the shell to create new databases,
createdb.createdb
--- 123,136 ----
new database is created within the
cluster, template1 is essentially cloned.
This means that any changes you make in template1 are
! propagated to all subsequently created databases. Because of this,
! avoid creating objects in template1 unless you want them
! propagated to every newly created database. More details
appear in .
! As a convenience, there is a program you can
execute from the shell to create new databases,
createdb.createdb
***************
*** 143,150 ****
exactly as described above.
The reference page contains the invocation
details. Note that createdb without any arguments will create
! a database with the current user name, which might or might not be what
! you want.
--- 143,149 ----
exactly as described above.
The reference page contains the invocation
details. Note that createdb without any arguments will create
! a database with the current user name.
***************
*** 155,162 ****
! Sometimes you want to create a database for someone else. That
! role should become the owner of the new database, so he can
configure and manage it himself. To achieve that, use one of the
following commands:
--- 154,161 ----
! Sometimes you want to create a database for someone else, and have him
! become the owner of the new database, so he can
configure and manage it himself. To achieve that, use one of the
following commands:
***************
*** 167,173 ****
createdb -O rolename dbname
from the shell.
! You must be a superuser to be allowed to create a database for
someone else (that is, for a role you are not a member of).
--- 166,172 ----
createdb -O rolename dbname
from the shell.
! Only the superuser is allowed to create a database for
someone else (that is, for a role you are not a member of).
***************
*** 186,192 ****
objects in databases. For example, if you install the procedural
language PL/Perl in template1, it will
automatically be available in user databases without any extra
! action being taken when those databases are made.
--- 185,191 ----
objects in databases. For example, if you install the procedural
language PL/Perl in template1, it will
automatically be available in user databases without any extra
! action being taken when those databases are created.
***************
*** 204,210 ****
template1. This is particularly handy when restoring a
pg_dump dump: the dump script should be restored in a
virgin database to ensure that one recreates the correct contents
! of the dumped database, without any conflicts with objects that
might have been added to template1 later on.
--- 203,209 ----
template1. This is particularly handy when restoring a
pg_dump dump: the dump script should be restored in a
virgin database to ensure that one recreates the correct contents
! of the dumped database, without conflicting with objects that
might have been added to template1 later on.
***************
*** 238,245 ****
The principal limitation is that no other sessions can be connected to
the source database while it is being copied. CREATE
DATABASE will fail if any other connection exists when it starts;
! otherwise, new connections to the source database are locked out
! until CREATE DATABASE completes.
--- 237,244 ----
The principal limitation is that no other sessions can be connected to
the source database while it is being copied. CREATE
DATABASE will fail if any other connection exists when it starts;
! during the copy operation, new connections to the source database
! are prevented.
***************
*** 251,259 ****
cloned by any user with CREATEDB privileges; if it is not set,
only superusers and the owner of the database can clone it.
If datallowconn is false, then no new connections
! to that database will be allowed (but existing sessions are not killed
simply by setting the flag false). The template0
! database is normally marked datallowconn = false to prevent modification of it.
Both template0 and template1
should always be marked with datistemplate = true.
--- 250,258 ----
cloned by any user with CREATEDB privileges; if it is not set,
only superusers and the owner of the database can clone it.
If datallowconn is false, then no new connections
! to that database will be allowed (but existing sessions are not terminated
simply by setting the flag false). The template0
! database is normally marked datallowconn = false to prevent its modification.
Both template0 and template1
should always be marked with datistemplate = true.
***************
*** 274,280 ****
The postgres database is also created when a database
cluster is initialized. This database is meant as a default database for
users and applications to connect to. It is simply a copy of
! template1 and can be dropped and recreated if required.
--- 273,279 ----
The postgres database is also created when a database
cluster is initialized. This database is meant as a default database for
users and applications to connect to. It is simply a copy of
! template1 and can be dropped and recreated if necessary.
***************
*** 294,300 ****
GEQO optimizer for a given database, you'd
ordinarily have to either disable it for all databases or make sure
that every connecting client is careful to issue SET geqo
! TO off;. To make this setting the default within a particular
database, you can execute the command:
ALTER DATABASE mydb SET geqo TO off;
--- 293,299 ----
GEQO optimizer for a given database, you'd
ordinarily have to either disable it for all databases or make sure
that every connecting client is careful to issue SET geqo
! TO off. To make this setting the default within a particular
database, you can execute the command:
ALTER DATABASE mydb SET geqo TO off;
***************
*** 306,312 ****
Note that users can still alter this setting during their sessions; it
will only be the default. To undo any such setting, use
ALTER DATABASE dbname RESET
! varname;.
--- 305,311 ----
Note that users can still alter this setting during their sessions; it
will only be the default. To undo any such setting, use
ALTER DATABASE dbname RESET
! varname.
***************
*** 387,393 ****
CREATE TABLESPACE fastspace LOCATION '/mnt/sda1/postgresql/data';
The location must be an existing, empty directory that is owned by
! the PostgreSQL system user. All objects subsequently
created within the tablespace will be stored in files underneath this
directory.
--- 386,392 ----
CREATE TABLESPACE fastspace LOCATION '/mnt/sda1/postgresql/data';
The location must be an existing, empty directory that is owned by
! the PostgreSQL operating system user. All objects subsequently
created within the tablespace will be stored in files underneath this
directory.
***************
*** 405,411 ****
Creation of the tablespace itself must be done as a database superuser,
! but after that you can allow ordinary database users to make use of it.
To do that, grant them the CREATE privilege on it.
--- 404,410 ----
Creation of the tablespace itself must be done as a database superuser,
! but after that you can allow ordinary database users to use it.
To do that, grant them the CREATE privilege on it.
***************
*** 500,507 ****
Although not recommended, it is possible to adjust the tablespace
layout by hand by redefining these links. Two warnings: do not do so
while the server is running; and after you restart the server,
! update the pg_tablespace catalog to show the new
! locations. (If you do not, pg_dump will continue to show
the old tablespace locations.)
--- 499,506 ----
Although not recommended, it is possible to adjust the tablespace
layout by hand by redefining these links. Two warnings: do not do so
while the server is running; and after you restart the server,
! update the pg_tablespace catalog with the new
! locations. (If you do not, pg_dump will continue to output
the old tablespace locations.)
Index: doc/src/sgml/monitoring.sgml
===================================================================
RCS file: /cvsroot/pgsql/doc/src/sgml/monitoring.sgml,v
retrieving revision 1.75
diff -c -c -r1.75 monitoring.sgml
*** doc/src/sgml/monitoring.sgml 28 Jan 2010 14:25:41 -0000 1.75
--- doc/src/sgml/monitoring.sgml 3 Feb 2010 17:17:17 -0000
***************
*** 43,49 ****
! On most platforms, PostgreSQL modifies its
command title as reported by ps, so that individual server
processes can readily be identified. A sample display is
--- 43,49 ----
! On most Unix platforms, PostgreSQL modifies its
command title as reported by ps, so that individual server
processes can readily be identified. A sample display is
***************
*** 61,67 ****
platforms, as do the details of what is shown. This example is from a
recent Linux system.) The first process listed here is the
master server process. The command arguments
! shown for it are the same ones given when it was launched. The next two
processes are background worker processes automatically launched by the
master process. (The stats collector process will not be present
if you have set
--- 61,67 ----
platforms, as do the details of what is shown. This example is from a
recent Linux system.) The first process listed here is the
master server process. The command arguments
! shown for it are the same ones used when it was launched. The next two
processes are background worker processes automatically launched by the
master process. (The stats collector process will not be present
if you have set
***************
*** 73,94 ****
postgres: user database host activity
! The user, database, and connection source host items remain the same for
the life of the client connection, but the activity indicator changes.
The activity can be idle (i.e., waiting for a client command),
idle in transaction (waiting for client inside a BEGIN block),
or a command type name such as SELECT. Also,
! waiting is attached if the server process is presently waiting
! on a lock held by another server process. In the above example we can infer
that process 1003 is waiting for process 1016 to complete its transaction and
! thereby release some lock or other.
If you have turned off then the
activity indicator is not updated; the process title is set only once
! when a new process is launched. On some platforms this saves a useful
! amount of per-command overhead, on others it's insignificant.
--- 73,94 ----
postgres: user database host activity
! The user, database, and (client) host items remain the same for
the life of the client connection, but the activity indicator changes.
The activity can be idle (i.e., waiting for a client command),
idle in transaction (waiting for client inside a BEGIN block),
or a command type name such as SELECT. Also,
! waiting is appended if the server process is presently waiting
! on a lock held by another session. In the above example we can infer
that process 1003 is waiting for process 1016 to complete its transaction and
! thereby release some lock.
If you have turned off then the
activity indicator is not updated; the process title is set only once
! when a new process is launched. On some platforms this saves a measurable
! amount of per-command overhead; on others it's insignificant.
***************
*** 118,132 ****
is a subsystem that supports collection and reporting of information about
server activity. Presently, the collector can count accesses to tables
and indexes in both disk-block and individual-row terms. It also tracks
! total numbers of rows in each table, and the last vacuum and analyze times
for each table. It can also count calls to user-defined functions and
the total time spent in each one.
! PostgreSQL also supports determining the exact
command currently being executed by other server processes. This is an
! independent facility that does not depend on the collector process.
--- 118,132 ----
is a subsystem that supports collection and reporting of information about
server activity. Presently, the collector can count accesses to tables
and indexes in both disk-block and individual-row terms. It also tracks
! the total number of rows in each table, and the last vacuum and analyze times
for each table. It can also count calls to user-defined functions and
the total time spent in each one.
! PostgreSQL also supports reporting of the exact
command currently being executed by other server processes. This is an
! facility independent of the collector process.
***************
*** 172,178 ****
When the postmaster shuts down, a permanent copy of the statistics
data is stored in the global subdirectory. For increased
performance, the parameter can
! be pointed at a RAM based filesystem, decreasing physical I/O requirements.
--- 172,178 ----
When the postmaster shuts down, a permanent copy of the statistics
data is stored in the global subdirectory. For increased
performance, the parameter can
! be pointed at a RAM-based file system, decreasing physical I/O requirements.
***************
*** 205,213 ****
any of these statistics, it first fetches the most recent report emitted by
the collector process and then continues to use this snapshot for all
statistical views and functions until the end of its current transaction.
! So the statistics will appear not to change as long as you continue the
current transaction. Similarly, information about the current queries of
! all processes is collected when any such information is first requested
within a transaction, and the same information will be displayed throughout
the transaction.
This is a feature, not a bug, because it allows you to perform several
--- 205,213 ----
any of these statistics, it first fetches the most recent report emitted by
the collector process and then continues to use this snapshot for all
statistical views and functions until the end of its current transaction.
! So the statistics will show static information as long as you continue the
current transaction. Similarly, information about the current queries of
! all sessions is collected when any such information is first requested
within a transaction, and the same information will be displayed throughout
the transaction.
This is a feature, not a bug, because it allows you to perform several
***************
*** 1603,1609 ****
SystemTap uses a different notation for trace scripts than DTrace does,
even though the underlying trace points are compatible. One point worth
noting is that at this writing, SystemTap scripts must reference probe
! names using double underlines in place of hyphens. This is expected to
be fixed in future SystemTap releases.
--- 1603,1609 ----
SystemTap uses a different notation for trace scripts than DTrace does,
even though the underlying trace points are compatible. One point worth
noting is that at this writing, SystemTap scripts must reference probe
! names using double underscores in place of hyphens. This is expected to
be fixed in future SystemTap releases.
Index: doc/src/sgml/regress.sgml
===================================================================
RCS file: /cvsroot/pgsql/doc/src/sgml/regress.sgml,v
retrieving revision 1.64
diff -c -c -r1.64 regress.sgml
*** doc/src/sgml/regress.sgml 7 Aug 2009 20:50:21 -0000 1.64
--- doc/src/sgml/regress.sgml 3 Feb 2010 17:17:17 -0000
***************
*** 26,42 ****
running server, or using a temporary installation within the build
tree. Furthermore, there is a parallel and a
sequential mode for running the tests. The
! sequential method runs each test script in turn, whereas the
parallel method starts up multiple server processes to run groups
of tests in parallel. Parallel testing gives confidence that
! interprocess communication and locking are working correctly. For
! historical reasons, the sequential test is usually run against an
! existing installation and the parallel method against a temporary
! installation, but there are no technical reasons for this.
! To run the regression tests after building but before installation,
type:
gmake check
--- 26,39 ----
running server, or using a temporary installation within the build
tree. Furthermore, there is a parallel and a
sequential mode for running the tests. The
! sequential method runs each test script alone, while the
parallel method starts up multiple server processes to run groups
of tests in parallel. Parallel testing gives confidence that
! interprocess communication and locking are working correctly.
! To run the parallel regression tests after building but before installation,
type:
gmake check
***************
*** 44,50 ****
in the top-level directory. (Or you can change to
src/test/regress and run the command there.)
This will first build several auxiliary files, such as
! some sample user-defined trigger functions, and then run the test driver
script. At the end you should see something like:
--- 41,47 ----
in the top-level directory. (Or you can change to
src/test/regress and run the command there.)
This will first build several auxiliary files, such as
! sample user-defined trigger functions, and then run the test driver
script. At the end you should see something like:
***************
*** 206,214 ****
If you run the tests against a server that was
initialized with a collation-order locale other than C, then
! there might be differences due to sort order and follow-up
failures. The regression test suite is set up to handle this
! problem by providing alternative result files that together are
known to handle a large number of locales.
--- 203,211 ----
If you run the tests against a server that was
initialized with a collation-order locale other than C, then
! there might be differences due to sort order and subsequent
failures. The regression test suite is set up to handle this
! problem by providing alternate result files that together are
known to handle a large number of locales.
***************
*** 270,276 ****
results involving mathematical functions of double
precision columns have been observed. The float8 and
geometry tests are particularly prone to small differences
! across platforms, or even with different compiler optimization options.
Human eyeball comparison is needed to determine the real
significance of these differences which are usually 10 places to
the right of the decimal point.
--- 267,273 ----
results involving mathematical functions of double
precision columns have been observed. The float8 and
geometry tests are particularly prone to small differences
! across platforms, or even with different compiler optimization setting.
Human eyeball comparison is needed to determine the real
significance of these differences which are usually 10 places to
the right of the decimal point.
***************
*** 298,307 ****
this is not, strictly speaking, a bug. Most of the regression test
scripts are not so pedantic as to use an ORDER BY for every single
SELECT, and so their result row orderings are not well-defined
! according to the letter of the SQL specification. In practice, since we are
looking at the same queries being executed on the same data by the same
! software, we usually get the same result ordering on all platforms, and
! so the lack of ORDER BY isn't a problem. Some queries do exhibit
cross-platform ordering differences, however. When testing against an
already-installed server, ordering differences can also be caused by
non-C locale settings or non-default parameter settings, such as custom values
--- 295,304 ----
this is not, strictly speaking, a bug. Most of the regression test
scripts are not so pedantic as to use an ORDER BY for every single
SELECT, and so their result row orderings are not well-defined
! according to the SQL specification. In practice, since we are
looking at the same queries being executed on the same data by the same
! software, we usually get the same result ordering on all platforms,
! so the lack of ORDER BY is not a problem. Some queries do exhibit
cross-platform ordering differences, however. When testing against an
already-installed server, ordering differences can also be caused by
non-C locale settings or non-default parameter settings, such as custom values
***************
*** 311,318 ****
Therefore, if you see an ordering difference, it's not something to
worry about, unless the query does have an ORDER BY that your
! result is violating. But please report it anyway, so that we can add an
! ORDER BY to that particular query and thereby eliminate the bogus
failure in future releases.
--- 308,315 ----
Therefore, if you see an ordering difference, it's not something to
worry about, unless the query does have an ORDER BY that your
! result is violating. However, please report it anyway, so that we can add an
! ORDER BY to that particular query to eliminate the bogus
failure in future releases.
***************
*** 364,370 ****
Since some of the tests inherently produce environment-dependent
! results, we have provided ways to specify alternative expected
result files. Each regression test can have several comparison files
showing possible results on different platforms. There are two
independent mechanisms for determining which comparison file is used
--- 361,367 ----
Since some of the tests inherently produce environment-dependent
! results, we have provided ways to specify alternate expected
result files. Each regression test can have several comparison files
showing possible results on different platforms. There are two
independent mechanisms for determining which comparison file is used
***************
*** 410,416 ****
float8:out:i.86-.*-openbsd=float8-small-is-zero.out
! which will trigger on any machine for which the output of
config.guess matches i.86-.*-openbsd.
Other lines
in resultmap select the variant comparison file for other
--- 407,413 ----
float8:out:i.86-.*-openbsd=float8-small-is-zero.out
! which will trigger on any machine where the output of
config.guess matches i.86-.*-openbsd.
Other lines
in resultmap select the variant comparison file for other
Index: doc/src/sgml/runtime.sgml
===================================================================
RCS file: /cvsroot/pgsql/doc/src/sgml/runtime.sgml,v
retrieving revision 1.430
diff -c -c -r1.430 runtime.sgml
*** doc/src/sgml/runtime.sgml 11 Jan 2010 18:39:32 -0000 1.430
--- doc/src/sgml/runtime.sgml 3 Feb 2010 17:17:17 -0000
***************
*** 16,22 ****
! As with any other server daemon that is accessible to the outside world,
it is advisable to run PostgreSQL under a
separate user account. This user account should only own the data
that is managed by the server, and should not be shared with other
--- 16,22 ----
! As with any server daemon that is accessible to the outside world,
it is advisable to run PostgreSQL under a
separate user account. This user account should only own the data
that is managed by the server, and should not be shared with other
***************
*** 146,152 ****
superuser Also, specify
The complete lack of these facilities is usually manifested by an
Illegal system call error upon server start. In
! that case there is no alternative but to reconfigure your
kernel. PostgreSQL won't work without them.
***************
*** 541,547 ****
When PostgreSQL exceeds one of the various hard
IPC limits, the server will refuse to start and
should leave an instructive error message describing the problem
! encountered and what to do about it. (See also .) The relevant kernel
parameters are named consistently across different systems; gives an overview. The methods to set
--- 541,547 ----
When PostgreSQL exceeds one of the various hard
IPC limits, the server will refuse to start and
should leave an instructive error message describing the problem
! and what to do about it. (See also .) The relevant kernel
parameters are named consistently across different systems; gives an overview. The methods to set
***************
*** 621,627 ****
SEMVMX
Maximum value of semaphore
! at least 1000 (The default is often 32767, don't change unless forced to)
--- 621,627 ----
SEMVMX
Maximum value of semaphore
! at least 1000 (The default is often 32767; do not change unless necessary)
***************
*** 633,639 ****
SHMMAX The most important
shared memory parameter is SHMMAX, the maximum size, in
bytes, of a shared memory segment. If you get an error message from
! shmget like Invalid argument, it is
likely that this limit has been exceeded. The size of the required
shared memory segment varies depending on several
PostgreSQL configuration parameters, as shown in
--- 633,639 ----
SHMMAX The most important
shared memory parameter is SHMMAX, the maximum size, in
bytes, of a shared memory segment. If you get an error message from
! shmget like Invalid argument, it is
likely that this limit has been exceeded. The size of the required
shared memory segment varies depending on several
PostgreSQL configuration parameters, as shown in
***************
*** 681,687 ****
least ceil((max_connections + autovacuum_max_workers) / 16).
Lowering the number
of allowed connections is a temporary workaround for failures,
! which are usually confusingly worded No space
left on device, from the function semget.
--- 681,687 ----
least ceil((max_connections + autovacuum_max_workers) / 16).
Lowering the number
of allowed connections is a temporary workaround for failures,
! which are usually confusingly worded No space
left on device, from the function semget.
***************
*** 706,713 ****
Various other settings related to semaphore undo, such as
! SEMMNU and SEMUME, are not of concern
! for PostgreSQL.
--- 706,713 ----
Various other settings related to semaphore undo, such as
! SEMMNU and SEMUME, do not affect
! PostgreSQL.
***************
*** 758,781 ****
-
- For those running 4.0 and earlier releases, use bpatch
- to find the sysptsize value in the current
- kernel. This is computed dynamically at boot time.
-
- $ bpatch -r sysptsize
- 0x9 = 9
-
- Next, add SYSPTSIZE as a hard-coded value in the
- kernel configuration file. Increase the value you found using
- bpatch. Add 1 for every additional 4 MB of
- shared memory you desire.
-
- options "SYSPTSIZE=16"
-
- sysptsize cannot be changed by sysctl.
-
-
Semaphores</>
<para>
--- 758,763 ----
***************
*** 837,845 ****
<literal>security.jail.sysvipc_allowed</>, <application>postmaster</>s
running in different jails should be run by different operating system
users. This improves security because it prevents non-root users
! from interfering with shared memory or semaphores in a different jail,
and it allows the PostgreSQL IPC cleanup code to function properly.
! (In FreeBSD 6.0 and later the IPC cleanup code doesn't properly detect
processes in other jails, preventing the running of postmasters on the
same port in different jails.)
</para>
--- 819,827 ----
<literal>security.jail.sysvipc_allowed</>, <application>postmaster</>s
running in different jails should be run by different operating system
users. This improves security because it prevents non-root users
! from interfering with shared memory or semaphores in different jails,
and it allows the PostgreSQL IPC cleanup code to function properly.
! (In FreeBSD 6.0 and later the IPC cleanup code does not properly detect
processes in other jails, preventing the running of postmasters on the
same port in different jails.)
</para>
***************
*** 863,869 ****
to be enabled when the kernel is compiled. (They are by
default.) The maximum size of shared memory is determined by
the option <varname>SHMMAXPGS</> (in pages). The following
! shows an example of how to set the various parameters
(<systemitem class="osname">OpenBSD</> uses <literal>option</> instead):
<programlisting>
options SYSVSHM
--- 845,852 ----
to be enabled when the kernel is compiled. (They are by
default.) The maximum size of shared memory is determined by
the option <varname>SHMMAXPGS</> (in pages). The following
! shows an example of how to set the various parameters on
! <systemitem class="osname">NetBSD</>
(<systemitem class="osname">OpenBSD</> uses <literal>option</> instead):
<programlisting>
options SYSVSHM
***************
*** 902,908 ****
<acronym>IPC</> parameters can be set in the <application>System
Administration Manager</> (<acronym>SAM</>) under
<menuchoice><guimenu>Kernel
! Configuration</><guimenuitem>Configurable Parameters</></>. Hit
<guibutton>Create A New Kernel</> when you're done.
</para>
</listitem>
--- 885,891 ----
<acronym>IPC</> parameters can be set in the <application>System
Administration Manager</> (<acronym>SAM</>) under
<menuchoice><guimenu>Kernel
! Configuration</><guimenuitem>Configurable Parameters</></>. Choose
<guibutton>Create A New Kernel</> when you're done.
</para>
</listitem>
***************
*** 926,933 ****
<prompt>$</prompt> <userinput>sysctl -w kernel.shmmax=134217728</userinput>
<prompt>$</prompt> <userinput>sysctl -w kernel.shmall=2097152</userinput>
</screen>
! In addition these settings can be saved between reboots in
! <filename>/etc/sysctl.conf</filename>.
</para>
<para>
--- 909,916 ----
<prompt>$</prompt> <userinput>sysctl -w kernel.shmmax=134217728</userinput>
<prompt>$</prompt> <userinput>sysctl -w kernel.shmall=2097152</userinput>
</screen>
! In addition these settings can be preserved between reboots in
! the file <filename>/etc/sysctl.conf</filename>.
</para>
<para>
***************
*** 964,970 ****
In OS X 10.3 and later, these commands have been moved to
<filename>/etc/rc</> and must be edited there. Note that
<filename>/etc/rc</> is usually overwritten by OS X updates (such as
! 10.3.6 to 10.3.7) so you should expect to have to redo your editing
after each update.
</para>
--- 947,953 ----
In OS X 10.3 and later, these commands have been moved to
<filename>/etc/rc</> and must be edited there. Note that
<filename>/etc/rc</> is usually overwritten by OS X updates (such as
! 10.3.6 to 10.3.7) so you should expect to have to redo your edits
after each update.
</para>
***************
*** 995,1001 ****
</para>
<para>
! In all OS X versions, you'll need to reboot to make changes in the
shared memory parameters take effect.
</para>
</listitem>
--- 978,984 ----
</para>
<para>
! In all OS X versions, you will need to reboot to have changes in the
shared memory parameters take effect.
</para>
</listitem>
***************
*** 1304,1314 ****
Some vendors' Linux 2.4 kernels are reported to have early versions
of the 2.6 overcommit <command>sysctl</command> parameter. However, setting
<literal>vm.overcommit_memory</> to 2
! on a kernel that does not have the relevant code will make
! things worse not better. It is recommended that you inspect
the actual kernel source code (see the function
<function>vm_enough_memory</> in the file <filename>mm/mmap.c</>)
! to verify what is supported in your copy before you try this in a 2.4
installation. The presence of the <filename>overcommit-accounting</>
documentation file should <emphasis>not</> be taken as evidence that the
feature is there. If in any doubt, consult a kernel expert or your
--- 1287,1297 ----
Some vendors' Linux 2.4 kernels are reported to have early versions
of the 2.6 overcommit <command>sysctl</command> parameter. However, setting
<literal>vm.overcommit_memory</> to 2
! on a 2.4 kernel that does not have the relevant code will make
! things worse, not better. It is recommended that you inspect
the actual kernel source code (see the function
<function>vm_enough_memory</> in the file <filename>mm/mmap.c</>)
! to verify what is supported in your kernel before you try this in a 2.4
installation. The presence of the <filename>overcommit-accounting</>
documentation file should <emphasis>not</> be taken as evidence that the
feature is there. If in any doubt, consult a kernel expert or your
***************
*** 1357,1363 ****
The server disallows new connections and sends all existing
server processes <systemitem>SIGTERM</systemitem>, which will cause them
to abort their current transactions and exit promptly. It then
! waits for the server processes to exit and finally shuts down.
If the server is in online backup mode, backup mode will be
terminated, rendering the backup useless.
</para>
--- 1340,1346 ----
The server disallows new connections and sends all existing
server processes <systemitem>SIGTERM</systemitem>, which will cause them
to abort their current transactions and exit promptly. It then
! waits for all server processes to exit and finally shuts down.
If the server is in online backup mode, backup mode will be
terminated, rendering the backup useless.
</para>
***************
*** 1428,1434 ****
<para>
While the server is running, it is not possible for a malicious user
to take the place of the normal database server. However, when the
! server is down it is possible for a local user to spoof the normal
server by starting their own server. The spoof server could read
passwords and queries sent by clients, but could not return any data
because the <varname>PGDATA</> directory would still be secure because
--- 1411,1417 ----
<para>
While the server is running, it is not possible for a malicious user
to take the place of the normal database server. However, when the
! server is down, it is possible for a local user to spoof the normal
server by starting their own server. The spoof server could read
passwords and queries sent by clients, but could not return any data
because the <varname>PGDATA</> directory would still be secure because
***************
*** 1489,1495 ****
the administrator cannot determine the actual password assigned
to the user. If MD5 encryption is used for client authentication,
the unencrypted password is never even temporarily present on the
! server because the client MD5 encrypts it before being sent
across the network.
</para>
</listitem>
--- 1472,1478 ----
the administrator cannot determine the actual password assigned
to the user. If MD5 encryption is used for client authentication,
the unencrypted password is never even temporarily present on the
! server because the client MD5-encrypts it before being sent
across the network.
</para>
</listitem>
***************
*** 1523,1533 ****
<listitem>
<para>
! On Linux, encryption can be layered on top of a file system mount
using a <quote>loopback device</quote>. This allows an entire
! file system partition be encrypted on disk, and decrypted by the
operating system. On FreeBSD, the equivalent facility is called
! GEOM Based Disk Encryption, or <acronym>gbde</acronym>.
</para>
<para>
--- 1506,1517 ----
<listitem>
<para>
! On Linux, encryption can be layered on top of a file system
using a <quote>loopback device</quote>. This allows an entire
! file system partition to be encrypted on disk, and decrypted by the
operating system. On FreeBSD, the equivalent facility is called
! GEOM Based Disk Encryption (<acronym>gbde</acronym>), and many
! other operating systems support this functionality, including Windows.
</para>
<para>
***************
*** 1550,1556 ****
<para>
The <literal>MD5</> authentication method double-encrypts the
password on the client before sending it to the server. It first
! MD5 encrypts it based on the user name, and then encrypts it
based on a random salt sent by the server when the database
connection was made. It is this double-encrypted value that is
sent over the network to the server. Double-encryption not only
--- 1534,1540 ----
<para>
The <literal>MD5</> authentication method double-encrypts the
password on the client before sending it to the server. It first
! MD5-encrypts it based on the user name, and then encrypts it
based on a random salt sent by the server when the database
connection was made. It is this double-encrypted value that is
sent over the network to the server. Double-encryption not only
***************
*** 1635,1641 ****
<productname>PostgreSQL</> server can be started with
<acronym>SSL</> enabled by setting the parameter
<xref linkend="guc-ssl"> to <literal>on</> in
! <filename>postgresql.conf</>. The server will listen for both standard
and <acronym>SSL</> connections on the same TCP port, and will negotiate
with any connecting client on whether to use <acronym>SSL</>. By
default, this is at the client's option; see <xref
--- 1619,1625 ----
<productname>PostgreSQL</> server can be started with
<acronym>SSL</> enabled by setting the parameter
<xref linkend="guc-ssl"> to <literal>on</> in
! <filename>postgresql.conf</>. The server will listen for both normal
and <acronym>SSL</> connections on the same TCP port, and will negotiate
with any connecting client on whether to use <acronym>SSL</>. By
default, this is at the client's option; see <xref
***************
*** 1750,1756 ****
<row>
<entry><filename>server.key</></entry>
<entry>server private key</entry>
! <entry>proves server certificate sent by owner; does not indicate
certificate owner is trustworthy</entry>
</row>
--- 1734,1740 ----
<row>
<entry><filename>server.key</></entry>
<entry>server private key</entry>
! <entry>proves server certificate was sent by the owner; it does not indicate
certificate owner is trustworthy</entry>
</row>
***************
*** 1828,1834 ****
</indexterm>
<para>
! One can use <application>SSH</application> to encrypt the network
connection between clients and a
<productname>PostgreSQL</productname> server. Done properly, this
provides an adequately secure network connection, even for non-SSL-capable
--- 1812,1818 ----
</indexterm>
<para>
! It is possible to use <application>SSH</application> to encrypt the network
connection between clients and a
<productname>PostgreSQL</productname> server. Done properly, this
provides an adequately secure network connection, even for non-SSL-capable
***************
*** 1845,1851 ****
ssh -L 63333:localhost:5432 joe@foo.com
</programlisting>
The first number in the <option>-L</option> argument, 63333, is the
! port number of your end of the tunnel; it can be chosen freely.
(IANA reserves ports 49152 through 65535 for private use.) The
second number, 5432, is the remote end of the tunnel: the port
number your server is using. The name or IP address between the
--- 1829,1835 ----
ssh -L 63333:localhost:5432 joe@foo.com
</programlisting>
The first number in the <option>-L</option> argument, 63333, is the
! port number of your end of the tunnel; it can be any unused port.
(IANA reserves ports 49152 through 65535 for private use.) The
second number, 5432, is the remote end of the tunnel: the port
number your server is using. The name or IP address between the
***************
*** 1873,1879 ****
In order for the
tunnel setup to succeed you must be allowed to connect via
<command>ssh</command> as <literal>joe@foo.com</literal>, just
! as if you had attempted to use <command>ssh</command> to set up a
terminal session.
</para>
--- 1857,1863 ----
In order for the
tunnel setup to succeed you must be allowed to connect via
<command>ssh</command> as <literal>joe@foo.com</literal>, just
! as if you had attempted to use <command>ssh</command> to create a
terminal session.
</para>
Index: doc/src/sgml/user-manag.sgml
===================================================================
RCS file: /cvsroot/pgsql/doc/src/sgml/user-manag.sgml,v
retrieving revision 1.41
diff -c -c -r1.41 user-manag.sgml
*** doc/src/sgml/user-manag.sgml 28 Oct 2008 12:10:42 -0000 1.41
--- doc/src/sgml/user-manag.sgml 3 Feb 2010 17:17:17 -0000
***************
*** 11,18 ****
tables) and can assign privileges on those objects to other roles to
control who has access to which objects. Furthermore, it is possible
to grant <firstterm>membership</> in a role to another role, thus
! allowing the member role use of privileges assigned to the role it is
! a member of.
</para>
<para>
--- 11,17 ----
tables) and can assign privileges on those objects to other roles to
control who has access to which objects. Furthermore, it is possible
to grant <firstterm>membership</> in a role to another role, thus
! allowing the member role to use privileges assigned to another role.
</para>
<para>
***************
*** 110,118 ****
</para>
<para>
! Every connection to the database server is made in the name of some
particular role, and this role determines the initial access privileges for
! commands issued on that connection.
The role name to use for a particular database
connection is indicated by the client that is initiating the
connection request in an application-specific fashion. For example,
--- 109,117 ----
</para>
<para>
! Every connection to the database server is made using the name of some
particular role, and this role determines the initial access privileges for
! commands issued in that connection.
The role name to use for a particular database
connection is indicated by the client that is initiating the
connection request in an application-specific fashion. For example,
***************
*** 129,139 ****
The set of database roles a given client connection can connect as
is determined by the client authentication setup, as explained in
<xref linkend="client-authentication">. (Thus, a client is not
! necessarily limited to connect as the role with the same name as
its operating system user, just as a person's login name
need not match her real name.) Since the role
identity determines the set of privileges available to a connected
! client, it is important to carefully configure this when setting up
a multiuser environment.
</para>
</sect1>
--- 128,138 ----
The set of database roles a given client connection can connect as
is determined by the client authentication setup, as explained in
<xref linkend="client-authentication">. (Thus, a client is not
! limited to connect as the role matching
its operating system user, just as a person's login name
need not match her real name.) Since the role
identity determines the set of privileges available to a connected
! client, it is important to carefully configure privileges when setting up
a multiuser environment.
</para>
</sect1>
***************
*** 152,158 ****
<para>
Only roles that have the <literal>LOGIN</> attribute can be used
as the initial role name for a database connection. A role with
! the <literal>LOGIN</> attribute can be considered the same thing
as a <quote>database user</>. To create a role with login privilege,
use either:
<programlisting>
--- 151,157 ----
<para>
Only roles that have the <literal>LOGIN</> attribute can be used
as the initial role name for a database connection. A role with
! the <literal>LOGIN</> attribute can be considered the same
as a <quote>database user</>. To create a role with login privilege,
use either:
<programlisting>
***************
*** 204,210 ****
other roles, too, as well as grant or revoke membership in them.
However, to create, alter, drop, or change membership of a
superuser role, superuser status is required;
! <literal>CREATEROLE</> is not sufficient for that.
</para>
</listitem>
</varlistentry>
--- 203,209 ----
other roles, too, as well as grant or revoke membership in them.
However, to create, alter, drop, or change membership of a
superuser role, superuser status is required;
! <literal>CREATEROLE</> is insufficient for that.
</para>
</listitem>
</varlistentry>
***************
*** 250,264 ****
want to disable index scans (hint: not a good idea) anytime you
connect, you can use:
<programlisting>
! ALTER ROLE myname SET enable_indexscan TO off;
</programlisting>
This will save the setting (but not set it immediately). In
subsequent connections by this role it will appear as though
! <literal>SET enable_indexscan TO off;</literal> had been executed
just before the session started.
You can still alter this setting during the session; it will only
be the default. To remove a role-specific default setting, use
! <literal>ALTER ROLE <replaceable>rolename</> RESET <replaceable>varname</>;</literal>.
Note that role-specific defaults attached to roles without
<literal>LOGIN</> privilege are fairly useless, since they will never
be invoked.
--- 249,263 ----
want to disable index scans (hint: not a good idea) anytime you
connect, you can use:
<programlisting>
! ALTER ROLE myname SET statement_timeout = '5min';
</programlisting>
This will save the setting (but not set it immediately). In
subsequent connections by this role it will appear as though
! <literal>SET statement_timeout = '5min'</literal> had been executed
just before the session started.
You can still alter this setting during the session; it will only
be the default. To remove a role-specific default setting, use
! <literal>ALTER ROLE <replaceable>rolename</> RESET <replaceable>varname</></literal>.
Note that role-specific defaults attached to roles without
<literal>LOGIN</> privilege are fairly useless, since they will never
be invoked.
***************
*** 381,395 ****
</para>
<para>
! The members of a role can use the privileges of the group role in two
ways. First, every member of a group can explicitly do
<xref linkend="sql-set-role" endterm="sql-set-role-title"> to
temporarily <quote>become</> the group role. In this state, the
database session has access to the privileges of the group role rather
than the original login role, and any database objects created are
considered owned by the group role not the login role. Second, member
! roles that have the <literal>INHERIT</> attribute automatically have use of
! privileges of roles they are members of. As an example, suppose we have
done:
<programlisting>
CREATE ROLE joe LOGIN INHERIT;
--- 380,395 ----
</para>
<para>
! The members of a group role can use the privileges of the role in two
ways. First, every member of a group can explicitly do
<xref linkend="sql-set-role" endterm="sql-set-role-title"> to
temporarily <quote>become</> the group role. In this state, the
database session has access to the privileges of the group role rather
than the original login role, and any database objects created are
considered owned by the group role not the login role. Second, member
! roles that have the <literal>INHERIT</> attribute automatically inherit the
! privileges of roles of which they are members, including their
! <literal>INHERIT</> attributes. As an example, suppose we have
done:
<programlisting>
CREATE ROLE joe LOGIN INHERIT;
***************
*** 454,460 ****
special privileges, but they are never inherited as ordinary privileges
on database objects are. You must actually <command>SET ROLE</> to a
specific role having one of these attributes in order to make use of
! the attribute. Continuing the above example, we might well choose to
grant <literal>CREATEDB</> and <literal>CREATEROLE</> to the
<literal>admin</> role. Then a session connecting as role <literal>joe</>
would not have these privileges immediately, only after doing
--- 454,460 ----
special privileges, but they are never inherited as ordinary privileges
on database objects are. You must actually <command>SET ROLE</> to a
specific role having one of these attributes in order to make use of
! the attribute. Continuing the above example, we might choose to
grant <literal>CREATEDB</> and <literal>CREATEROLE</> to the
<literal>admin</> role. Then a session connecting as role <literal>joe</>
would not have these privileges immediately, only after doing
***************
*** 478,484 ****
</sect1>
<sect1 id="perm-functions">
! <title>Functions and Triggers
Functions and triggers allow users to insert code into the backend
--- 478,484 ----
! Function and Trigger Security
Functions and triggers allow users to insert code into the backend
Index: doc/src/sgml/wal.sgml
===================================================================
RCS file: /cvsroot/pgsql/doc/src/sgml/wal.sgml,v
retrieving revision 1.60
diff -c -c -r1.60 wal.sgml
*** doc/src/sgml/wal.sgml 28 Nov 2009 16:21:31 -0000 1.60
--- doc/src/sgml/wal.sgml 3 Feb 2010 17:17:17 -0000
***************
*** 42,50 ****
Next, there might be a cache in the disk drive controller; this is
particularly common on RAID controller cards. Some of
! these caches are write-through, meaning writes are passed
! along to the drive as soon as they arrive. Others are
! write-back, meaning data is passed on to the drive at
some later time. Such caches can be a reliability hazard because the
memory in the disk controller cache is volatile, and will lose its
contents in a power failure. Better controller cards have
--- 42,50 ----
Next, there might be a cache in the disk drive controller; this is
particularly common on RAID controller cards. Some of
! these caches are write-through, meaning writes are sent
! to the drive as soon as they arrive. Others are
! write-back, meaning data is sent to the drive at
some later time. Such caches can be a reliability hazard because the
memory in the disk controller cache is volatile, and will lose its
contents in a power failure. Better controller cards have
***************
*** 61,67 ****
particularly likely to have write-back caches that will not survive a
power failure. To check write caching on Linux use
hdparm -I; it is enabled if there is a * next
! to Write cache. hdparm -W to turn off
write caching. On FreeBSD use
atacontrol. (For SCSI disks use sdparm
--- 61,67 ----
particularly likely to have write-back caches that will not survive a
power failure. To check write caching on Linux use
hdparm -I; it is enabled if there is a * next
! to Write cache; hdparm -W to turn off
write caching. On FreeBSD use
atacontrol. (For SCSI disks use sdparm
***************
*** 79,88 ****
! When the operating system sends a write request to the disk hardware,
there is little it can do to make sure the data has arrived at a truly
non-volatile storage area. Rather, it is the
! administrator's responsibility to be sure that all storage components
ensure data integrity. Avoid disk controllers that have non-battery-backed
write caches. At the drive level, disable write-back caching if the
drive cannot guarantee the data will be written before shutdown.
--- 79,88 ----
! When the operating system sends a write request to the storage hardware,
there is little it can do to make sure the data has arrived at a truly
non-volatile storage area. Rather, it is the
! administrator's responsibility to make certain that all storage components
ensure data integrity. Avoid disk controllers that have non-battery-backed
write caches. At the drive level, disable write-back caching if the
drive cannot guarantee the data will be written before shutdown.
***************
*** 100,110 ****
to power loss at any time, meaning some of the 512-byte sectors were
written, and others were not. To guard against such failures,
PostgreSQL periodically writes full page images to
! permanent storage before modifying the actual page on
disk. By doing this, during crash recovery PostgreSQL can
restore partially-written pages. If you have a battery-backed disk
controller or file-system software that prevents partial page writes
! (e.g., ReiserFS 4), you can turn off this page imaging by using the
parameter.
--- 100,110 ----
to power loss at any time, meaning some of the 512-byte sectors were
written, and others were not. To guard against such failures,
PostgreSQL periodically writes full page images to
! permanent WAL storage before modifying the actual page on
disk. By doing this, during crash recovery PostgreSQL can
restore partially-written pages. If you have a battery-backed disk
controller or file-system software that prevents partial page writes
! (e.g., ZFS), you can turn off this page imaging by turning off the
parameter.
***************
*** 140,151 ****
Because WAL restores database file
! contents after a crash, journaled filesystems are not necessary for
reliable storage of the data files or WAL files. In fact, journaling
overhead can reduce performance, especially if journaling
causes file system data to be flushed
to disk. Fortunately, data flushing during journaling can
! often be disabled with a filesystem mount option, e.g.
data=writeback on a Linux ext3 file system.
Journaled file systems do improve boot speed after a crash.
--- 140,151 ----
Because WAL restores database file
! contents after a crash, journaled file systems are not necessary for
reliable storage of the data files or WAL files. In fact, journaling
overhead can reduce performance, especially if journaling
causes file system data to be flushed
to disk. Fortunately, data flushing during journaling can
! often be disabled with a file system mount option, e.g.
data=writeback on a Linux ext3 file system.
Journaled file systems do improve boot speed after a crash.
***************
*** 308,314 ****
committing at about the same time. Setting commit_delay
can only help when there are many concurrently committing transactions,
and it is difficult to tune it to a value that actually helps rather
! than hurting throughput.
--- 308,314 ----
committing at about the same time. Setting commit_delay
can only help when there are many concurrently committing transactions,
and it is difficult to tune it to a value that actually helps rather
! than hurt throughput.
***************
*** 326,332 ****
Checkpointscheckpoint
are points in the sequence of transactions at which it is guaranteed
! that the data files have been updated with all information written before
the checkpoint. At checkpoint time, all dirty data pages are flushed to
disk and a special checkpoint record is written to the log file.
(The changes were previously flushed to the WAL files.)
--- 326,332 ----
Checkpointscheckpoint
are points in the sequence of transactions at which it is guaranteed
! that the heap and index data files have been updated with all information written before
the checkpoint. At checkpoint time, all dirty data pages are flushed to
disk and a special checkpoint record is written to the log file.
(The changes were previously flushed to the WAL files.)
***************
*** 349,366 ****
! The server's background writer process will automatically perform
a checkpoint every so often. A checkpoint is created every log segments, or every seconds, whichever comes first.
! The default settings are 3 segments and 300 seconds respectively.
It is also possible to force a checkpoint by using the SQL command
CHECKPOINT.
Reducing checkpoint_segments and/or
! checkpoint_timeout causes checkpoints to be done
more often. This allows faster after-crash recovery (since less work
will need to be redone). However, one must balance this against the
increased cost of flushing dirty data pages more often. If
--- 349,366 ----
! The server's background writer process automatically performs
a checkpoint every so often. A checkpoint is created every log segments, or every seconds, whichever comes first.
! The default settings are 3 segments and 300 seconds (5 minutes), respectively.
It is also possible to force a checkpoint by using the SQL command
CHECKPOINT.
Reducing checkpoint_segments and/or
! checkpoint_timeout causes checkpoints to occur
more often. This allows faster after-crash recovery (since less work
will need to be redone). However, one must balance this against the
increased cost of flushing dirty data pages more often. If
***************
*** 469,475 ****
server processes to add their commit records to the log so as to have all
of them flushed with a single log sync. No sleep will occur if
! is not enabled, nor if fewer than
other sessions are currently in active transactions; this avoids
sleeping when it's unlikely that any other session will commit soon.
Note that on most platforms, the resolution of a sleep request is
--- 469,475 ----
server processes to add their commit records to the log so as to have all
of them flushed with a single log sync. No sleep will occur if
! is not enabled, or if fewer than
other sessions are currently in active transactions; this avoids
sleeping when it's unlikely that any other session will commit soon.
Note that on most platforms, the resolution of a sleep request is
***************
*** 483,489 ****
The parameter determines how
PostgreSQL will ask the kernel to force
WAL updates out to disk.
! All the options should be the same as far as reliability goes,
but it's quite platform-specific which one will be the fastest.
Note that this parameter is irrelevant if fsync
has been turned off.
--- 483,489 ----
The parameter determines how
PostgreSQL will ask the kernel to force
WAL updates out to disk.
! All the options should be the same in terms of reliability,
but it's quite platform-specific which one will be the fastest.
Note that this parameter is irrelevant if fsync
has been turned off.
***************
*** 521,546 ****
access/xlog.h; the record content is dependent
on the type of event that is being logged. Segment files are given
ever-increasing numbers as names, starting at
! 000000010000000000000000. The numbers do not wrap, at
! present, but it should take a very very long time to exhaust the
available stock of numbers.
! It is of advantage if the log is located on another disk than the
! main database files. This can be achieved by moving the directory
! pg_xlog to another location (while the server
is shut down, of course) and creating a symbolic link from the
original location in the main data directory to the new location.
! The aim of WAL, to ensure that the log is
! written before database records are altered, can be subverted by
disk drivesdisk drive that falsely report a
successful write to the kernel,
when in fact they have only cached the data and not yet stored it
! on the disk. A power failure in such a situation might still lead to
irrecoverable data corruption. Administrators should try to ensure
that disks holding PostgreSQL's
WAL log files do not make such false reports.
--- 521,546 ----
access/xlog.h; the record content is dependent
on the type of event that is being logged. Segment files are given
ever-increasing numbers as names, starting at
! 000000010000000000000000. The numbers do not wrap,
! but it will take a very, very long time to exhaust the
available stock of numbers.
! It is advantageous if the log is located on a different disk from the
! main database files. This can be achieved by moving the
! pg_xlog directory to another location (while the server
is shut down, of course) and creating a symbolic link from the
original location in the main data directory to the new location.
! The aim of WAL is to ensure that the log is
! written before database records are altered, but this can be subverted by
disk drivesdisk drive that falsely report a
successful write to the kernel,
when in fact they have only cached the data and not yet stored it
! on the disk. A power failure in such a situation might lead to
irrecoverable data corruption. Administrators should try to ensure
that disks holding PostgreSQL's
WAL log files do not make such false reports.
***************
*** 549,556 ****
After a checkpoint has been made and the log flushed, the
checkpoint's position is saved in the file
! pg_control. Therefore, when recovery is to be
! done, the server first reads pg_control and
then the checkpoint record; then it performs the REDO operation by
scanning forward from the log position indicated in the checkpoint
record. Because the entire content of data pages is saved in the
--- 549,556 ----
After a checkpoint has been made and the log flushed, the
checkpoint's position is saved in the file
! pg_control. Therefore, at the start of recovery,
! the server first reads pg_control and
then the checkpoint record; then it performs the REDO operation by
scanning forward from the log position indicated in the checkpoint
record. Because the entire content of data pages is saved in the
***************
*** 562,573 ****
To deal with the case where pg_control is
! corrupted, we should support the possibility of scanning existing log
segments in reverse order — newest to oldest — in order to find the
latest checkpoint. This has not been implemented yet.
pg_control is small enough (less than one disk page)
that it is not subject to partial-write problems, and as of this writing
! there have been no reports of database failures due solely to inability
to read pg_control itself. So while it is
theoretically a weak spot, pg_control does not
seem to be a problem in practice.
--- 562,573 ----
To deal with the case where pg_control is
! corrupt, we should support the possibility of scanning existing log
segments in reverse order — newest to oldest — in order to find the
latest checkpoint. This has not been implemented yet.
pg_control is small enough (less than one disk page)
that it is not subject to partial-write problems, and as of this writing
! there have been no reports of database failures due solely to the inability
to read pg_control itself. So while it is
theoretically a weak spot, pg_control does not
seem to be a problem in practice.