Participants
Michael Glaesemann
Michael Glaesemann
Magnus Hagander
Magnus Hagander
Attachments

No attachments in this thread

Thread Outline
#1Michael GlaesemannMichael Glaesemann
Jul 03, 2011
#2Magnus HaganderMagnus Haganderto Michael Glaesemann (#1)
Jul 04, 2011
#3Michael GlaesemannMichael Glaesemannto Magnus Hagander (#2)
Jul 04, 2011

non-superuser reserved connections? connection pools?

Started by Michael Glaesemannover 14 years ago3 messages
#1Michael Glaesemann
Michael Glaesemann
grzm@seespotcode.net

It would be nice to be able to set aside a few connections for non-superusers, such as stats-monitoring connections. There's often no reason to grant these users superuser privileges (they're just observers, and security-definer functions can make anything visible that they may need)), but at the same time you want them to be able to connect even when the "normal" pool of slots may be full.

I googled a bit, assuming there had been discussion of something similar in the past, but didn't find anything.

I'm not sure what configuration would look like. Perhaps there's a generalized "connection pool" concept that's missing, extending the current "superuser" connection pool specified by the superuser_reserved_connections GUC something like:

CREATE CONNECTION POOL stats WITH LIMIT 10; -- 40 connections allotted for the foo connection pool.
ALTER ROLE nagios WITH CONNECTION POOL foo; -- the nagios role is allowed to take a connection from the foo connection pool.

Right now, of course, connection limits are set in postgresql.conf and only alterable on restart, so perhaps there could be a connection_pools GUC, something along the lines of:

connection_pools={stats=3,superuser=10}
max_connections=100

The connections allotted to "superuser" would have the same meaning as the current superuser_reserved_connections GUC.

Does this seem to be a useful feature to anyone else?

Michael Glaesemann
grzm seespotcode net

#2Magnus Hagander
Magnus Hagander
magnus@hagander.net
In reply to: Michael Glaesemann (#1)
Re: non-superuser reserved connections? connection pools?

On Mon, Jul 4, 2011 at 00:01, Michael Glaesemann <grzm@seespotcode.net> wrote:

It would be nice to be able to set aside a few connections for non-superusers, such as stats-monitoring connections. There's often no reason to grant these users superuser privileges (they're just observers, and security-definer functions can make anything visible that they may need)), but at the same time you want them to be able to connect even when the "normal" pool of slots may be full.

I googled a bit, assuming there had been discussion of something similar in the past, but didn't find anything.

I'm not sure what configuration would look like. Perhaps there's a generalized "connection pool" concept that's missing, extending the current "superuser" connection pool specified by the superuser_reserved_connections GUC something like:

CREATE CONNECTION POOL stats WITH LIMIT 10; -- 40 connections allotted for the foo connection pool.
ALTER ROLE nagios WITH CONNECTION POOL foo; -- the nagios role is allowed to take a connection from the foo connection pool.

Right now, of course, connection limits are set in postgresql.conf and only alterable on restart, so perhaps there could be a connection_pools GUC, something along the lines of:

connection_pools={stats=3,superuser=10}
max_connections=100

The connections allotted to "superuser" would have the same meaning as the current superuser_reserved_connections GUC.

Does this seem to be a useful feature to anyone else?

Yeah, I'd definitely find it useful. Gives you a bit more flexibility
than just using connection limiting on the individual user (though in
your specific case here, that might work, if all your stats processes
are with the same user).

No comments on the implementation suggestions at this point ;)

--
 Magnus Hagander
 Me: http://www.hagander.net/
 Work: http://www.redpill-linpro.com/

#3Michael Glaesemann
Michael Glaesemann
grzm@seespotcode.net
In reply to: Magnus Hagander (#2)
Re: non-superuser reserved connections? connection pools?

On Jul 4, 2011, at 10:09, Magnus Hagander wrote:

On Mon, Jul 4, 2011 at 00:01, Michael Glaesemann <grzm@seespotcode.net> wrote:

It would be nice to be able to set aside a few connections for non-superusers, such as stats-monitoring connections. There's often no reason to grant these users superuser privileges (they're just observers, and security-definer functions can make anything visible that they may need)), but at the same time you want them to be able to connect even when the "normal" pool of slots may be full.

<snip/>

connection_pools={stats=3,superuser=10}
max_connections=100

The connections allotted to "superuser" would have the same meaning as the current superuser_reserved_connections GUC.

Does this seem to be a useful feature to anyone else?

Yeah, I'd definitely find it useful. Gives you a bit more flexibility
than just using connection limiting on the individual user (though in
your specific case here, that might work, if all your stats processes
are with the same user).

Good point. It's another way to think of managing connections.

Michael Glaesemann
grzm seespotcode net

← Back to Topics