Hi, I'd like to add an ability to validate the corectness of PostgreSQL configuration files, i.e. postgresql.conf, pg_hba.conf, pg_ident.conf without actually applying them. The idea is that it would be a command-line option to postgres for a stand-alone case, or a user-callable function when postmaster is running.
Per the former discussion of a validator for PostgreSQL configuration files (see http://archives.postgresql.org/pgsql-hackers/2008-08/msg00048.php), here's an implementation proposal. The development plan consists of 2 parts. The first one is to add new code that would allow running the checks in both a stand-alone process, when postmaster is not running, and as a function call from a backend postgres process. Initially the code would simply loads configuration files, without performing any of the validation checks. The second part consists of adding specific checks. I think most of the code related to this feature should be put into the auxiliary process. The rationale is that we already have a stand-alone CheckerProcess, which nowadays only parses postgresql.conf, runs BaseInit and exists. We can easily load pg_hba.conf and pg_ident.conf and run all the necessary checks there. Moreover, the same process can be used when checks are launched from a built-in function. In that case, it would save the postgres backend from reloading postgresql.conf, pg_hba.conf and pg_ident.conf internally and restoring the previous configuration options when the function exists. Below is a more detailed description of implementation steps: 1.1. Stand-alone process (postmaster is not running): - Add a new option (--check-config) to main.c. Run AuxiliaryProcessMain with auxType= CheckerProcess if this option is specified. - In CheckerModeMain load pg_hba.conf, pg_ident.conf 1.2. Built-in function, called from a backend process. - Add a new built-in function - Add LastCheckState shared flag to denote whether the check has been successful or failed - Add a new PMSignalReason - From the function call SendPostmasterSignal with the reason added on the previous step. - In the postmaster add a check for this reason in sigusr1_handler, spawning a checker process. Set LastCheckStatus to InProgress. - Store current configuration options in AuxillaryProcessMain before reloading configuration files to avoid checking for options that haven't changed. - In AuxillaryProcessMain, modify SelectConfigFiles invocation to call it if IsUnderPostmaster = true if auxType process type is CheckerProcess. - In the CheckerModeMain, set LastCheckState to either success or failure at the end of all checks. - The built-in function would wait until LastCheckState changes its value from InProgress to either Succcess or Failure, or until some predefined timeout expires, in which case it would emit an error. 2. Add following configuration checks: postgresql.conf: Check that: 1. postgres can bind to listen address:port 2. unix_socket_directory has proper permissions (n/a on Windows). 3. unix_socket_group group exists on a target system (n/a Windows). 4. unix_socket_permissions are valid (write permission is not revoked from the owner, or a group, if group is different from the user). 5. server.crt and server.key exist in the data directory if ssl is set to true (and server is compiled with openssl) 6. krb_server_keyfile is readable by the server (if set) 7. server is not requesting more shared memory than it's available in the system. 8. shared_preload_libraries and local_preload_libraries exist. 9. synchronous_standby_names are not empty and max_wal_senders are > 0 if synchronous_replication = true 10. all enable_* query planner parameters are on. 11. seq_page_cost <= random_page_cost, and cpu_ costs are lower than page_ costs. 12. effective_cache_size is less than the amount of physical memory available. 13. geqo is turned on 14. default_statistics_target is >= 100 15. logging collector is enabled if log destination is stderr 16. log directory either exists and writable or that the parent directory allows creating subdris 17. track counts is on if autovacuum is enabled 18. stats_temp_directory is writeable 19. default tablespace exists (if set) 20. temp_tablespace exists (if set) 21. statement_timeout is 0 (disabled) 22. dynamic_library_path exists 23. sql_inheritance is off 24. zero_damaged_pages is off pg_hba.conf: Check that: 1. the server is compiled with ssl if hostssl is specified 2. ssl is not required if hostnossl is specified - Add a Warning value to LastCheckState for cases when configuration files were loaded successfully, but one or more validation checks have failed. Note that these are basic checks don't require the checker process to have access to the database, Also, with this implementation, a client won't receive an exact error message in case validation is unsuccessful, however, it would receive a status (success, failure, warnings), and an exact error message would be available in the server's log. It's possible to address these shortcomings in the future. Ideas, suggestions are welcome. -- Alexey Klyukin The PostgreSQL Company - Command Prompt, Inc. -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
