From bf62b1a0781e49df3eff3c050548f7ab15bffdfb Mon Sep 17 00:00:00 2001 From: Bruce Momjian Date: Wed, 3 Feb 2010 17:25:06 +0000 Subject: [PATCH] Proofreading improvements for the Administration documentation book. --- doc/src/sgml/backup.sgml | 425 ++++++++++++++++++------------------ doc/src/sgml/catalogs.sgml | 6 +- doc/src/sgml/charset.sgml | 60 ++--- doc/src/sgml/client-auth.sgml | 69 +++--- doc/src/sgml/config.sgml | 307 +++++++++++++------------- doc/src/sgml/diskusage.sgml | 47 ++-- doc/src/sgml/high-availability.sgml | 10 +- doc/src/sgml/install-win32.sgml | 11 +- doc/src/sgml/installation.sgml | 4 +- doc/src/sgml/maintenance.sgml | 110 +++++----- doc/src/sgml/manage-ag.sgml | 55 +++-- doc/src/sgml/monitoring.sgml | 32 +-- doc/src/sgml/regress.sgml | 33 ++- doc/src/sgml/runtime.sgml | 94 ++++---- doc/src/sgml/user-manag.sgml | 34 +-- doc/src/sgml/wal.sgml | 60 ++--- 16 files changed, 684 insertions(+), 673 deletions(-) diff --git a/doc/src/sgml/backup.sgml b/doc/src/sgml/backup.sgml index cfb70fb68d..f3888c6e60 100644 --- a/doc/src/sgml/backup.sgml +++ b/doc/src/sgml/backup.sgml @@ -1,4 +1,4 @@ - + Backup and Restore @@ -20,8 +20,7 @@ File system level backup Continuous archiving - Each has its own strengths and weaknesses. - Each is discussed in turn below. + Each has its own strengths and weaknesses; each is discussed in turn below. @@ -37,14 +36,14 @@ pg_dump dbname > outfile - As you see, pg_dump writes its results to the + As you see, pg_dump writes its result to the standard output. We will see below how this can be useful. pg_dump is a regular PostgreSQL client application (albeit a particularly clever one). This means - that you can do this backup procedure from any remote host that has + that you can perform this backup procedure from any remote host that has access to the database. But remember that pg_dump does not operate with special permissions. In particular, it must have read access to all tables that you want to back up, so in @@ -76,8 +75,8 @@ pg_dump dbname > Dumps created by pg_dump are internally consistent, - that is, the dump represents a snapshot of the database as of the time - pg_dump begins running. pg_dump does not + meaning, the dump represents a snapshot of the database at the time + pg_dump began running. pg_dump does not block other operations on the database while it is working. (Exceptions are those operations that need to operate with an exclusive lock, such as most forms of ALTER TABLE.) @@ -85,9 +84,9 @@ pg_dump dbname > - If your database schema relies on OIDs (for instance as foreign + If your database schema relies on OIDs (for instance, as foreign keys) you must instruct pg_dump to dump the OIDs - as well. To do this, use the command line + as well. To do this, use the command-line option. @@ -102,43 +101,43 @@ pg_dump dbname > psql dbname < infile - where infile is what - you used as outfile - for the pg_dump command. The database infile is the + file output by the pg_dump command. The database dbname will not be created by this command, so you must create it yourself from template0 before executing psql (e.g., with createdb -T template0 dbname). psql - supports options similar to pg_dump's for specifying + supports options similar to pg_dump for specifying the database server to connect to and the user name to use. See the reference page for more information. - Before restoring a SQL dump, all the users who own objects or were + Before restoring an SQL dump, all the users who own objects or were granted permissions on objects in the dumped database must already - exist. If they do not, then the restore will fail to recreate the + exist. If they do not, the restore will fail to recreate the objects with the original ownership and/or permissions. (Sometimes this is what you want, but usually it is not.) By default, the psql script will continue to - execute after an SQL error is encountered. You might wish to use the - following command at the top of the script to alter that + execute after an SQL error is encountered. You might wish to run + psql with + the ON_ERROR_STOP variable set to alter that behaviour and have psql exit with an exit status of 3 if an SQL error occurs: -\set ON_ERROR_STOP +psql --set ON_ERROR_STOP=on dbname < infile - Either way, you will have an only partially restored database. + Either way, you will only have a partially restored database. Alternatively, you can specify that the whole dump should be restored as a single transaction, so the restore is either fully completed or fully rolled back. This mode can be specified by passing the @@ -218,13 +217,11 @@ psql -f infile postgres Handling large databases - Since PostgreSQL allows tables larger - than the maximum file size on your system, it can be problematic - to dump such a table to a file, since the resulting file will likely - be larger than the maximum size allowed by your system. Since - pg_dump can write to the standard output, you can - use standard Unix tools to work around this possible problem. - There are several ways to do it: + Some operating systems have maximum file size limits that cause + problems when creating large pg_dump output files. + Fortunately, pg_dump can write to the standard + output, so you can use standard Unix tools to work around this + potential problem. There are several possible methods: @@ -255,7 +252,7 @@ cat filename.gz | gunzip | psql Use split. The split command - allows you to split the output into pieces that are + allows you to split the output into smaller files that are acceptable in size to the underlying file system. For example, to make chunks of 1 megabyte: @@ -310,11 +307,10 @@ pg_restore -d dbname An alternative backup strategy is to directly copy the files that - PostgreSQL uses to store the data in the database. In - it is explained where these files - are located, but you have probably found them already if you are - interested in this method. You can use whatever method you prefer - for doing usual file system backups, for example: + PostgreSQL uses to store the data in the database; + explains where these files + are located. You can use whatever method you prefer + for doing file system backups; for example: tar -cf backup.tar /usr/local/pgsql/data @@ -336,7 +332,7 @@ tar -cf backup.tar /usr/local/pgsql/data an atomic snapshot of the state of the file system, but also because of internal buffering within the server). Information about stopping the server can be found in - . Needless to say that you + . Needless to say, you also need to shut down the server before restoring the data. @@ -347,8 +343,8 @@ tar -cf backup.tar /usr/local/pgsql/data database, you might be tempted to try to back up or restore only certain individual tables or databases from their respective files or directories. This will not work because the - information contained in these files contains only half the - truth. The other half is in the commit log files + information contained in these files is not usable without + the commit log files, pg_clog/*, which contain the commit status of all transactions. A table file is only usable with this information. Of course it is also impossible to restore only a @@ -371,11 +367,11 @@ tar -cf backup.tar /usr/local/pgsql/data above) from the snapshot to a backup device, then release the frozen snapshot. This will work even while the database server is running. However, a backup created in this way saves - the database files in a state where the database server was not + the database files in a state as if the database server was not properly shut down; therefore, when you start the database server - on the backed-up data, it will think the previous server instance had - crashed and replay the WAL log. This is not a problem, just be aware of - it (and be sure to include the WAL files in your backup). + on the backed-up data, it will think the previous server instance + crashed and will replay the WAL log. This is not a problem; just + be aware of it (and be sure to include the WAL files in your backup). @@ -386,7 +382,7 @@ tar -cf backup.tar /usr/local/pgsql/data not be possible to use snapshot backup because the snapshots must be simultaneous. Read your file system documentation very carefully before trusting - to the consistent-snapshot technique in such situations. + the consistent-snapshot technique in such situations. @@ -411,9 +407,8 @@ tar -cf backup.tar /usr/local/pgsql/data - Note that a file system backup will not necessarily be - smaller than an SQL dump. On the contrary, it will most likely be - larger. (pg_dump does not need to dump + Note that a file system backup will typically be larger + than an SQL dump. (pg_dump does not need to dump the contents of indexes for example, just the commands to recreate them.) However, taking a file system backup might be faster. @@ -437,31 +432,31 @@ tar -cf backup.tar /usr/local/pgsql/data At all times, PostgreSQL maintains a write ahead log (WAL) in the pg_xlog/ - subdirectory of the cluster's data directory. The log describes + subdirectory of the cluster's data directory. The log records every change made to the database's data files. This log exists primarily for crash-safety purposes: if the system crashes, the database can be restored to consistency by replaying the log entries made since the last checkpoint. However, the existence of the log makes it possible to use a third strategy for backing up databases: we can combine a file-system-level backup with backup of - the WAL files. If recovery is needed, we restore the backup and - then replay from the backed-up WAL files to bring the backup up to - current time. This approach is more complex to administer than + the WAL files. If recovery is needed, we restore the file system backup and + then replay from the backed-up WAL files to bring the system to a + current state. This approach is more complex to administer than either of the previous approaches, but it has some significant benefits: - We do not need a perfectly consistent backup as the starting point. + We do not need a perfectly consistent file system backup as the starting point. Any internal inconsistency in the backup will be corrected by log replay (this is not significantly different from what happens during - crash recovery). So we don't need file system snapshot capability, + crash recovery). So we do not need a file system snapshot capability, just tar or a similar archiving tool. - Since we can string together an indefinitely long sequence of WAL files + Since we can combine an indefinitely long sequence of WAL files for replay, continuous backup can be achieved simply by continuing to archive the WAL files. This is particularly valuable for large databases, where it might not be convenient to take a full backup frequently. @@ -469,7 +464,7 @@ tar -cf backup.tar /usr/local/pgsql/data - There is nothing that says we have to replay the WAL entries all the + It is not necessary to replay the WAL entries all the way to the end. We could stop the replay at any point and have a consistent snapshot of the database as it was at that time. Thus, this technique supports point-in-time recovery: it is @@ -521,8 +516,8 @@ tar -cf backup.tar /usr/local/pgsql/data abstract WAL sequence. When not using WAL archiving, the system normally creates just a few segment files and then recycles them by renaming no-longer-needed segment files - to higher segment numbers. It's assumed that a segment file whose - contents precede the checkpoint-before-last is no longer of + to higher segment numbers. It's assumed that segment files whose + contents precede the checkpoint-before-last are no longer of interest and can be recycled. @@ -535,7 +530,7 @@ tar -cf backup.tar /usr/local/pgsql/data directory on another machine, write them onto a tape drive (ensuring that you have a way of identifying the original name of each file), or batch them together and burn them onto CDs, or something else entirely. To - provide the database administrator with as much flexibility as possible, + provide the database administrator with flexibility, PostgreSQL tries not to make any assumptions about how the archiving will be done. Instead, PostgreSQL lets the administrator specify a shell command to be executed to copy a @@ -552,11 +547,11 @@ tar -cf backup.tar /usr/local/pgsql/data these settings will always be placed in the postgresql.conf file. In archive_command, - any %p is replaced by the path name of the file to - archive, while any %f is replaced by the file name only. + %p is replaced by the path name of the file to + archive, while %f is replaced by only the file name. (The path name is relative to the current working directory, i.e., the cluster's data directory.) - Write %% if you need to embed an actual % + Use %% if you need to embed an actual % character in the command. The simplest useful command is something like: @@ -584,7 +579,7 @@ cp -i pg_xlog/00000001000000A900000065 /mnt/server/archivedir/00000001000000A900 It is important that the archive command return zero exit status if and - only if it succeeded. Upon getting a zero result, + only if it succeeds. Upon getting a zero result, PostgreSQL will assume that the file has been successfully archived, and will remove or recycle it. However, a nonzero status tells PostgreSQL that the file was not archived; @@ -602,7 +597,7 @@ cp -i pg_xlog/00000001000000A900000065 /mnt/server/archivedir/00000001000000A900 nonzero status in this case. We have found that cp -i does this correctly on some platforms but not others. If the chosen command does not itself handle this case correctly, you should add a command - to test for pre-existence of the archive file. For example, something + to test for existence of the archive file. For example, something like: archive_command = 'test ! -f .../%f && cp %p .../%f' @@ -620,14 +615,14 @@ archive_command = 'test ! -f .../%f && cp %p .../%f' is reported appropriately so that the situation can be resolved reasonably quickly. The pg_xlog/ directory will continue to fill with WAL segment files until the situation is resolved. - (If the filesystem containing pg_xlog/ fills up, - PostgreSQL will do a PANIC shutdown. No prior - transactions will be lost, but the database will be unavailable until + (If the file system containing pg_xlog/ fills up, + PostgreSQL will do a PANIC shutdown. No committed + transactions will be lost, but the database will remain offline until you free some space.) - The speed of the archiving command is not important, so long as it can keep up + The speed of the archiving command is unimportant as long as it can keep up with the average rate at which your server generates WAL data. Normal operation continues even if the archiving process falls a little behind. If archiving falls significantly behind, this will increase the amount of @@ -642,8 +637,8 @@ archive_command = 'test ! -f .../%f && cp %p .../%f' In writing your archive command, you should assume that the file names to be archived can be up to 64 characters long and can contain any combination of ASCII letters, digits, and dots. It is not necessary to - remember the original relative path (%p) but it is necessary to - remember the file name (%f). + preserve the original relative path (%p) but it is necessary to + preserve the file name (%f). @@ -667,7 +662,7 @@ archive_command = 'test ! -f .../%f && cp %p .../%f' a limit on how old unarchived data can be, you can set to force the server to switch to a new WAL segment file at least that often. Note that archived - files that are ended early due to a forced switch are still the same + files that are archived early due to a forced switch are still the same length as completely full files. It is therefore unwise to set a very short archive_timeout — it will bloat your archive storage. archive_timeout settings of a minute or so are @@ -676,7 +671,7 @@ archive_command = 'test ! -f .../%f && cp %p .../%f' Also, you can force a segment switch manually with - pg_switch_xlog, if you want to ensure that a + pg_switch_xlog if you want to ensure that a just-finished transaction is archived as soon as possible. Other utility functions related to WAL management are listed in . @@ -711,7 +706,7 @@ archive_command = 'test ! -f .../%f && cp %p .../%f' - Connect to the database as a superuser, and issue the command: + Connect to the database as a superuser and issue the command: SELECT pg_start_backup('label'); @@ -720,7 +715,8 @@ SELECT pg_start_backup('label'); full path where you intend to put the backup dump file.) pg_start_backup creates a backup label file, called backup_label, in the cluster directory with - information about your backup. + information about your backup, including the start time and label + string. @@ -735,9 +731,9 @@ SELECT pg_start_backup('label'); required for the checkpoint will be spread out over a significant period of time, by default half your inter-checkpoint interval (see the configuration parameter - ). Usually - this is what you want, because it minimizes the impact on query - processing. If you just want to start the backup as soon as + ). This is + usually what you want, because it minimizes the impact on query + processing. If you want to start the backup as soon as possible, use: SELECT pg_start_backup('label', true); @@ -760,14 +756,14 @@ SELECT pg_start_backup('label', true); SELECT pg_stop_backup(); This terminates the backup mode and performs an automatic switch to - the next WAL segment. The reason for the switch is to arrange that - the last WAL segment file written during the backup interval is - immediately ready to archive. + the next WAL segment. The reason for the switch is to arrange for + the last WAL segment file written during the backup interval to be + ready to archive. - Once the WAL segment files used during the backup are archived, you are + Once the WAL segment files active during the backup are archived, you are done. The file identified by pg_stop_backup's result is the last segment that is required to form a complete set of backup files. pg_stop_backup does not return until the last segment has @@ -788,10 +784,10 @@ SELECT pg_stop_backup(); - Some backup tools that you might wish to use emit warnings or errors + Some file system backup tools emit warnings or errors if the files they are trying to copy change while the copy proceeds. - This situation is normal, and not an error, when taking a base backup - of an active database; so you need to ensure that you can distinguish + When taking a base backup of an active database, this situation is normal + and not an error. However, you need to ensure that you can distinguish complaints of this sort from real errors. For example, some versions of rsync return a separate exit code for vanished source files, and you can write a driver script to @@ -804,7 +800,7 @@ SELECT pg_stop_backup(); - It is not necessary to be very concerned about the amount of time elapsed + It is not necessary to be concerned about the amount of time elapsed between pg_start_backup and the start of the actual backup, nor between the end of the backup and pg_stop_backup; a few minutes' delay won't hurt anything. (However, if you normally run the @@ -812,23 +808,23 @@ SELECT pg_stop_backup(); in performance between pg_start_backup and pg_stop_backup, since full_page_writes is effectively forced on during backup mode.) You must ensure that these - steps are carried out in sequence without any possible + steps are carried out in sequence, without any possible overlap, or you will invalidate the backup. - Be certain that your backup dump includes all of the files underneath + Be certain that your backup dump includes all of the files under the database cluster directory (e.g., /usr/local/pgsql/data). If you are using tablespaces that do not reside underneath this directory, be careful to include them as well (and be sure that your backup dump - archives symbolic links as links, otherwise the restore will mess up + archives symbolic links as links, otherwise the restore will corrupt your tablespaces). You can, however, omit from the backup dump the files within the - pg_xlog/ subdirectory of the cluster directory. This - slight complication is worthwhile because it reduces the risk + cluster's pg_xlog/ subdirectory. This + slight adjustment is worthwhile because it reduces the risk of mistakes when restoring. This is easy to arrange if pg_xlog/ is a symbolic link pointing to someplace outside the cluster directory, which is a common setup anyway for performance @@ -836,12 +832,12 @@ SELECT pg_stop_backup(); - To make use of the backup, you will need to keep around all the WAL + To make use of the backup, you will need to keep all the WAL segment files generated during and after the file system backup. To aid you in doing this, the pg_stop_backup function creates a backup history file that is immediately stored into the WAL archive area. This file is named after the first - WAL segment file that you need to have to make use of the backup. + WAL segment file that you need for the file system backup. For example, if the starting WAL file is 0000000100001234000055CD the backup history file will be named something like @@ -860,9 +856,9 @@ SELECT pg_stop_backup(); The backup history file is just a small text file. It contains the label string you gave to pg_start_backup, as well as the starting and ending times and WAL segments of the backup. - If you used the label to identify where the associated dump file is kept, + If you used the label to identify the associated dump file, then the archived history file is enough to tell you which dump file to - restore, should you need to do so. + restore. @@ -878,13 +874,13 @@ SELECT pg_stop_backup(); It's also worth noting that the pg_start_backup function makes a file named backup_label in the database cluster - directory, which is then removed again by pg_stop_backup. + directory, which is removed by pg_stop_backup. This file will of course be archived as a part of your backup dump file. The backup label file includes the label string you gave to pg_start_backup, as well as the time at which pg_start_backup was run, and the name of the starting WAL - file. In case of confusion it will - therefore be possible to look inside a backup dump file and determine + file. In case of confusion it is + therefore possible to look inside a backup dump file and determine exactly which backup session the dump file came from. @@ -917,20 +913,20 @@ SELECT pg_stop_backup(); location in case you need them later. Note that this precaution will require that you have enough free space on your system to hold two copies of your existing database. If you do not have enough space, - you need at the least to copy the contents of the pg_xlog - subdirectory of the cluster data directory, as it might contain logs which + you should at least save the contents of the cluster's pg_xlog + subdirectory, as it might contain logs which were not archived before the system went down. - Clean out all existing files and subdirectories under the cluster data + Remove all existing files and subdirectories under the cluster data directory and under the root directories of any tablespaces you are using. - Restore the database files from your base backup. Be careful that they + Restore the database files from your file system backup. Be sure that they are restored with the right ownership (the database system user, not root!) and with the right permissions. If you are using tablespaces, @@ -941,17 +937,18 @@ SELECT pg_stop_backup(); Remove any files present in pg_xlog/; these came from the - backup dump and are therefore probably obsolete rather than current. - If you didn't archive pg_xlog/ at all, then recreate it, + file system backup and are therefore probably obsolete rather than current. + If you didn't archive pg_xlog/ at all, then recreate + it with proper permissions, being careful to ensure that you re-establish it as a symbolic link if you had it set up that way before. - If you had unarchived WAL segment files that you saved in step 2, + If you have unarchived WAL segment files that you saved in step 2, copy them into pg_xlog/. (It is best to copy them, - not move them, so that you still have the unmodified files if a + not move them, so you still have the unmodified files if a problem occurs and you have to start over.) @@ -960,7 +957,7 @@ SELECT pg_stop_backup(); Create a recovery command file recovery.conf in the cluster data directory (see ). You might also want to temporarily modify pg_hba.conf to prevent - ordinary users from connecting until you are sure the recovery has worked. + ordinary users from connecting until you are sure the recovery was successful. @@ -971,28 +968,28 @@ SELECT pg_stop_backup(); simply be restarted and it will continue recovery. Upon completion of the recovery process, the server will rename recovery.conf to recovery.done (to prevent - accidentally re-entering recovery mode in case of a crash later) and then + accidentally re-entering recovery mode later) and then commence normal database operations. Inspect the contents of the database to ensure you have recovered to - where you want to be. If not, return to step 1. If all is well, - let in your users by restoring pg_hba.conf to normal. + the desired state. If not, return to step 1. If all is well, + allow your users to connect by restoring pg_hba.conf to normal. - The key part of all this is to set up a recovery command file that + The key part of all this is to set up a recovery configuration file that describes how you want to recover and how far the recovery should run. You can use recovery.conf.sample (normally - installed in the installation share/ directory) as a + located in the installation's share/ directory) as a prototype. The one thing that you absolutely must specify in recovery.conf is the restore_command, - which tells PostgreSQL how to get back archived + which tells PostgreSQL how to retrieve archived WAL file segments. Like the archive_command, this is a shell command string. It can contain %f, which is replaced by the name of the desired log file, and %p, @@ -1006,14 +1003,14 @@ SELECT pg_stop_backup(); restore_command = 'cp /mnt/server/archivedir/%f %p' which will copy previously archived WAL segments from the directory - /mnt/server/archivedir. You could of course use something + /mnt/server/archivedir. Of course, you can use something much more complicated, perhaps even a shell script that requests the operator to mount an appropriate tape. It is important that the command return nonzero exit status on failure. - The command will be asked for files that are not present + The command will be called requesting files that are not present in the archive; it must return nonzero when so asked. This is not an error condition. Not all of the requested files will be WAL segment files; you should also expect requests for files with a suffix of @@ -1025,7 +1022,7 @@ restore_command = 'cp /mnt/server/archivedir/%f %p' WAL segments that cannot be found in the archive will be sought in pg_xlog/; this allows use of recent un-archived segments. - However segments that are available from the archive will be used in + However, segments that are available from the archive will be used in preference to files in pg_xlog/. The system will not overwrite the existing contents of pg_xlog/ when retrieving archived files. @@ -1034,13 +1031,13 @@ restore_command = 'cp /mnt/server/archivedir/%f %p' Normally, recovery will proceed through all available WAL segments, thereby restoring the database to the current point in time (or as - close as we can get given the available WAL segments). So a normal + close as possible given the available WAL segments). Therefore, a normal recovery will end with a file not found message, the exact text of the error message depending upon your choice of restore_command. You may also see an error message at the start of recovery for a file named something like 00000001.history. This is also normal and does not - indicate a problem in simple recovery situations. See + indicate a problem in simple recovery situations; see for discussion. @@ -1058,15 +1055,15 @@ restore_command = 'cp /mnt/server/archivedir/%f %p' The stop point must be after the ending time of the base backup, i.e., the end time of pg_stop_backup. You cannot use a base backup - to recover to a time when that backup was still going on. (To + to recover to a time when that backup was in progress. (To recover to such a time, you must go back to your previous base backup and roll forward from there.) - If recovery finds a corruption in the WAL data then recovery will - complete at that point and the server will not start. In such a case the + If recovery finds corrupted WAL data, recovery will + halt at that point and the server will not start. In such a case the recovery process could be re-run from the beginning, specifying a recovery target before the point of corruption so that recovery can complete normally. @@ -1085,7 +1082,9 @@ restore_command = 'cp /mnt/server/archivedir/%f %p' These settings can only be made in the recovery.conf - file, and apply only for the duration of the recovery. They must be + file, and apply only for the duration of the recovery. (A sample file, + share/recovery.conf.sample, exists in the installation's + share/ directory.) They must be reset for any subsequent recovery you wish to perform. They cannot be changed once recovery has begun. The parameters for streaming replication are described in %f in the string is replaced by the name of the file to retrieve from the archive, - and any %p is replaced by the path name to copy - it to on the server. + and any %p is replaced by the copy destination path name + on the server. (The path name is relative to the current working directory, i.e., the cluster's data directory.) Any %r is replaced by the name of the file containing the last valid restart point. That is the earliest file that must be kept to allow a restore to be restartable, so this information can be used to truncate the archive to just the minimum required to support - restart from the current restore. %r would typically be - used in a warm-standby configuration + restarting from the current restore. %r is typically only + used by warm-standby configurations (see ). - Write %% to embed an actual % character - in the command. + Write %% to embed an actual % character. + - It is important for the command to return a zero exit status if and + It is important for the command to return a zero exit status only if it succeeds. The command will be asked for file names that are not present in the archive; it must return nonzero when so asked. Examples: @@ -1221,7 +1220,7 @@ restore_command = 'copy "C:\\server\\archivedir\\%f" "%p"' # Windows Specifies recovering into a particular timeline. The default is to recover along the same timeline that was current when the - base backup was taken. You would only need to set this parameter + base backup was taken. You only need to set this parameter in complex re-recovery situations, where you need to return to a state that itself was reached after a point-in-time recovery. See for discussion. @@ -1245,28 +1244,28 @@ restore_command = 'copy "C:\\server\\archivedir\\%f" "%p"' # Windows The ability to restore the database to a previous point in time creates some complexities that are akin to science-fiction stories about time - travel and parallel universes. In the original history of the database, - perhaps you dropped a critical table at 5:15PM on Tuesday evening, but + travel and parallel universes. For example, in the original history of the database, + suppose you dropped a critical table at 5:15PM on Tuesday evening, but didn't realize your mistake until Wednesday noon. Unfazed, you get out your backup, restore to the point-in-time 5:14PM Tuesday evening, and are up and running. In this history of - the database universe, you never dropped the table at all. But suppose - you later realize this wasn't such a great idea after all, and would like + the database universe, you never dropped the table. But suppose + you later realize this wasn't such a great idea, and would like to return to sometime Wednesday morning in the original history. You won't be able to if, while your database was up-and-running, it overwrote some of the - sequence of WAL segment files that led up to the time you now wish you - could get back to. So you really want to distinguish the series of + WAL segment files that led up to the time you now wish you + could get back to. Thus, to avoid this, you need to distinguish the series of WAL records generated after you've done a point-in-time recovery from those that were generated in the original database history. - To deal with these problems, PostgreSQL has a notion - of timelines. Whenever an archive recovery is completed, + To deal with this problem, PostgreSQL has a notion + of timelines. Whenever an archive recovery completes, a new timeline is created to identify the series of WAL records generated after that recovery. The timeline - ID number is part of WAL segment file names, and so a new timeline does + ID number is part of WAL segment file names so a new timeline does not overwrite the WAL data generated by previous timelines. It is in fact possible to archive many different timelines. While that might seem like a useless feature, it's often a lifesaver. Consider the @@ -1275,11 +1274,11 @@ restore_command = 'copy "C:\\server\\archivedir\\%f" "%p"' # Windows until you find the best place to branch off from the old history. Without timelines this process would soon generate an unmanageable mess. With timelines, you can recover to any prior state, including - states in timeline branches that you later abandoned. + states in timeline branches that you abandoned earlier. - Each time a new timeline is created, PostgreSQL creates + Every time a new timeline is created, PostgreSQL creates a timeline history file that shows which timeline it branched off from and when. These history files are necessary to allow the system to pick the right WAL segment files when recovering from an archive that @@ -1287,15 +1286,15 @@ restore_command = 'copy "C:\\server\\archivedir\\%f" "%p"' # Windows archive area just like WAL segment files. The history files are just small text files, so it's cheap and appropriate to keep them around indefinitely (unlike the segment files which are large). You can, if - you like, add comments to a history file to make your own notes about - how and why this particular timeline came to be. Such comments will be + you like, add comments to a history file to record your own notes about + how and why this particular timeline was created. Such comments will be especially valuable when you have a thicket of different timelines as a result of experimentation. The default behavior of recovery is to recover along the same timeline - that was current when the base backup was taken. If you want to recover + that was current when the base backup was taken. If you wish to recover into some child timeline (that is, you want to return to some state that was itself generated after a recovery attempt), you need to specify the target timeline ID in recovery.conf. You cannot recover into @@ -1319,13 +1318,13 @@ restore_command = 'copy "C:\\server\\archivedir\\%f" "%p"' # Windows for point-in-time recovery, yet are typically much faster to backup and restore than pg_dump dumps. (They are also much larger than pg_dump dumps, so in some cases the speed advantage - could be negated.) + might be negated.) To prepare for standalone hot backups, set archive_mode to on, and set up an archive_command that performs - archiving only when a switch file exists. For example: + archiving only when a switch file exists. For example: archive_command = 'test ! -f /var/lib/pgsql/backup_in_progress || cp -i %p /var/lib/pgsql/archive/%f < /dev/null' @@ -1538,7 +1537,7 @@ archive_command = 'local_backup_script.sh' in continuous archiving mode, while each standby server operates in continuous recovery mode, reading the WAL files from the primary. No changes to the database tables are required to enable this capability, - so it offers low administration overhead in comparison with some other + so it offers low administration overhead compared to some other replication approaches. This configuration also has relatively low performance impact on the primary server. @@ -1549,7 +1548,7 @@ archive_command = 'local_backup_script.sh' implements file-based log shipping, which means that WAL records are transferred one file (WAL segment) at a time. WAL files (16MB) can be shipped easily and cheaply over any distance, whether it be to an - adjacent system, another system on the same site or another system on + adjacent system, another system at the same site, or another system on the far side of the globe. The bandwidth required for this technique varies according to the transaction rate of the primary server. Record-based log shipping is also possible with custom-developed @@ -1563,10 +1562,10 @@ archive_command = 'local_backup_script.sh' failure: transactions not yet shipped will be lost. The length of the window of data loss can be limited by use of the archive_timeout parameter, which can be set as low - as a few seconds if required. However such low settings will - substantially increase the bandwidth requirements for file shipping. + as a few seconds if required. However such a low setting will + substantially increase the bandwidth required for file shipping. If you need a window of less than a minute or so, it's probably better - to look into record-based log shipping. + to consider record-based log shipping. @@ -1587,12 +1586,12 @@ archive_command = 'local_backup_script.sh' It is usually wise to create the primary and standby servers so that they are as similar as possible, at least from the perspective of the database server. In particular, the path names - associated with tablespaces will be passed across as-is, so both + associated with tablespaces will be passed across unmodified, so both primary and standby servers must have the same mount paths for tablespaces if that feature is used. Keep in mind that if is executed on the primary, any new mount point needed for it must - be created on both the primary and all standby servers before the command + be created on the primary and all standby servers before the command is executed. Hardware need not be exactly the same, but experience shows that maintaining two identical systems is easier than maintaining two dissimilar ones over the lifetime of the application and system. @@ -1603,7 +1602,7 @@ archive_command = 'local_backup_script.sh' In general, log shipping between servers running different major PostgreSQL release - levels will not be possible. It is the policy of the PostgreSQL Global + levels is not possible. It is the policy of the PostgreSQL Global Development Group not to make changes to disk formats during minor release upgrades, so it is likely that running different minor release levels on primary and standby servers will work successfully. However, no @@ -1617,13 +1616,13 @@ archive_command = 'local_backup_script.sh' There is no special mode required to enable a standby server. The - operations that occur on both primary and standby servers are entirely + operations that occur on both primary and standby servers are normal continuous archiving and recovery tasks. The only point of contact between the two database servers is the archive of WAL files that both share: primary writing to the archive, standby reading from - the archive. Care must be taken to ensure that WAL archives for separate + the archive. Care must be taken to ensure that WAL archives from separate primary servers do not become mixed together or confused. The archive - need not be large, if it is only required for the standby operation. + need not be large if it is only required for standby operation. @@ -1665,31 +1664,31 @@ if (!triggered) as a contrib module named pg_standby. It should be used as a reference on how to correctly implement the logic described above. It can also be extended as needed to support specific - configurations or environments. + configurations and environments. PostgreSQL does not provide the system software required to identify a failure on the primary and notify - the standby system and then the standby database server. Many such - tools exist and are well integrated with other aspects required for + the standby database server. Many such tools exist and are well + integrated with the operating system facilities required for successful failover, such as IP address migration. - The means for triggering failover is an important part of planning and - design. The restore_command is executed in full once - for each WAL file. The process running the restore_command - is therefore created and dies for each file, so there is no daemon - or server process and so we cannot use signals and a signal - handler. A more permanent notification is required to trigger the - failover. It is possible to use a simple timeout facility, - especially if used in conjunction with a known - archive_timeout setting on the primary. This is - somewhat error prone since a network problem or busy primary server might - be sufficient to initiate failover. A notification mechanism such - as the explicit creation of a trigger file is less error prone, if - this can be arranged. + The method for triggering failover is an important part of planning + and design. One potential option is the restore_command + command. It is executed once for each WAL file, but the process + running the restore_command is created and dies for + each file, so there is no daemon or server process, and we cannot + use signals or a signal handler. Therefore, the + restore_command is not suitable to trigger failover. + It is possible to use a simple timeout facility, especially if + used in conjunction with a known archive_timeout + setting on the primary. However, this is somewhat error prone + since a network problem or busy primary server might be sufficient + to initiate failover. A notification mechanism such as the explicit + creation of a trigger file is ideal, if this can be arranged. @@ -1697,7 +1696,7 @@ if (!triggered) option of the restore_command. This option specifies the last archive file name that needs to be kept to allow the recovery to restart correctly. This can be used to truncate the archive once - files are no longer required, if the archive is writable from the + files are no longer required, assuming the archive is writable from the standby server. @@ -1711,15 +1710,15 @@ if (!triggered) - Set up primary and standby systems as near identically as + Set up primary and standby systems as nearly identical as possible, including two identical copies of PostgreSQL at the same release level. - Set up continuous archiving from the primary to a WAL archive located - in a directory on the standby server. Ensure that + Set up continuous archiving from the primary to a WAL archive + directory on the standby server. Ensure that , and @@ -1777,9 +1776,10 @@ if (!triggered) - If the primary server fails and then immediately restarts, you must have - a mechanism for informing it that it is no longer the primary. This is - sometimes known as STONITH (Shoot the Other Node In The Head), which is + If the primary server fails and the standby server becomes the + new primary, and then the old primary restarts, you must have + a mechanism for informing old primary that it is no longer the primary. This is + sometimes known as STONITH (Shoot The Other Node In The Head), which is necessary to avoid situations where both systems think they are the primary, which will lead to confusion and ultimately data loss. @@ -1803,7 +1803,7 @@ if (!triggered) either on the former primary system when it comes up, or on a third, possibly new, system. Once complete the primary and standby can be considered to have switched roles. Some people choose to use a third - server to provide backup to the new primary until the new standby + server to provide backup for the new primary until the new standby server is recreated, though clearly this complicates the system configuration and operational processes. @@ -1834,15 +1834,15 @@ if (!triggered) to find out the file name and the exact byte offset within it of the current end of WAL. It can then access the WAL file directly and copy the data from the last known end of WAL through the current end - over to the standby server(s). With this approach, the window for data + over to the standby servers. With this approach, the window for data loss is the polling cycle time of the copying program, which can be very - small, but there is no wasted bandwidth from forcing partially-used + small, and there is no wasted bandwidth from forcing partially-used segment files to be archived. Note that the standby servers' - restore_command scripts still deal in whole WAL files, + restore_command scripts can only deal with whole WAL files, so the incrementally copied data is not ordinarily made available to the standby servers. It is of use only when the primary dies — then the last partial WAL file is fed to the standby before allowing - it to come up. So correct implementation of this process requires + it to come up. The correct implementation of this process requires cooperation of the restore_command script with the data copying program. @@ -2090,10 +2090,11 @@ primary_conninfo = 'host=192.168.1.50 port=5432 user=foo password=foopass' - If we take a backup of the standby server's data directory while it is processing - logs shipped from the primary, we will be able to reload that data and + If we take a file system backup of the standby server's data + directory while it is processing + logs shipped from the primary, we will be able to reload that backup and restart the standby's recovery process from the last restart point. - We no longer need to keep WAL files from before the restart point. + We no longer need to keep WAL files from before the standby's restart point. If we need to recover, it will be faster to recover from the incrementally updated backup than from the original base backup. @@ -2106,7 +2107,8 @@ primary_conninfo = 'host=192.168.1.50 port=5432 user=foo password=foopass' backup. You can do this by running pg_controldata on the standby server to inspect the control file and determine the current checkpoint WAL location, or by using the - log_checkpoints option to print values to the server log. + log_checkpoints option to print values to the standby's + server log. @@ -2892,27 +2894,35 @@ LOG: database system is ready to accept read only connections - As a general rule, the internal data storage format is subject to - change between major releases of PostgreSQL (where - the number after the first dot changes). This does not apply to - different minor releases under the same major release (where the - number after the second dot changes); these always have compatible - storage formats. For example, releases 8.1.1, 8.2.3, and 8.3 are - not compatible, whereas 8.2.3 and 8.2.4 are. When you update - between compatible versions, you can simply replace the executables - and reuse the data directory on disk. Otherwise you need to back - up your data and restore it on the new server. This has to be done - using pg_dump; file system level backup methods - obviously won't work. There are checks in place that prevent you - from using a data directory with an incompatible version of - PostgreSQL, so no great harm can be done by - trying to start the wrong server version on a data directory. + PostgreSQL major versions are represented by the + first two digit groups of the version number, e.g. 8.4. + PostgreSQL minor versions are represented by the + the third group of version digits, i.e., 8.4.2 is the second minor + release of 8.4. Minor releases never change the internal storage + format and are always compatible with earlier and later minor + releases of the same major version number, i.e. 8.4.2 is compatible + with 8.4, 8.4.1 and 8.4.6. To update between compatible versions, + you simply replace the executables while the server is down and + restart the server. The data directory remains unchanged — + minor upgrades are that simple. + + + + For major releases of PostgreSQL, the + internal data storage format is subject to change. When migrating + data from one major version of PostgreSQL to another, + you need to back up your data and restore it on the new server. + This must be done using pg_dump; file system level + backup methods will not work. There are checks in place that prevent + you from using a data directory with an incompatible version of + PostgreSQL, so no great harm can be done + by trying to start the wrong server version on a data directory. It is recommended that you use the pg_dump and pg_dumpall programs from the newer version of - PostgreSQL, to take advantage of any enhancements + PostgreSQL, to take advantage of enhancements that might have been made in these programs. Current releases of the dump programs can read data from any server version back to 7.0. @@ -2926,9 +2936,9 @@ LOG: database system is ready to accept read only connections pg_dumpall -p 5432 | psql -d postgres -p 6543 - to transfer your data. Or use an intermediate file if you want. - Then you can shut down the old server and start the new server at - the port the old one was running at. You should make sure that the + to transfer your data. Or use an intermediate file if you wish. + Then you can shut down the old server and start the new server using + the port the old one was running on. You should make sure that the old database is not updated after you begin to run pg_dumpall, otherwise you will lose that data. See for information on how to prohibit @@ -2949,13 +2959,14 @@ pg_dumpall -p 5432 | psql -d postgres -p 6543 If you cannot or do not want to run two servers in parallel, you can do the backup step before installing the new version, bring down - the server, move the old version out of the way, install the new + the old server, move the old version out of the way, install the new version, start the new server, and restore the data. For example: pg_dumpall > backup pg_ctl stop mv /usr/local/pgsql /usr/local/pgsql.old +# Rename any tablespace directories as well cd ~/postgresql-&version; gmake install initdb -D /usr/local/pgsql/data @@ -2976,7 +2987,7 @@ psql -f backup postgres This is usually not a big problem, but if you plan on using two installations in parallel for a while you should assign them different installation directories at build time. (This problem - is rectified in PostgreSQL 8.0 and later, so long + is rectified in PostgreSQL version 8.0 and later, so long as you move all subdirectories containing installed files together; for example if /usr/local/postgres/bin/ goes to /usr/local/postgres.old/bin/, then diff --git a/doc/src/sgml/catalogs.sgml b/doc/src/sgml/catalogs.sgml index 74b2c4b4e1..ef0a615bcc 100644 --- a/doc/src/sgml/catalogs.sgml +++ b/doc/src/sgml/catalogs.sgml @@ -1,4 +1,4 @@ - + @@ -5569,7 +5569,9 @@ inserted before a datum of this type so that it begins on the specified boundary. The alignment reference is the beginning of the first datum in the sequence. - + + + Possible values are: diff --git a/doc/src/sgml/charset.sgml b/doc/src/sgml/charset.sgml index 287cabc33b..eeef7a22c4 100644 --- a/doc/src/sgml/charset.sgml +++ b/doc/src/sgml/charset.sgml @@ -1,4 +1,4 @@ - + Localization</> @@ -6,8 +6,8 @@ <para> This chapter describes the available localization features from the point of view of the administrator. - <productname>PostgreSQL</productname> supports localization with - two approaches: + <productname>PostgreSQL</productname> supports two localization + facilities: <itemizedlist> <listitem> @@ -67,10 +67,10 @@ initdb --locale=sv_SE (<literal>sv</>) as spoken in Sweden (<literal>SE</>). Other possibilities might be <literal>en_US</> (U.S. English) and <literal>fr_CA</> (French - Canadian). If more than one character set can be useful for a + Canadian). If more than one character set can be used for a locale then the specifications look like this: - <literal>cs_CZ.ISO8859-2</>. What locales are available under what - names on your system depends on what was provided by the operating + <literal>cs_CZ.ISO8859-2</>. What locales are available on your + system under what names depends on what was provided by the operating system vendor and what was installed. On most Unix systems, the command <literal>locale -a</> will provide a list of available locales. Windows uses more verbose locale names, such as <literal>German_Germany</> @@ -80,8 +80,8 @@ initdb --locale=sv_SE <para> Occasionally it is useful to mix rules from several locales, e.g., use English collation rules but Spanish messages. To support that, a - set of locale subcategories exist that control only a certain - aspect of the localization rules: + set of locale subcategories exist that control only certain + aspects of the localization rules: <informaltable> <tgroup cols="2"> @@ -127,13 +127,13 @@ initdb --locale=sv_SE </para> <para> - The nature of some locale categories is that their value has to be + Some locale categories must have their values fixed when the database is created. You can use different settings for different databases, but once a database is created, you cannot change them for that database anymore. <literal>LC_COLLATE</literal> - and <literal>LC_CTYPE</literal> are these categories. They affect + and <literal>LC_CTYPE</literal> are these type of categories. They affect the sort order of indexes, so they must be kept fixed, or indexes on - text columns will become corrupt. The default values for these + text columns would become corrupt. The default values for these categories are determined when <command>initdb</command> is run, and those values are used when new databases are created, unless specified otherwise in the <command>CREATE DATABASE</command> command. @@ -146,7 +146,7 @@ initdb --locale=sv_SE linkend="runtime-config-client-format"> for details). The values that are chosen by <command>initdb</command> are actually only written into the configuration file <filename>postgresql.conf</filename> to - serve as defaults when the server is started. If you delete these + serve as defaults when the server is started. If you disable these assignments from <filename>postgresql.conf</filename> then the server will inherit the settings from its execution environment. </para> @@ -178,7 +178,7 @@ initdb --locale=sv_SE settings for the purpose of setting the language of messages. If in doubt, please refer to the documentation of your operating system, in particular the documentation about - <application>gettext</>, for more information. + <application>gettext</>. </para> </note> @@ -320,8 +320,9 @@ initdb --locale=sv_SE <para> An important restriction, however, is that each database's character set - must be compatible with the database's <envar>LC_CTYPE</> and - <envar>LC_COLLATE</> locale settings. For <literal>C</> or + must be compatible with the database's <envar>LC_CTYPE</> (character + classification) and <envar>LC_COLLATE</> (string sort order) locale + settings. For <literal>C</> or <literal>POSIX</> locale, any character set is allowed, but for other locales there is only one character set that will work correctly. (On Windows, however, UTF-8 encoding can be used with any locale.) @@ -543,7 +544,7 @@ initdb --locale=sv_SE <entry>LATIN1 with Euro and accents</entry> <entry>Yes</entry> <entry>1</entry> - <entry>ISO885915</entry> + <entry><literal>ISO885915</></entry> </row> <row> <entry><literal>LATIN10</literal></entry> @@ -694,7 +695,7 @@ initdb --locale=sv_SE </table> <para> - Not all <acronym>API</>s support all the listed character sets. For example, the + Not all client <acronym>API</>s support all the listed character sets. For example, the <productname>PostgreSQL</> JDBC driver does not support <literal>MULE_INTERNAL</>, <literal>LATIN6</>, <literal>LATIN8</>, and <literal>LATIN10</>. @@ -710,7 +711,7 @@ initdb --locale=sv_SE much a declaration that a specific encoding is in use, as a declaration of ignorance about the encoding. In most cases, if you are working with any non-ASCII data, it is unwise to use the - <literal>SQL_ASCII</> setting, because + <literal>SQL_ASCII</> setting because <productname>PostgreSQL</productname> will be unable to help you by converting or validating non-ASCII characters. </para> @@ -720,17 +721,17 @@ initdb --locale=sv_SE <title>Setting the Character Set - initdb defines the default character set + initdb defines the default character set (encoding) for a PostgreSQL cluster. For example, initdb -E EUC_JP - sets the default character set (encoding) to + sets the default character set to EUC_JP (Extended Unix Code for Japanese). You can use instead of - if you prefer to type longer option strings. + if you prefer longer option strings. If no option is given, initdb attempts to determine the appropriate encoding to use based on the specified or default locale. @@ -762,8 +763,8 @@ CREATE DATABASE korean WITH ENCODING 'EUC_KR' LC_COLLATE='ko_KR.euckr' LC_CTYPE= The encoding for a database is stored in the system catalog pg_database. You can see it by using the - option or the \l command - of psql. + psql option or the + \l command. $ psql -l @@ -784,11 +785,11 @@ $ psql -l On most modern operating systems, PostgreSQL - can determine which character set is implied by an LC_CTYPE + can determine which character set is implied by the LC_CTYPE setting, and it will enforce that only the matching database encoding is used. On older systems it is your responsibility to ensure that you use the encoding expected by the locale you have selected. A mistake in - this area is likely to lead to strange misbehavior of locale-dependent + this area is likely to lead to strange behavior of locale-dependent operations such as sorting. @@ -1190,9 +1191,9 @@ RESET client_encoding; If the conversion of a particular character is not possible — suppose you chose EUC_JP for the - server and LATIN1 for the client, then some - Japanese characters do not have a representation in - LATIN1 — then an error is reported. + server and LATIN1 for the client, and some + Japanese characters are returned that do not have a representation in + LATIN1 — an error is reported. @@ -1249,7 +1250,8 @@ RESET client_encoding; - UTF-8 is defined here. + UTF-8 (8-bit UCS/Unicode Transformation + Format) is defined here. diff --git a/doc/src/sgml/client-auth.sgml b/doc/src/sgml/client-auth.sgml index 841e78dd53..feb9511c5e 100644 --- a/doc/src/sgml/client-auth.sgml +++ b/doc/src/sgml/client-auth.sgml @@ -1,4 +1,4 @@ - + Client Authentication @@ -162,7 +162,7 @@ hostnossl database user hostnossl - This record type has the opposite logic to hostssl: + This record type has the opposite behavior of hostssl; it only matches connection attempts made over TCP/IP that do not use SSL. @@ -218,7 +218,7 @@ hostnossl database user Specifies the client machine IP address range that this record matches. This field contains an IP address in standard dotted decimal - notation and a CIDR mask length. (IP addresses can only be + notation and a CIDR mask length. (IP addresses can only be specified numerically, not as domain or host names.) The mask length indicates the number of high-order bits of the client IP address that must match. Bits to the right of this must @@ -238,7 +238,8 @@ hostnossl database user Typical examples of a CIDR-address are 172.20.143.89/32 for a single host, or 172.20.143.0/24 for a small network, or - 10.6.0.0/16 for a larger one. + 10.6.0.0/16 for a larger one. + 0.0.0.0/0 (all balls) represents all addresses. To specify a single host, use a CIDR mask of 32 for IPv4 or 128 for IPv6. In a network address, do not omit trailing zeroes. @@ -296,8 +297,8 @@ hostnossl database user Allow the connection unconditionally. This method allows anyone that can connect to the PostgreSQL database server to login as - any PostgreSQL user they like, - without the need for a password. See PostgreSQL user they wish, + without the need for a password or any other authentication. See for details. @@ -308,7 +309,10 @@ hostnossl database user Reject the connection unconditionally. This is useful for - filtering out certain hosts from a group. + filtering out certain hosts from a group, e.g. a + reject line blocks a specific host from connecting, + but a later line allows the remaining hosts in a specific + network to connect. @@ -388,7 +392,7 @@ hostnossl database user ldap - Authenticate using an LDAP server. See LDAP server. See for details. @@ -473,7 +477,7 @@ hostnossl database user the main server process receives a SIGHUPSIGHUP signal. If you edit the file on an - active system, you will need to signal the server + active system, you will need to signal the postmaster (using pg_ctl reload or kill -HUP) to make it re-read the file. @@ -485,7 +489,7 @@ hostnossl database user CONNECT privilege for the database. If you wish to restrict which users can connect to which databases, it's usually easier to control this by granting/revoking CONNECT privilege - than to put the rules into pg_hba.conf entries. + than to put the rules in pg_hba.conf entries. @@ -498,7 +502,7 @@ hostnossl database user Example <filename>pg_hba.conf</filename> entries -# Allow any user on the local system to connect to any database under +# Allow any user on the local system to connect to any database with # any database user name using Unix-domain sockets (the default for local # connections). # @@ -517,7 +521,7 @@ host all all 127.0.0.1 255.255.255.255 trus # Allow any user from any host with IP address 192.168.93.x to connect # to database "postgres" as the same user name that ident reports for -# the connection (typically the Unix user name). +# the connection (typically the operating system user name). # # TYPE DATABASE USER CIDR-ADDRESS METHOD host postgres all 192.168.93.0/24 ident @@ -531,8 +535,8 @@ host postgres all 192.168.12.10/32 md5 # In the absence of preceding "host" lines, these two lines will # reject all connections from 192.168.54.1 (since that entry will be # matched first), but allow Kerberos 5 connections from anywhere else -# on the Internet. The zero mask means that no bits of the host IP -# address are considered so it matches any host. +# on the Internet. The zero mask causes no bits of the host IP +# address to be considered, so it matches any host. # # TYPE DATABASE USER CIDR-ADDRESS METHOD host all all 192.168.54.1/32 reject @@ -654,7 +658,7 @@ mymap /^(.*)@otherdomain\.com$ guest when the main server process receives a SIGHUPSIGHUP signal. If you edit the file on an - active system, you will need to signal the server + active system, you will need to signal the postmaster (using pg_ctl reload or kill -HUP) to make it re-read the file. @@ -663,16 +667,16 @@ mymap /^(.*)@otherdomain\.com$ guest A pg_ident.conf file that could be used in conjunction with the pg_hba.conf file in is shown in . In this example setup, anyone + linkend="example-pg-ident.conf">. In this example, anyone logged in to a machine on the 192.168 network that does not have the - Unix user name bryanh, ann, or + operating system user name bryanh, ann, or robert would not be granted access. Unix user robert would only be allowed access when he tries to connect as PostgreSQL user bob, not as robert or anyone else. ann would only be allowed to connect as ann. User bryanh would be allowed to connect as either - bryanh himself or as guest1. + bryanh or as guest1. @@ -759,7 +763,7 @@ omicron bryanh guest1 The password-based authentication methods are md5 and password. These methods operate similarly except for the way that the password is sent across the - connection: respectively, MD5-hashed and clear-text. + connection, i.e. respectively, MD5-hashed and clear-text. @@ -780,8 +784,8 @@ omicron bryanh guest1 catalog. Passwords can be managed with the SQL commands and , - e.g., CREATE USER foo WITH PASSWORD 'secret';. - By default, that is, if no password has been set up, the stored password + e.g., CREATE USER foo WITH PASSWORD 'secret'. + If no password has been set up for a user, the stored password is null and password authentication will always fail for that user. @@ -802,7 +806,7 @@ omicron bryanh guest1 authentication according to RFC 1964. GSSAPI provides automatic authentication (single sign-on) for systems that support it. The authentication itself is secure, but the - data sent over the database connection will be in clear unless + data sent over the database connection will be send unencrypted unless SSL is used. @@ -877,7 +881,7 @@ omicron bryanh guest1 When using Kerberos authentication, SSPI works the same way - GSSAPI does. See + GSSAPI does; see for details. @@ -941,7 +945,7 @@ omicron bryanh guest1 Kerberos is an industry-standard secure authentication system suitable for distributed computing over a public network. A description of the Kerberos system - is far beyond the scope of this document; in full generality it can be + is beyond the scope of this document; in full generality it can be quite complex (yet powerful). The Kerberos FAQ or @@ -973,8 +977,9 @@ omicron bryanh guest1 changed from the default postgres at build time using ./configure --with-krb-srvnam=whatever. In most environments, - this parameter never needs to be changed. However, to support multiple - PostgreSQL installations on the same host it is necessary. + this parameter never needs to be changed. However, it is necessary + when supporting multiple PostgreSQL installations + on the same host. Some Kerberos implementations might also require a different service name, such as Microsoft Active Directory which requires the service name to be in uppercase (POSTGRES). @@ -1005,7 +1010,7 @@ omicron bryanh guest1 of the key file is specified by the configuration parameter. The default is - /usr/local/pgsql/etc/krb5.keytab (or whichever + /usr/local/pgsql/etc/krb5.keytab (or whatever directory was specified as sysconfdir at build time). @@ -1035,7 +1040,7 @@ omicron bryanh guest1 Apache web server, you can use AuthType KerberosV5SaveCredentials with a mod_perl script. This gives secure - database access over the web, no extra passwords required. + database access over the web, with no additional passwords required. @@ -1137,13 +1142,13 @@ omicron bryanh guest1 Since PostgreSQL knows both X and Y when a physical connection is established, it can interrogate the ident server on the host of the connecting - client and could theoretically determine the operating system user - for any given connection this way. + client and can theoretically determine the operating system user + for any given connection. The drawback of this procedure is that it depends on the integrity - of the client: if the client machine is untrusted or compromised + of the client: if the client machine is untrusted or compromised, an attacker could run just about any program on port 113 and return any user name he chooses. This authentication method is therefore only appropriate for closed networks where each client @@ -1562,7 +1567,7 @@ FATAL: database "testdb" does not exist The server log might contain more information about an authentication failure than is reported to the client. If you are - confused about the reason for a failure, check the log. + confused about the reason for a failure, check the server log. diff --git a/doc/src/sgml/config.sgml b/doc/src/sgml/config.sgml index 077039e3e1..d6c739d96b 100644 --- a/doc/src/sgml/config.sgml +++ b/doc/src/sgml/config.sgml @@ -1,4 +1,4 @@ - + Server Configuration @@ -21,10 +21,10 @@ All parameter names are case-insensitive. Every parameter takes a value of one of five types: Boolean, integer, floating point, - string or enum. Boolean values can be written as ON, - OFF, TRUE, - FALSE, YES, - NO, 1, 0 + string or enum. Boolean values can be written as on, + off, true, + false, yes, + no, 1, 0 (all case-insensitive) or any unambiguous prefix of these. @@ -66,8 +66,8 @@ shared_buffers = 128MB One parameter is specified per line. The equal sign between name and value is optional. Whitespace is insignificant and blank lines are - ignored. Hash marks (#) introduce comments - anywhere. Parameter values that are not simple identifiers or + ignored. Hash marks (#) designate the rest of the + line as a comment. Parameter values that are not simple identifiers or numbers must be single-quoted. To embed a single quote in a parameter value, write either two quotes (preferred) or backslash-quote. @@ -155,9 +155,9 @@ SET ENABLE_SEQSCAN TO OFF; values for the parameter. Some parameters cannot be changed via SET: for example, if they control behavior that cannot be changed without restarting the entire - PostgreSQL server. Also, some parameters can - be modified via SET or ALTER by superusers, - but not by ordinary users. + PostgreSQL server. Also, + some SET or ALTER parameter modifications + require superuser permission. @@ -329,7 +329,7 @@ SET ENABLE_SEQSCAN TO OFF; at all, in which case only Unix-domain sockets can be used to connect to it. The default value is localhost, - which allows only local loopback connections to be + which allows only local TCP/IP loopback connections to be made. While client authentication () allows fine-grained control over who can access the server, listen_addresses @@ -440,8 +440,8 @@ SET ENABLE_SEQSCAN TO OFF; server.) In combination with the parameter unix_socket_permissions this can be used as an additional access control mechanism for Unix-domain connections. - By default this is the empty string, which selects the default - group for the current user. This parameter can only be set at + By default this is the empty string, which uses the default + group of the server user. This parameter can only be set at server start. @@ -457,7 +457,7 @@ SET ENABLE_SEQSCAN TO OFF; Sets the access permissions of the Unix-domain socket. Unix-domain sockets use the usual Unix file system permission set. The parameter value is expected to be a numeric mode - specification in the form accepted by the + specified in the format accepted by the chmod and umask system calls. (To use the customary octal format the number must start with a 0 (zero).) @@ -469,7 +469,7 @@ SET ENABLE_SEQSCAN TO OFF; 0770 (only user and group, see also unix_socket_group) and 0700 (only user). (Note that for a Unix-domain socket, only write - permission matters and so there is no point in setting or revoking + permission matters, so there is no point in setting or revoking read or execute permissions.) @@ -581,7 +581,7 @@ SET ENABLE_SEQSCAN TO OFF; Maximum time to complete client authentication, in seconds. If a would-be client has not completed the authentication protocol in - this much time, the server breaks the connection. This prevents + this much time, the server closes the connection. This prevents hung clients from occupying a connection indefinitely. The default is one minute (1m). This parameter can only be set in the postgresql.conf @@ -707,8 +707,9 @@ SET ENABLE_SEQSCAN TO OFF; With this parameter enabled, you can still create ordinary global users. Simply append @ when specifying the user - name in the client. The @ will be stripped off - before the user name is looked up by the server. + name in the client, e.g. joe@. The @ + will be stripped off before the user name is looked up by the + server. @@ -783,15 +784,15 @@ SET ENABLE_SEQSCAN TO OFF; session. These are session-local buffers used only for access to temporary tables. The default is eight megabytes (8MB). The setting can be changed within individual - sessions, but only up until the first use of temporary tables - within a session; subsequent attempts to change the value will + sessions, but only before the first use of temporary tables + within the session; subsequent attempts to change the value will have no effect on that session. A session will allocate temporary buffers as needed up to the limit given by temp_buffers. The cost of setting a large - value in sessions that do not actually need a lot of temporary + value in sessions that do not actually need many temporary buffers is only a buffer descriptor, or about 64 bytes, per increment in temp_buffers. However if a buffer is actually used an additional 8192 bytes will be consumed for it @@ -849,13 +850,13 @@ SET ENABLE_SEQSCAN TO OFF; Specifies the amount of memory to be used by internal sort operations - and hash tables before switching to temporary disk files. The value + and hash tables before writing to temporary disk files. The value defaults to one megabyte (1MB). Note that for a complex query, several sort or hash operations might be - running in parallel; each one will be allowed to use as much memory - as this value specifies before it starts to put data into temporary + running in parallel; each operation will be allowed to use as much memory + as this value specifies before it starts to write data into temporary files. Also, several running sessions could be doing such operations - concurrently. So the total memory used could be many + concurrently. Therefore, the total memory used could be many times the value of work_mem; it is necessary to keep this fact in mind when choosing the value. Sort operations are used for ORDER BY, DISTINCT, and @@ -873,7 +874,7 @@ SET ENABLE_SEQSCAN TO OFF; - Specifies the maximum amount of memory to be used in maintenance + Specifies the maximum amount of memory to be used by maintenance operations, such as VACUUM, CREATE INDEX, and ALTER TABLE ADD FOREIGN KEY. It defaults to 16 megabytes (16MB). Since only one of these @@ -916,9 +917,9 @@ SET ENABLE_SEQSCAN TO OFF; the actual kernel limit will mean that a runaway recursive function can crash an individual backend process. On platforms where PostgreSQL can determine the kernel limit, - it will not let you set this variable to an unsafe value. However, - not all platforms provide the information, so caution is recommended - in selecting a value. + the server will not allow this variable to be set to an unsafe + value. However, not all platforms provide the information, + so caution is recommended in selecting a value. @@ -942,7 +943,7 @@ SET ENABLE_SEQSCAN TO OFF; a safe per-process limit, you don't need to worry about this setting. But on some platforms (notably, most BSD systems), the kernel will allow individual processes to open many more files than the system - can really support when a large number of processes all try to open + can actually support if many processes all try to open that many files. If you find yourself seeing Too many open files failures, try reducing this setting. This parameter can only be set at server start. @@ -957,14 +958,14 @@ SET ENABLE_SEQSCAN TO OFF; - This variable specifies one or more shared libraries that are - to be preloaded at server start. If more than one library is to be - loaded, separate their names with commas. For example, + This variable specifies one or more shared libraries + to be preloaded at server start. For example, '$libdir/mylib' would cause mylib.so (or on some platforms, mylib.sl) to be preloaded from the installation's standard library directory. - This parameter can only be set at server start. + If more than one library is to be loaded, separate their names + with commas. This parameter can only be set at server start. @@ -1024,15 +1025,15 @@ SET ENABLE_SEQSCAN TO OFF; various I/O operations that are performed. When the accumulated cost reaches a limit (specified by vacuum_cost_limit), the process performing - the operation will sleep for a while (specified by - vacuum_cost_delay). Then it will reset the + the operation will sleep for a short period of time, as specified by + vacuum_cost_delay. Then it will reset the counter and continue execution. The intent of this feature is to allow administrators to reduce the I/O impact of these commands on concurrent database - activity. There are many situations in which it is not very + activity. There are many situations where it is not important that maintenance commands like VACUUM and ANALYZE finish quickly; however, it is usually very important that these @@ -1156,15 +1157,15 @@ SET ENABLE_SEQSCAN TO OFF; There is a separate server process called the background writer, whose function - is to issue writes of dirty shared buffers. The intent is - that server processes handling user queries should seldom or never have - to wait for a write to occur, because the background writer will do it. - However there is a net overall - increase in I/O load, because a repeatedly-dirtied page might - otherwise be written only once per checkpoint interval, but the - background writer might write it several times in the same interval. - The parameters discussed in this subsection can be used to - tune the behavior for local needs. + is to issue writes of dirty (new or modified) shared + buffers. It writes shared buffers so server processes handling + user queries seldom or never need to wait for a write to occur. + However, the background writer does cause a net overall + increase in I/O load, because while a repeatedly-dirtied page might + otherwise be written only once per checkpoint interval, the + background writer might write it several times as it is dirtied + in the same interval. The parameters discussed in this subsection + can be used to tune the behavior for local needs. @@ -1329,7 +1330,9 @@ SET ENABLE_SEQSCAN TO OFF; allowed to do its best in buffering, ordering, and delaying writes. This can result in significantly improved performance. However, if the system crashes, the results of the last few - committed transactions might be lost in part or whole. In the + committed transactions might be completely lost, or worse, + might appear partially committed, leaving the database in an + inconsistent state. In the worst case, unrecoverable data corruption might occur. (Crashes of the database software itself are not a risk factor here. Only an operating-system-level crash @@ -1357,7 +1360,7 @@ SET ENABLE_SEQSCAN TO OFF; - This parameter can only be set in the postgresql.conf + fsync can only be set in the postgresql.conf file or on the server command line. If you turn this parameter off, also consider turning off . @@ -1409,7 +1412,7 @@ SET ENABLE_SEQSCAN TO OFF; Method used for forcing WAL updates out to disk. If fsync is off then this setting is irrelevant, - since updates will not be forced out at all. + since WAL file updates will not be forced out at all. Possible values are: @@ -1468,8 +1471,8 @@ SET ENABLE_SEQSCAN TO OFF; that contains a mix of old and new data. The row-level change data normally stored in WAL will not be enough to completely restore such a page during post-crash recovery. Storing the full page image - guarantees that the page can be correctly restored, but at a price - in increasing the amount of data that must be written to WAL. + guarantees that the page can be correctly restored, but at the price + of increasing the amount of data that must be written to WAL. (Because WAL replay always starts from a checkpoint, it is sufficient to do this during the first change of each page after a checkpoint. Therefore, one way to reduce the cost of full-page writes is to @@ -1483,7 +1486,7 @@ SET ENABLE_SEQSCAN TO OFF; fsync, though smaller. It might be safe to turn off this parameter if you have hardware (such as a battery-backed disk controller) or file-system software that reduces - the risk of partial page writes to an acceptably low level (e.g., ReiserFS 4). + the risk of partial page writes to an acceptably low level (e.g., ZFS). @@ -1630,8 +1633,8 @@ SET ENABLE_SEQSCAN TO OFF; - Specifies the target length of checkpoints, as a fraction of - the checkpoint interval. The default is 0.5. + Specifies the target of checkpoint completion, as a fraction of + total time between checkpoints. The default is 0.5. This parameter can only be set in the postgresql.conf file or on the server command line. @@ -1671,7 +1674,7 @@ SET ENABLE_SEQSCAN TO OFF; When archive_mode is enabled, completed WAL segments - can be sent to archive storage by setting + are sent to archive storage by setting . archive_mode and archive_command are separate variables so that archive_command can be @@ -1688,10 +1691,10 @@ SET ENABLE_SEQSCAN TO OFF; - The shell command to execute to archive a completed segment of - the WAL file series. Any %p in the string is + The shell command to execute to archive a completed WAL file + segment. Any %p in the string is replaced by the path name of the file to archive, and any - %f is replaced by the file name only. + %f is replaced by only the file name. (The path name is relative to the working directory of the server, i.e., the cluster's data directory.) Use %% to embed an actual % character in the @@ -1701,9 +1704,13 @@ SET ENABLE_SEQSCAN TO OFF; file or on the server command line. It is ignored unless archive_mode was enabled at server start. If archive_command is an empty string (the default) while - archive_mode is enabled, then WAL archiving is temporarily + archive_mode is enabled, WAL archiving is temporarily disabled, but the server continues to accumulate WAL segment files in - the expectation that a command will soon be provided. + the expectation that a command will soon be provided. Setting + archive_mode to a command that does nothing but + return true, e.g. /bin/true, effectively disables + archiving, but also breaks the chain of WAL files needed for + archive recovery, so it should only be used in unusual circumstances. It is important for the command to return a zero exit status if @@ -1723,11 +1730,11 @@ archive_command = 'copy "%p" "C:\\server\\archivedir\\%f"' # Windows - The is only invoked on + The is only invoked for completed WAL segments. Hence, if your server generates little WAL traffic (or has slack periods where it does so), there could be a long delay between the completion of a transaction and its safe - recording in archive storage. To put a limit on how old unarchived + recording in archive storage. To limit how old unarchived data can be, you can set archive_timeout to force the server to switch to a new WAL segment file periodically. When this parameter is greater than zero, the server will switch to a new @@ -1854,16 +1861,15 @@ archive_command = 'copy "%p" "C:\\server\\archivedir\\%f"' # Windows These configuration parameters provide a crude method of influencing the query plans chosen by the query optimizer. If the default plan chosen by the optimizer for a particular query - is not optimal, a temporary solution can be found by using one + is not optimal, a temporary solution is to use one of these configuration parameters to force the optimizer to - choose a different plan. Turning one of these settings off - permanently is seldom a good idea, however. + choose a different plan. Better ways to improve the quality of the plans chosen by the optimizer include adjusting the , running more - frequently, increasing the value of the , running manually, increasing + the value of the configuration parameter, and increasing the amount of statistics collected for specific columns using ALTER TABLE SET @@ -1950,7 +1956,7 @@ archive_command = 'copy "%p" "C:\\server\\archivedir\\%f"' # Windows Enables or disables the query planner's use of nested-loop join - plans. It's not possible to suppress nested-loop joins entirely, + plans. It is impossible to suppress nested-loop joins entirely, but turning this variable off discourages the planner from using one if there are other methods available. The default is on. @@ -1969,7 +1975,7 @@ archive_command = 'copy "%p" "C:\\server\\archivedir\\%f"' # Windows Enables or disables the query planner's use of sequential scan - plan types. It's not possible to suppress sequential scans + plan types. It is impossible to suppress sequential scans entirely, but turning this variable off discourages the planner from using one if there are other methods available. The default is on. @@ -1985,7 +1991,7 @@ archive_command = 'copy "%p" "C:\\server\\archivedir\\%f"' # Windows Enables or disables the query planner's use of explicit sort - steps. It's not possible to suppress explicit sorts entirely, + steps. It is impossible to suppress explicit sorts entirely, but turning this variable off discourages the planner from using one if there are other methods available. The default is on. @@ -2017,8 +2023,8 @@ archive_command = 'copy "%p" "C:\\server\\archivedir\\%f"' # Windows The cost variables described in this section are measured on an arbitrary scale. Only their relative values matter, hence scaling them all up or down by the same factor will result in no change - in the planner's choices. Traditionally, these variables have been - referenced to sequential page fetches as the unit of cost; that is, + in the planner's choices. By default, these cost variables are based on + the cost of sequential page fetches; that is, seq_page_cost is conventionally set to 1.0 and the other cost variables are set with reference to that. But you can use a different scale if you prefer, such as actual execution @@ -2029,7 +2035,7 @@ archive_command = 'copy "%p" "C:\\server\\archivedir\\%f"' # Windows Unfortunately, there is no well-defined method for determining ideal values for the cost variables. They are best treated as averages over - the entire mix of queries that a particular installation will get. This + the entire mix of queries that a particular installation will receive. This means that changing them on the basis of just a few experiments is very risky. @@ -2193,8 +2199,8 @@ archive_command = 'copy "%p" "C:\\server\\archivedir\\%f"' # Windows Enables or disables genetic query optimization. This is on by default. It is usually best not to turn it off in - production; the geqo_threshold variable provides a - more granular way to control use of GEQO. + production; the geqo_threshold variable provides + more granular control of GEQO. @@ -2211,7 +2217,8 @@ archive_command = 'copy "%p" "C:\\server\\archivedir\\%f"' # Windows FULL OUTER JOIN construct counts as only one FROM item.) The default is 12. For simpler queries it is usually best to use the deterministic, exhaustive planner, but for queries with - many tables the deterministic planner takes too long. + many tables the deterministic planner takes too long, often + longer than the penalty of executing a suboptimal plan. @@ -2320,8 +2327,8 @@ archive_command = 'copy "%p" "C:\\server\\archivedir\\%f"' # Windows - Sets the default statistics target for table columns that have - not had a column-specific target set via ALTER TABLE + Sets the default statistics target for table columns without + a column-specific target set via ALTER TABLE SET STATISTICS. Larger values increase the time needed to do ANALYZE, but might improve the quality of the planner's estimates. The default is 100. For more information @@ -2349,7 +2356,9 @@ archive_command = 'copy "%p" "C:\\server\\archivedir\\%f"' # Windows partition (examine constraints only for inheritance child tables and UNION ALL subqueries). partition is the default setting. - + It is often used with inheritance and partitioned tables to + improve performance. + When this parameter allows it for a particular table, the planner @@ -2366,9 +2375,7 @@ SELECT * FROM parent WHERE key = 2400; With constraint exclusion enabled, this SELECT - will not scan child1000 at all. This can - improve performance when inheritance is used to build - partitioned tables. + will not scan child1000 at all, improving performance. @@ -2449,8 +2456,8 @@ SELECT * FROM parent WHERE key = 2400; for most uses. Setting it to 1 prevents any reordering of explicit JOINs. Thus, the explicit join order specified in the query will be the actual order in which the - relations are joined. The query planner does not always choose - the optimal join order; advanced users can elect to + relations are joined. Because the query planner does not always choose + the optimal join order, advanced users can elect to temporarily set this variable to 1, and then specify the join order they desire explicitly. For more information see . @@ -2505,7 +2512,8 @@ SELECT * FROM parent WHERE key = 2400; If csvlog is included in log_destination, log entries are output in comma separated - value format, which is convenient for loading them into programs. + value (CSV) format, which is convenient for + loading logs into programs. See for details. logging_collector must be enabled to generate CSV-format log output. @@ -2521,7 +2529,7 @@ SELECT * FROM parent WHERE key = 2400; LOCAL0 through LOCAL7 (see ), but the default syslog configuration on most platforms - will discard all such messages. You will need to add something like + will discard all such messages. You will need to add something like: local0.* /var/log/postgresql @@ -2539,9 +2547,8 @@ local0.* /var/log/postgresql - This parameter allows messages sent to stderr, - and CSV-format log output, to be - captured and redirected into log files. + This parameter captures plain and CSV-format log messages + sent to stderr and redirects them into log files. This approach is often more useful than logging to syslog, since some types of messages might not appear in syslog output (a common example @@ -2832,7 +2839,11 @@ local0.* /var/log/postgresql Controls the amount of detail written in the server log for each message that is logged. Valid values are TERSE, DEFAULT, and VERBOSE, each adding more - fields to displayed messages. + fields to displayed messages. VERBOSE logging + output includes the SQLSTATE error + code and the source code file name, function name, + and line number that generated the error. Only superusers can change this setting. @@ -2845,8 +2856,8 @@ local0.* /var/log/postgresql - Controls whether or not the SQL statement that causes an error - condition will be recorded in the server log. The current + Controls which SQL statements that cause an error + condition are recorded in the server log. The current SQL statement is included in the log entry for any message of the specified severity or higher. Valid values are DEBUG5, @@ -3165,7 +3176,7 @@ local0.* /var/log/postgresql By default, connection log messages only show the IP address of the - connecting host. Turning on this parameter causes logging of the + connecting host. Turning this parameter on causes logging of the host name as well. Note that depending on your host name resolution setup this might impose a non-negligible performance penalty. This parameter can only be set in the postgresql.conf @@ -3312,7 +3323,7 @@ FROM pg_stat_activity; If you set a nonempty value for log_line_prefix, you should usually make its last character be a space, to provide visual separation from the rest of the log line. A punctuation - character could be used too. + character can be used too. @@ -3392,11 +3403,11 @@ FROM pg_stat_activity; - Controls logging of use of temporary files. + Controls logging of temporary file names and sizes. Temporary files can be created for sorts, hashes, and temporary query results. A log entry is made for each temporary file when it is deleted. - A value of zero logs all temporary files, while positive + A value of zero logs all temporary file information, while positive values log only files whose size is greater than or equal to the specified number of kilobytes. The default setting is -1, which disables such logging. @@ -3415,7 +3426,7 @@ FROM pg_stat_activity; Sets the time zone used for timestamps written in the log. Unlike , this value is cluster-wide, so that all sessions will report timestamps consistently. - The default is unknown, which means to use whatever + The default is unknown, which means use whatever the system environment specifies as the time zone. See for more information. This parameter can only be set in the postgresql.conf @@ -3432,7 +3443,8 @@ FROM pg_stat_activity; Including csvlog in the log_destination list provides a convenient way to import log files into a database table. - This option emits log lines in comma-separated-value format, + This option emits log lines in comma-separated-values + (CSV) format, with these columns: timestamp with milliseconds, user name, @@ -3503,7 +3515,7 @@ COPY postgres_log FROM '/full/path/to/logfile.csv' WITH csv; There are a few things you need to do to simplify importing CSV log - files easily and automatically: + files: @@ -3575,11 +3587,11 @@ COPY postgres_log FROM '/full/path/to/logfile.csv' WITH csv; Enables the collection of information on the currently - executing command of each session, along with the time at - which that command began execution. This parameter is on by + executing command of each session, along with the time when + that command began execution. This parameter is on by default. Note that even when enabled, this information is not visible to all users, only to superusers and the user owning - the session being reported on; so it should not represent a + the session being reported on, so it should not represent a security risk. Only superusers can change this setting. @@ -3666,8 +3678,8 @@ COPY postgres_log FROM '/full/path/to/logfile.csv' WITH csv; Sets the directory to store temporary statistics data in. This can be a path relative to the data directory or an absolute path. The default - is pg_stat_tmp. Pointing this at a RAM based - filesystem will decrease physical I/O requirements and can lead to + is pg_stat_tmp. Pointing this at a RAM-based + file system will decrease physical I/O requirements and can lead to improved performance. This parameter can only be set in the postgresql.conf file or on the server command line. @@ -3701,9 +3713,10 @@ COPY postgres_log FROM '/full/path/to/logfile.csv' WITH csv; - For each query, write performance statistics of the respective + For each query, output performance statistics of the respective module to the server log. This is a crude profiling - instrument. log_statement_stats reports total + instrument, similar to the Unix getrusage() operating + system facility. log_statement_stats reports total statement statistics, while the others report per-module statistics. log_statement_stats cannot be enabled together with any of the per-module options. All of these options are disabled by @@ -3742,7 +3755,7 @@ COPY postgres_log FROM '/full/path/to/logfile.csv' WITH csv; Controls whether the server should run the autovacuum launcher daemon. This is on by default; however, - must also be turned on for + must also be enabled for autovacuum to work. This parameter can only be set in the postgresql.conf file or on the server command line. @@ -3800,7 +3813,7 @@ COPY postgres_log FROM '/full/path/to/logfile.csv' WITH csv; database. In each round the daemon examines the database and issues VACUUM and ANALYZE commands as needed for tables in that database. The delay is measured - in seconds, and the default is one minute (1m). + in seconds, and the default is one minute (1min). This parameter can only be set in the postgresql.conf file or on the server command line. @@ -3965,7 +3978,7 @@ COPY postgres_log FROM '/full/path/to/logfile.csv' WITH csv; This variable specifies the order in which schemas are searched when an object (table, data type, function, etc.) is referenced by a - simple name with no schema component. When there are objects of + simple name with no schema specified. When there are objects of identical names in different schemas, the one found first in the search path is used. An object that is not in any of the schemas in the search path can only be referenced by specifying @@ -3973,7 +3986,7 @@ COPY postgres_log FROM '/full/path/to/logfile.csv' WITH csv; - The value for search_path has to be a comma-separated + The value for search_path must be a comma-separated list of schema names. If one of the list items is the special value $user, then the schema having the name returned by SESSION_USER is substituted, if there @@ -3993,9 +4006,9 @@ COPY postgres_log FROM '/full/path/to/logfile.csv' WITH csv; pg_temp_nnn, is always searched if it exists. It can be explicitly listed in the path by using the alias pg_temp. If it is not listed in the path then - it is searched first (before even pg_catalog). However, + it is searched first (even before pg_catalog). However, the temporary schema is only searched for relation (table, view, - sequence, etc) and data type names. It will never be searched for + sequence, etc) and data type names. It is never searched for function or operator names. @@ -4022,7 +4035,7 @@ COPY postgres_log FROM '/full/path/to/logfile.csv' WITH csv; via the SQL function current_schemas(). This is not quite the same as examining the value of search_path, since - current_schemas() shows how the requests + current_schemas() shows how the items appearing in search_path were resolved. @@ -4075,11 +4088,11 @@ COPY postgres_log FROM '/full/path/to/logfile.csv' WITH csv; tablespacetemporary - This variable specifies tablespace(s) in which to create temporary + This variable specifies tablespaces in which to create temporary objects (temp tables and indexes on temp tables) when a CREATE command does not explicitly specify a tablespace. Temporary files for purposes such as sorting large data sets - are also created in these tablespace(s). + are also created in these tablespaces. @@ -4210,8 +4223,7 @@ COPY postgres_log FROM '/full/path/to/logfile.csv' WITH csv; milliseconds, starting from the time the command arrives at the server from the client. If log_min_error_statement is set to ERROR or lower, the statement that timed out will also be - logged. A value of zero (the default) turns off the - limitation. + logged. A value of zero (the default) turns this off. @@ -4527,7 +4539,9 @@ SET XML OPTION { DOCUMENT | CONTENT }; Only superusers can change this setting, because it affects the - messages sent to the server log as well as to the client. + messages sent to the server log as well as to the client, and + an improper value might obscure the readability of the server + logs. @@ -4631,12 +4645,12 @@ SET XML OPTION { DOCUMENT | CONTENT }; - The value for dynamic_library_path has to be a + The value for dynamic_library_path must be a list of absolute directory paths separated by colons (or semi-colons on Windows). If a list element starts with the special string $libdir, the compiled-in PostgreSQL package - library directory is substituted for $libdir. This + library directory is substituted for $libdir; this is where the modules provided by the standard PostgreSQL distribution are installed. (Use pg_config --pkglibdir to find out the name of @@ -4674,7 +4688,7 @@ dynamic_library_path = 'C:\tools\postgresql;H:\my_project\lib;$libdir' - Soft upper limit of the size of the set returned by GIN index. For more + Soft upper limit of the size of the set returned by GIN index scans. For more information see . @@ -4711,7 +4725,8 @@ dynamic_library_path = 'C:\tools\postgresql;H:\my_project\lib;$libdir' - There is no performance advantage to loading a library at session + Unlike local_preload_libraries, there is no + performance advantage to loading a library at session start rather than when it is first used. Rather, the intent of this feature is to allow debugging or performance-measurement libraries to be loaded into specific sessions without an explicit @@ -4761,10 +4776,10 @@ dynamic_library_path = 'C:\tools\postgresql;H:\my_project\lib;$libdir' This is the amount of time, in milliseconds, to wait on a lock before checking to see if there is a deadlock condition. The - check for deadlock is relatively slow, so the server doesn't run + check for deadlock is relatively expensive, so the server doesn't run it every time it waits for a lock. We optimistically assume that deadlocks are not common in production applications and - just wait on the lock for a while before starting the check for a + just wait on the lock for a while before checking for a deadlock. Increasing this value reduces the amount of time wasted in needless deadlock checks, but slows down reporting of real deadlock errors. The default is one second (1s), @@ -4792,7 +4807,7 @@ dynamic_library_path = 'C:\tools\postgresql;H:\my_project\lib;$libdir' - The shared lock table is created to track locks on + The shared lock table tracks locks on max_locks_per_transaction * ( + ) objects (e.g., tables); @@ -4889,7 +4904,7 @@ dynamic_library_path = 'C:\tools\postgresql;H:\my_project\lib;$libdir' Note that in a standard-conforming string literal, \ just - means \ anyway. This parameter affects the handling of + means \ anyway. This parameter only affects the handling of non-standard-conforming literals, including escape string syntax (E'...'). @@ -4908,9 +4923,8 @@ dynamic_library_path = 'C:\tools\postgresql;H:\my_project\lib;$libdir' newly-created tables, if neither WITH OIDS nor WITHOUT OIDS is specified. It also determines whether OIDs will be included in tables created by - SELECT INTO. In PostgreSQL - 8.1 default_with_oids is off by default; in - prior versions of PostgreSQL, it + SELECT INTO. The parameter is off + by default; in PostgreSQL 8.0 and earlier, it was on by default. @@ -4983,7 +4997,7 @@ dynamic_library_path = 'C:\tools\postgresql;H:\my_project\lib;$libdir' This controls the inheritance semantics. If turned off, - subtables are not included by various commands by default; basically + subtables are not accessed by various commands by default; basically an implied ONLY key word. This was added for compatibility with releases prior to 7.1. See for more information. @@ -5006,12 +5020,13 @@ dynamic_library_path = 'C:\tools\postgresql;H:\my_project\lib;$libdir' PostgreSQL to have its historical behavior of treating backslashes as escape characters. The default will change to on in a future release - to improve compatibility with the standard. + to improve compatibility with the SQL standard. Applications can check this parameter to determine how string literals will be processed. The presence of this parameter can also be taken as an indication that the escape string syntax (E'...') is supported. - Escape string syntax should be used if an application desires + Escape string syntax () + should be used if an application desires backslashes to be treated as escape characters. @@ -5072,11 +5087,11 @@ dynamic_library_path = 'C:\tools\postgresql;H:\my_project\lib;$libdir' null values, so if you use that interface to access the database you might want to turn this option on. Since expressions of the form expr = NULL always - return the null value (using the correct interpretation) they are not - very useful and do not appear often in normal applications, so + return the null value (using the SQL standard interpretation), they are not + very useful and do not appear often in normal applications so this option does little harm in practice. But new users are frequently confused about the semantics of expressions - involving null values, so this option is not on by default. + involving null values, so this option is off by default. @@ -5200,7 +5215,8 @@ dynamic_library_path = 'C:\tools\postgresql;H:\my_project\lib;$libdir' less than the value of NAMEDATALEN when building the server. The default value of NAMEDATALEN is 64; therefore the default - max_identifier_length is 63 bytes. + max_identifier_length is 63 bytes, which + can be less than 63 characters when using multi-byte encodings. @@ -5355,8 +5371,7 @@ dynamic_library_path = 'C:\tools\postgresql;H:\my_project\lib;$libdir' module for a specific class is loaded, it will add the proper variable definitions for its class name, convert any placeholder values according to those definitions, and issue warnings for any - placeholders of its class that remain (which presumably would be - misspelled configuration variables). + unrecognized placeholders of its class that remain. @@ -5377,9 +5392,9 @@ plruby.use_strict = true # generates error: unknown class name The following parameters are intended for work on the - PostgreSQL source, and in some cases + PostgreSQL source code, and in some cases to assist with recovery of severely damaged databases. There - should be no reason to use them in a production database setup. + should be no reason to use them on a production database. As such, they have been excluded from the sample postgresql.conf file. Note that many of these parameters require special source compilation flags to work at all. @@ -5445,7 +5460,7 @@ plruby.use_strict = true # generates error: unknown class name If nonzero, a delay of this many seconds occurs when a new server process is started, after it conducts the - authentication procedure. This is intended to give an + authentication procedure. This is intended to give developers an opportunity to attach to the server process with a debugger. This parameter cannot be changed after session start. @@ -5461,7 +5476,7 @@ plruby.use_strict = true # generates error: unknown class name If nonzero, a delay of this many seconds occurs just after a new server process is forked, before it conducts the - authentication procedure. This is intended to give an + authentication procedure. This is intended to give developers an opportunity to attach to the server process with a debugger to trace down misbehavior in authentication. This parameter can only be set in the postgresql.conf @@ -5482,7 +5497,7 @@ plruby.use_strict = true # generates error: unknown class name commands. or must be DEBUG1 or lower to send this output to the - client or server log, respectively. + client or server logs, respectively. @@ -5719,9 +5734,9 @@ plruby.use_strict = true # generates error: unknown class name namely all the rows on the damaged page. But it allows you to get past the error and retrieve rows from any undamaged pages that might be present in the table. So it is useful for recovering data if - corruption has occurred due to hardware or software error. You should + corruption has occurred due to a hardware or software error. You should generally not set this on until you have given up hope of recovering - data from the damaged page(s) of a table. The + data from the damaged pages of a table. The default setting is off, and it can only be changed by a superuser. diff --git a/doc/src/sgml/diskusage.sgml b/doc/src/sgml/diskusage.sgml index 1399fad570..67f50c5f09 100644 --- a/doc/src/sgml/diskusage.sgml +++ b/doc/src/sgml/diskusage.sgml @@ -1,4 +1,4 @@ - + Monitoring Disk Usage @@ -18,10 +18,10 @@ Each table has a primary heap disk file where most of the data is stored. If the table has any columns with potentially-wide values, - there is also a TOAST file associated with the table, + there also might be a TOAST file associated with the table, which is used to store values too wide to fit comfortably in the main table (see ). There will be one index on the - TOAST table, if present. There might also be indexes associated + TOAST table, if present. There also might be indexes associated with the base table. Each table and index is stored in a separate disk file — possibly more than one file, if the file would exceed one gigabyte. Naming conventions for these files are described in - You can monitor disk space from three ways: using + You can monitor disk space three ways: using SQL functions listed in , using VACUUM information, and from the command line using the tools in contrib/oid2name. The SQL functions @@ -60,13 +60,15 @@ SELECT relfilenode, relpages FROM pg_class WHERE relname = 'customer'; like the following: SELECT relname, relpages - FROM pg_class, - (SELECT reltoastrelid FROM pg_class - WHERE relname = 'customer') ss - WHERE oid = ss.reltoastrelid - OR oid = (SELECT reltoastidxid FROM pg_class - WHERE oid = ss.reltoastrelid) - ORDER BY relname; +FROM pg_class, + (SELECT reltoastrelid + FROM pg_class + WHERE relname = 'customer') AS ss +WHERE oid = ss.reltoastrelid OR + oid = (SELECT reltoastidxid + FROM pg_class + WHERE oid = ss.reltoastrelid) +ORDER BY relname; relname | relpages ----------------------+---------- @@ -79,11 +81,11 @@ SELECT relname, relpages You can easily display index sizes, too: SELECT c2.relname, c2.relpages - FROM pg_class c, pg_class c2, pg_index i - WHERE c.relname = 'customer' - AND c.oid = i.indrelid - AND c2.oid = i.indexrelid - ORDER BY c2.relname; +FROM pg_class c, pg_class c2, pg_index i +WHERE c.relname = 'customer' AND + c.oid = i.indrelid AND + c2.oid = i.indexrelid +ORDER BY c2.relname; relname | relpages ----------------------+---------- @@ -95,7 +97,9 @@ SELECT c2.relname, c2.relpages It is easy to find your largest tables and indexes using this information: -SELECT relname, relpages FROM pg_class ORDER BY relpages DESC; +SELECT relname, relpages +FROM pg_class +ORDER BY relpages DESC; relname | relpages ----------------------+---------- @@ -105,9 +109,8 @@ SELECT relname, relpages FROM pg_class ORDER BY relpages DESC; - You can also use contrib/oid2name to show disk usage. See - README.oid2name in that directory for examples. It includes a script that - shows disk usage for each database. + You can also use contrib/oid2name to show disk usage; see + for more details and examples. @@ -116,7 +119,7 @@ SELECT relname, relpages FROM pg_class ORDER BY relpages DESC; The most important disk monitoring task of a database administrator - is to make sure the disk doesn't grow full. A filled data disk will + is to make sure the disk doesn't become full. A filled data disk will not result in data corruption, but it might prevent useful activity from occurring. If the disk holding the WAL files grows full, database server panic and consequent shutdown might occur. @@ -140,7 +143,7 @@ SELECT relname, relpages FROM pg_class ORDER BY relpages DESC; If your system supports per-user disk quotas, then the database will naturally be subject to whatever quota is placed on the user the server runs as. Exceeding the quota will have the same bad - effects as running out of space entirely. + effects as running out of disk space entirely. diff --git a/doc/src/sgml/high-availability.sgml b/doc/src/sgml/high-availability.sgml index a862740868..a51b00b9e5 100644 --- a/doc/src/sgml/high-availability.sgml +++ b/doc/src/sgml/high-availability.sgml @@ -1,4 +1,4 @@ - + High Availability, Load Balancing, and Replication @@ -67,7 +67,7 @@ Performance must be considered in any choice. There is usually a trade-off between functionality and - performance. For example, a full synchronous solution over a slow + performance. For example, a fully synchronous solution over a slow network might cut performance by more than half, while an asynchronous one might have a minimal performance impact. @@ -89,7 +89,7 @@ Shared disk failover avoids synchronization overhead by having only one copy of the database. It uses a single disk array that is shared by multiple servers. If the main database server fails, the standby server - is able to mount and start the database as though it was recovering from + is able to mount and start the database as though it were recovering from a database crash. This allows rapid failover with no data loss. @@ -149,7 +149,7 @@ protocol to make nodes agree on a serializable transactional order. A PITR warm standby server can be kept more up-to-date using the streaming replication feature built into PostgreSQL 8.5 - onwards. + onwards; see . @@ -190,7 +190,7 @@ protocol to make nodes agree on a serializable transactional order. If queries are simply broadcast unmodified, functions like random(), CURRENT_TIMESTAMP, and - sequences would have different values on different servers. + sequences can have different values on different servers. This is because each server operates independently, and because SQL queries are broadcast (and not actual modified rows). If this is unacceptable, either the middleware or the application diff --git a/doc/src/sgml/install-win32.sgml b/doc/src/sgml/install-win32.sgml index 76c62210bd..09e67a5ede 100644 --- a/doc/src/sgml/install-win32.sgml +++ b/doc/src/sgml/install-win32.sgml @@ -1,4 +1,4 @@ - + Installation from Source Code on <productname>Windows</productname> @@ -388,7 +388,7 @@ - To change the schedule used (default is the parallel), append it to the + To change the schedule used (default is parallel), append it to the command line like: @@ -544,9 +544,10 @@ Normally you do not need to install any of the client files. You should place the libpq.dll file in the same directory as your applications executable file. Do not install - libpq.dll into your Windows, System or System32 - directory unless absolutely necessary. - If this file is installed using a setup program, it should + libpq.dll into your Windows, + System or System32 directory unless + absolutely necessary. + If this file is installed using a setup program, then it should be installed with version checking using the VERSIONINFO resource included in the file, to ensure that a newer version of the library is not overwritten. diff --git a/doc/src/sgml/installation.sgml b/doc/src/sgml/installation.sgml index 003d172b01..ecb595f1fe 100644 --- a/doc/src/sgml/installation.sgml +++ b/doc/src/sgml/installation.sgml @@ -1,4 +1,4 @@ - + <![%standalone-include[<productname>PostgreSQL</>]]> @@ -1106,7 +1106,7 @@ su - postgres a larger segment size. This can be helpful to reduce the number of file descriptors consumed when working with very large tables. But be careful not to select a value larger than is supported - by your platform and the filesystem(s) you intend to use. Other + by your platform and the file systems you intend to use. Other tools you might wish to use, such as <application>tar</>, could also set limits on the usable file size. It is recommended, though not absolutely required, that this value diff --git a/doc/src/sgml/maintenance.sgml b/doc/src/sgml/maintenance.sgml index 686a4e9d56..e6c9d9cc4a 100644 --- a/doc/src/sgml/maintenance.sgml +++ b/doc/src/sgml/maintenance.sgml @@ -1,4 +1,4 @@ -<!-- $PostgreSQL: pgsql/doc/src/sgml/maintenance.sgml,v 1.97 2009/11/16 21:32:06 tgl Exp $ --> +<!-- $PostgreSQL: pgsql/doc/src/sgml/maintenance.sgml,v 1.98 2010/02/03 17:25:05 momjian Exp $ --> <chapter id="maintenance"> <title>Routine Database Maintenance Tasks @@ -17,13 +17,13 @@ discussed here are required, but they are repetitive in nature and can easily be automated using standard tools such as cron scripts or - Windows' Task Scheduler. But it is the database + Windows' Task Scheduler. It is the database administrator's responsibility to set up appropriate scripts, and to check that they execute successfully. - One obvious maintenance task is creation of backup copies of the data on a + One obvious maintenance task is the creation of backup copies of the data on a regular schedule. Without a recent backup, you have no chance of recovery after a catastrophe (disk failure, fire, mistakenly dropping a critical table, etc.). The backup and recovery mechanisms available in @@ -118,7 +118,7 @@ the standard form of VACUUM can run in parallel with production database operations. (Commands such as SELECT, INSERT, UPDATE, and - DELETE will continue to function as normal, though you + DELETE will continue to function normally, though you will not be able to modify the definition of a table with commands such as ALTER TABLE while it is being vacuumed.) VACUUM FULL requires exclusive lock on the table it is @@ -151,11 +151,11 @@ UPDATE or DELETE of a row does not immediately remove the old version of the row. This approach is necessary to gain the benefits of multiversion - concurrency control (see ): the row version + concurrency control (MVCC, see ): the row version must not be deleted while it is still potentially visible to other transactions. But eventually, an outdated or deleted row version is no longer of interest to any transaction. The space it occupies must then be - reclaimed for reuse by new rows, to avoid infinite growth of disk + reclaimed for reuse by new rows, to avoid unbounded growth of disk space requirements. This is done by running VACUUM. @@ -309,14 +309,14 @@ statistics more frequently than others if your application requires it. In practice, however, it is usually best to just analyze the entire database, because it is a fast operation. ANALYZE uses a - statistical random sampling of the rows of a table rather than reading + statistically random sampling of the rows of a table rather than reading every single row. Although per-column tweaking of ANALYZE frequency might not be - very productive, you might well find it worthwhile to do per-column + very productive, you might find it worthwhile to do per-column adjustment of the level of detail of the statistics collected by ANALYZE. Columns that are heavily used in WHERE clauses and have highly irregular data distributions might require a @@ -341,11 +341,11 @@ numbers: a row version with an insertion XID greater than the current transaction's XID is in the future and should not be visible to the current transaction. But since transaction IDs have limited size - (32 bits at this writing) a cluster that runs for a long time (more + (32 bits) a cluster that runs for a long time (more than 4 billion transactions) would suffer transaction ID wraparound: the XID counter wraps around to zero, and all of a sudden transactions that were in the past appear to be in the future — which - means their outputs become invisible. In short, catastrophic data loss. + means their output become invisible. In short, catastrophic data loss. (Actually the data is still there, but that's cold comfort if you cannot get at it.) To avoid this, it is necessary to vacuum every table in every database at least once every two billion transactions. @@ -353,8 +353,9 @@ The reason that periodic vacuuming solves the problem is that - PostgreSQL distinguishes a special XID - FrozenXID. This XID is always considered older + PostgreSQL reserves a special XID + as FrozenXID. This XID does not follow the normal XID + comparison rules and is always considered older than every normal XID. Normal XIDs are compared using modulo-231 arithmetic. This means that for every normal XID, there are two billion XIDs that are @@ -365,12 +366,12 @@ the next two billion transactions, no matter which normal XID we are talking about. If the row version still exists after more than two billion transactions, it will suddenly appear to be in the future. To - prevent data loss, old row versions must be reassigned the XID + prevent this, old row versions must be reassigned the XID FrozenXID sometime before they reach the two-billion-transactions-old mark. Once they are assigned this special XID, they will appear to be in the past to all normal transactions regardless of wraparound issues, and so such - row versions will be good until deleted, no matter how long that is. + row versions will be valid until deleted, no matter how long that is. This reassignment of old XIDs is handled by VACUUM. @@ -398,14 +399,14 @@ The maximum time that a table can go unvacuumed is two billion - transactions minus the vacuum_freeze_min_age that was used - when VACUUM last scanned the whole table. If it were to go + transactions minus the vacuum_freeze_min_age value at + the time VACUUM last scanned the whole table. If it were to go unvacuumed for longer than that, data loss could result. To ensure that this does not happen, autovacuum is invoked on any table that might contain XIDs older than the age specified by the configuration parameter . (This will happen even if - autovacuum is otherwise disabled.) + autovacuum is disabled.) @@ -416,10 +417,10 @@ For tables that are regularly vacuumed for space reclamation purposes, this is of little importance. However, for static tables (including tables that receive inserts, but no updates or deletes), - there is no need for vacuuming for space reclamation, and so it can + there is no need to vacuum for space reclamation, so it can be useful to try to maximize the interval between forced autovacuums on very large static tables. Obviously one can do this either by - increasing autovacuum_freeze_max_age or by decreasing + increasing autovacuum_freeze_max_age or decreasing vacuum_freeze_min_age. @@ -444,10 +445,10 @@ The sole disadvantage of increasing autovacuum_freeze_max_age (and vacuum_freeze_table_age along with it) is that the pg_clog subdirectory of the database cluster - will take more space, because it must store the commit status for all + will take more space, because it must store the commit status of all transactions back to the autovacuum_freeze_max_age horizon. The commit status uses two bits per transaction, so if - autovacuum_freeze_max_age has its maximum allowed value of + autovacuum_freeze_max_age is set to its maximum allowed value of a little less than two billion, pg_clog can be expected to grow to about half a gigabyte. If this is trivial compared to your total database size, setting autovacuum_freeze_max_age to @@ -530,7 +531,7 @@ HINT: To avoid a database shutdown, execute a database-wide VACUUM in "mydb". superuser, else it will fail to process system catalogs and thus not be able to advance the database's datfrozenxid.) If these warnings are - ignored, the system will shut down and refuse to execute any new + ignored, the system will shut down and refuse to start any new transactions once there are fewer than 1 million transactions left until wraparound: @@ -592,14 +593,14 @@ HINT: Stop the postmaster and use a standalone backend to VACUUM in "mydb". The setting limits how many workers may be running at any time. If several large tables all become eligible for vacuuming in a short amount of time, all autovacuum workers - may become occupied with vacuuming those tables for a long period. + might become occupied with vacuuming those tables for a long period. This would result in other tables and databases not being vacuumed until a worker became - available. There is not a limit on how many workers might be in a + available. There is no limit on how many workers might be in a single database, but workers do try to avoid repeating work that has already been done by other workers. Note that the number of running - workers does not count towards the nor - the limits. + workers does not count towards or + limits. @@ -699,36 +700,26 @@ analyze threshold = analyze base threshold + analyze scale factor * number of tu - In PostgreSQL releases before 7.4, periodic reindexing - was frequently necessary to avoid index bloat, due to lack of - internal space reclamation in B-tree indexes. Any situation in which the - range of index keys changed over time — for example, an index on - timestamps in a table where old entries are eventually deleted — - would result in bloat, because index pages for no-longer-needed portions - of the key range were not reclaimed for re-use. Over time, the index size - could become indefinitely much larger than the amount of useful data in it. - - - - In PostgreSQL 7.4 and later, index pages that have become - completely empty are reclaimed for re-use. There is still a possibility - for inefficient use of space: if all but a few index keys on a page have - been deleted, the page remains allocated. So a usage pattern in which all - but a few keys in each range are eventually deleted will see poor use of - space. For such usage patterns, periodic reindexing is recommended. + Index pages that have become + completely empty are reclaimed for re-use. However, here is still the possibility + of inefficient use of space: if all but a few index keys on a page have + been deleted, the page remains allocated. Therefore, a usage + pattern in which most, but not all, keys in each range are eventually + deleted will see poor use of space. For such usage patterns, + periodic reindexing is recommended. The potential for bloat in non-B-tree indexes has not been well - characterized. It is a good idea to keep an eye on the index's physical + researched. It is a good idea to periodically monitor the index's physical size when using any non-B-tree index type. - Also, for B-tree indexes a freshly-constructed index is somewhat faster to - access than one that has been updated many times, because logically + Also, for B-tree indexes, a freshly-constructed index is slightly faster to + access than one that has been updated many times because logically adjacent pages are usually also physically adjacent in a newly built index. - (This consideration does not currently apply to non-B-tree indexes.) It + (This consideration does not apply to non-B-tree indexes.) It might be worthwhile to reindex periodically just to improve access speed. @@ -744,11 +735,11 @@ analyze threshold = analyze base threshold + analyze scale factor * number of tu It is a good idea to save the database server's log output - somewhere, rather than just routing it to /dev/null. - The log output is invaluable when it comes time to diagnose + somewhere, rather than just discarding it via /dev/null. + The log output is invaluable when diagnosing problems. However, the log output tends to be voluminous - (especially at higher debug levels) and you won't want to save it - indefinitely. You need to rotate the log files so that + (especially at higher debug levels) so you won't want to save it + indefinitely. You need to rotate the log files so that new log files are started and old ones removed after a reasonable period of time. @@ -758,7 +749,7 @@ analyze threshold = analyze base threshold + analyze scale factor * number of tu postgres into a file, you will have log output, but the only way to truncate the log file is to stop and restart - the server. This might be OK if you are using + the server. This might be acceptable if you are using PostgreSQL in a development environment, but few production servers would find this behavior acceptable. @@ -766,17 +757,18 @@ analyze threshold = analyze base threshold + analyze scale factor * number of tu A better approach is to send the server's stderr output to some type of log rotation program. - There is a built-in log rotation program, which you can use by + There is a built-in log rotation facility, which you can use by setting the configuration parameter logging_collector to true in postgresql.conf. The control parameters for this program are described in . You can also use this approach - to capture the log data in machine readable CSV format. + to capture the log data in machine readable CSV + (comma-separated values) format. Alternatively, you might prefer to use an external log rotation - program, if you have one that you are already using with other + program if you have one that you are already using with other server software. For example, the rotatelogs tool included in the Apache distribution can be used with PostgreSQL. To do this, @@ -794,7 +786,7 @@ pg_ctl start | rotatelogs /var/log/pgsql_log 86400 Another production-grade approach to managing log output is to - send it all to syslog and let + send it to syslog and let syslog deal with file rotation. To do this, set the configuration parameter log_destination to syslog (to log to syslog only) in @@ -810,15 +802,15 @@ pg_ctl start | rotatelogs /var/log/pgsql_log 86400 On many systems, however, syslog is not very reliable, particularly with large log messages; it might truncate or drop messages just when you need them the most. Also, on Linux, - syslog will sync each message to disk, yielding poor - performance. (You can use a - at the start of the file name + syslog will flush each message to disk, yielding poor + performance. (You can use a - at the start of the file name in the syslog configuration file to disable syncing.) Note that all the solutions described above take care of starting new log files at configurable intervals, but they do not handle deletion - of old, no-longer-interesting log files. You will probably want to set + of old, no-longer-useful log files. You will probably want to set up a batch job to periodically delete old log files. Another possibility is to configure the rotation program so that old log files are overwritten cyclically. diff --git a/doc/src/sgml/manage-ag.sgml b/doc/src/sgml/manage-ag.sgml index e3731d0293..da27e74d4e 100644 --- a/doc/src/sgml/manage-ag.sgml +++ b/doc/src/sgml/manage-ag.sgml @@ -1,4 +1,4 @@ - + Managing Databases @@ -25,7 +25,7 @@ A database is a named collection of SQL objects (database objects). Generally, every database object (tables, functions, etc.) belongs to one and only one - database. (But there are a few system catalogs, for example + database. (However there are a few system catalogs, for example pg_database, that belong to a whole cluster and are accessible from each database within the cluster.) More accurately, a database is a collection of schemas and the schemas @@ -38,15 +38,15 @@ When connecting to the database server, a client must specify in its connection request the name of the database it wants to connect to. It is not possible to access more than one database per - connection. (But an application is not restricted in the number of - connections it opens to the same or other databases.) Databases are + connection. However, an application is not restricted in the number of + connections it opens to the same or other databases. Databases are physically separated and access control is managed at the connection level. If one PostgreSQL server instance is to house projects or users that should be separate and for the most part unaware of each other, it is therefore recommendable to put them into separate databases. If the projects or users are interrelated and should be able to use each other's - resources they should be put in the same database, but possibly + resources, they should be put in the same database but possibly into separate schemas. Schemas are a purely logical structure and who can access what is managed by the privilege system. More information about managing schemas is in . @@ -94,7 +94,7 @@ CREATE DATABASE name; where name follows the usual rules for SQL identifiers. The current role automatically becomes the owner of the new database. It is the privilege of the - owner of a database to remove it later on (which also removes all + owner of a database to remove it later (which also removes all the objects in it, even if they have a different owner). @@ -123,14 +123,14 @@ CREATE DATABASE name; new database is created within the cluster, template1 is essentially cloned. This means that any changes you make in template1 are - propagated to all subsequently created databases. Therefore it is - unwise to use template1 for real work, but when - used judiciously this feature can be convenient. More details + propagated to all subsequently created databases. Because of this, + avoid creating objects in template1 unless you want them + propagated to every newly created database. More details appear in . - As a convenience, there is a program that you can + As a convenience, there is a program you can execute from the shell to create new databases, createdb.createdb @@ -143,8 +143,7 @@ createdb dbname exactly as described above. The reference page contains the invocation details. Note that createdb without any arguments will create - a database with the current user name, which might or might not be what - you want. + a database with the current user name. @@ -155,8 +154,8 @@ createdb dbname - Sometimes you want to create a database for someone else. That - role should become the owner of the new database, so he can + Sometimes you want to create a database for someone else, and have him + become the owner of the new database, so he can configure and manage it himself. To achieve that, use one of the following commands: @@ -167,7 +166,7 @@ CREATE DATABASE dbname OWNER rolename; createdb -O rolename dbname from the shell. - You must be a superuser to be allowed to create a database for + Only the superuser is allowed to create a database for someone else (that is, for a role you are not a member of). @@ -186,7 +185,7 @@ createdb -O rolename dbname objects in databases. For example, if you install the procedural language PL/Perl in template1, it will automatically be available in user databases without any extra - action being taken when those databases are made. + action being taken when those databases are created. @@ -204,7 +203,7 @@ createdb -O rolename dbname template1. This is particularly handy when restoring a pg_dump dump: the dump script should be restored in a virgin database to ensure that one recreates the correct contents - of the dumped database, without any conflicts with objects that + of the dumped database, without conflicting with objects that might have been added to template1 later on. @@ -238,8 +237,8 @@ createdb -T template0 dbname The principal limitation is that no other sessions can be connected to the source database while it is being copied. CREATE DATABASE will fail if any other connection exists when it starts; - otherwise, new connections to the source database are locked out - until CREATE DATABASE completes. + during the copy operation, new connections to the source database + are prevented. @@ -251,9 +250,9 @@ createdb -T template0 dbname cloned by any user with CREATEDB privileges; if it is not set, only superusers and the owner of the database can clone it. If datallowconn is false, then no new connections - to that database will be allowed (but existing sessions are not killed + to that database will be allowed (but existing sessions are not terminated simply by setting the flag false). The template0 - database is normally marked datallowconn = false to prevent modification of it. + database is normally marked datallowconn = false to prevent its modification. Both template0 and template1 should always be marked with datistemplate = true. @@ -274,7 +273,7 @@ createdb -T template0 dbname The postgres database is also created when a database cluster is initialized. This database is meant as a default database for users and applications to connect to. It is simply a copy of - template1 and can be dropped and recreated if required. + template1 and can be dropped and recreated if necessary. @@ -294,7 +293,7 @@ createdb -T template0 dbname GEQO optimizer for a given database, you'd ordinarily have to either disable it for all databases or make sure that every connecting client is careful to issue SET geqo - TO off;. To make this setting the default within a particular + TO off. To make this setting the default within a particular database, you can execute the command: ALTER DATABASE mydb SET geqo TO off; @@ -306,7 +305,7 @@ ALTER DATABASE mydb SET geqo TO off; Note that users can still alter this setting during their sessions; it will only be the default. To undo any such setting, use ALTER DATABASE dbname RESET - varname;. + varname. @@ -387,7 +386,7 @@ dropdb dbname CREATE TABLESPACE fastspace LOCATION '/mnt/sda1/postgresql/data'; The location must be an existing, empty directory that is owned by - the PostgreSQL system user. All objects subsequently + the PostgreSQL operating system user. All objects subsequently created within the tablespace will be stored in files underneath this directory. @@ -405,7 +404,7 @@ CREATE TABLESPACE fastspace LOCATION '/mnt/sda1/postgresql/data'; Creation of the tablespace itself must be done as a database superuser, - but after that you can allow ordinary database users to make use of it. + but after that you can allow ordinary database users to use it. To do that, grant them the CREATE privilege on it. @@ -500,8 +499,8 @@ SELECT spcname FROM pg_tablespace; Although not recommended, it is possible to adjust the tablespace layout by hand by redefining these links. Two warnings: do not do so while the server is running; and after you restart the server, - update the pg_tablespace catalog to show the new - locations. (If you do not, pg_dump will continue to show + update the pg_tablespace catalog with the new + locations. (If you do not, pg_dump will continue to output the old tablespace locations.) diff --git a/doc/src/sgml/monitoring.sgml b/doc/src/sgml/monitoring.sgml index 954dd1a2e4..ae730203df 100644 --- a/doc/src/sgml/monitoring.sgml +++ b/doc/src/sgml/monitoring.sgml @@ -1,4 +1,4 @@ - + Monitoring Database Activity @@ -43,7 +43,7 @@ - On most platforms, PostgreSQL modifies its + On most Unix platforms, PostgreSQL modifies its command title as reported by ps, so that individual server processes can readily be identified. A sample display is @@ -61,7 +61,7 @@ postgres 1016 0.1 2.4 6532 3080 pts/1 SN 13:19 0:00 postgres: tgl reg platforms, as do the details of what is shown. This example is from a recent Linux system.) The first process listed here is the master server process. The command arguments - shown for it are the same ones given when it was launched. The next two + shown for it are the same ones used when it was launched. The next two processes are background worker processes automatically launched by the master process. (The stats collector process will not be present if you have set @@ -73,22 +73,22 @@ postgres 1016 0.1 2.4 6532 3080 pts/1 SN 13:19 0:00 postgres: tgl reg postgres: user database host activity - The user, database, and connection source host items remain the same for + The user, database, and (client) host items remain the same for the life of the client connection, but the activity indicator changes. The activity can be idle (i.e., waiting for a client command), idle in transaction (waiting for client inside a BEGIN block), or a command type name such as SELECT. Also, - waiting is attached if the server process is presently waiting - on a lock held by another server process. In the above example we can infer + waiting is appended if the server process is presently waiting + on a lock held by another session. In the above example we can infer that process 1003 is waiting for process 1016 to complete its transaction and - thereby release some lock or other. + thereby release some lock. If you have turned off then the activity indicator is not updated; the process title is set only once - when a new process is launched. On some platforms this saves a useful - amount of per-command overhead, on others it's insignificant. + when a new process is launched. On some platforms this saves a measurable + amount of per-command overhead; on others it's insignificant. @@ -118,15 +118,15 @@ postgres: user database host - PostgreSQL also supports determining the exact + PostgreSQL also supports reporting of the exact command currently being executed by other server processes. This is an - independent facility that does not depend on the collector process. + facility independent of the collector process. @@ -172,7 +172,7 @@ postgres: user database host global subdirectory. For increased performance, the parameter can - be pointed at a RAM based filesystem, decreasing physical I/O requirements. + be pointed at a RAM-based file system, decreasing physical I/O requirements. @@ -205,9 +205,9 @@ postgres: user database host diff --git a/doc/src/sgml/regress.sgml b/doc/src/sgml/regress.sgml index 29d320c919..1668a0615e 100644 --- a/doc/src/sgml/regress.sgml +++ b/doc/src/sgml/regress.sgml @@ -1,4 +1,4 @@ - + Regression Tests @@ -26,17 +26,14 @@ running server, or using a temporary installation within the build tree. Furthermore, there is a parallel and a sequential mode for running the tests. The - sequential method runs each test script in turn, whereas the + sequential method runs each test script alone, while the parallel method starts up multiple server processes to run groups of tests in parallel. Parallel testing gives confidence that - interprocess communication and locking are working correctly. For - historical reasons, the sequential test is usually run against an - existing installation and the parallel method against a temporary - installation, but there are no technical reasons for this. + interprocess communication and locking are working correctly. - To run the regression tests after building but before installation, + To run the parallel regression tests after building but before installation, type: gmake check @@ -44,7 +41,7 @@ gmake check in the top-level directory. (Or you can change to src/test/regress and run the command there.) This will first build several auxiliary files, such as - some sample user-defined trigger functions, and then run the test driver + sample user-defined trigger functions, and then run the test driver script. At the end you should see something like: @@ -206,9 +203,9 @@ gmake installcheck If you run the tests against a server that was initialized with a collation-order locale other than C, then - there might be differences due to sort order and follow-up + there might be differences due to sort order and subsequent failures. The regression test suite is set up to handle this - problem by providing alternative result files that together are + problem by providing alternate result files that together are known to handle a large number of locales. @@ -270,7 +267,7 @@ gmake check NO_LOCALE=1 results involving mathematical functions of double precision columns have been observed. The float8 and geometry tests are particularly prone to small differences - across platforms, or even with different compiler optimization options. + across platforms, or even with different compiler optimization setting. Human eyeball comparison is needed to determine the real significance of these differences which are usually 10 places to the right of the decimal point. @@ -298,10 +295,10 @@ different order than what appears in the expected file. In most cases this is not, strictly speaking, a bug. Most of the regression test scripts are not so pedantic as to use an ORDER BY for every single SELECT, and so their result row orderings are not well-defined -according to the letter of the SQL specification. In practice, since we are +according to the SQL specification. In practice, since we are looking at the same queries being executed on the same data by the same -software, we usually get the same result ordering on all platforms, and -so the lack of ORDER BY isn't a problem. Some queries do exhibit +software, we usually get the same result ordering on all platforms, +so the lack of ORDER BY is not a problem. Some queries do exhibit cross-platform ordering differences, however. When testing against an already-installed server, ordering differences can also be caused by non-C locale settings or non-default parameter settings, such as custom values @@ -311,8 +308,8 @@ of work_mem or the planner cost parameters. Therefore, if you see an ordering difference, it's not something to worry about, unless the query does have an ORDER BY that your -result is violating. But please report it anyway, so that we can add an -ORDER BY to that particular query and thereby eliminate the bogus +result is violating. However, please report it anyway, so that we can add an +ORDER BY to that particular query to eliminate the bogus failure in future releases. @@ -364,7 +361,7 @@ diff results/random.out expected/random.out Since some of the tests inherently produce environment-dependent - results, we have provided ways to specify alternative expected + results, we have provided ways to specify alternate expected result files. Each regression test can have several comparison files showing possible results on different platforms. There are two independent mechanisms for determining which comparison file is used @@ -410,7 +407,7 @@ testname:output:platformpattern=comparisonfilename float8:out:i.86-.*-openbsd=float8-small-is-zero.out - which will trigger on any machine for which the output of + which will trigger on any machine where the output of config.guess matches i.86-.*-openbsd. Other lines in resultmap select the variant comparison file for other diff --git a/doc/src/sgml/runtime.sgml b/doc/src/sgml/runtime.sgml index 6213b92530..97e2c9807e 100644 --- a/doc/src/sgml/runtime.sgml +++ b/doc/src/sgml/runtime.sgml @@ -1,4 +1,4 @@ - + Server Setup and Operation @@ -16,7 +16,7 @@ - As with any other server daemon that is accessible to the outside world, + As with any server daemon that is accessible to the outside world, it is advisable to run PostgreSQL under a separate user account. This user account should only own the data that is managed by the server, and should not be shared with other @@ -146,7 +146,7 @@ postgres$ initdb -D /usr/local/pgsql/data superuser Also, specify @@ -706,8 +706,8 @@ psql: could not connect to server: No such file or directory Various other settings related to semaphore undo, such as - SEMMNU and SEMUME, are not of concern - for PostgreSQL. + SEMMNU and SEMUME, do not affect + PostgreSQL. @@ -758,24 +758,6 @@ options "SHMMAX=\(SHMALL*PAGE_SIZE\)" - - For those running 4.0 and earlier releases, use bpatch - to find the sysptsize value in the current - kernel. This is computed dynamically at boot time. - -$ bpatch -r sysptsize -0x9 = 9 - - Next, add SYSPTSIZE as a hard-coded value in the - kernel configuration file. Increase the value you found using - bpatch. Add 1 for every additional 4 MB of - shared memory you desire. - -options "SYSPTSIZE=16" - - sysptsize cannot be changed by sysctl. - - Semaphores</> <para> @@ -837,9 +819,9 @@ options "SEMMNS=240" <literal>security.jail.sysvipc_allowed</>, <application>postmaster</>s running in different jails should be run by different operating system users. This improves security because it prevents non-root users - from interfering with shared memory or semaphores in a different jail, + from interfering with shared memory or semaphores in different jails, and it allows the PostgreSQL IPC cleanup code to function properly. - (In FreeBSD 6.0 and later the IPC cleanup code doesn't properly detect + (In FreeBSD 6.0 and later the IPC cleanup code does not properly detect processes in other jails, preventing the running of postmasters on the same port in different jails.) </para> @@ -863,7 +845,8 @@ options "SEMMNS=240" to be enabled when the kernel is compiled. (They are by default.) The maximum size of shared memory is determined by the option <varname>SHMMAXPGS</> (in pages). The following - shows an example of how to set the various parameters + shows an example of how to set the various parameters on + <systemitem class="osname">NetBSD</> (<systemitem class="osname">OpenBSD</> uses <literal>option</> instead): <programlisting> options SYSVSHM @@ -902,7 +885,7 @@ options SEMMAP=256 <acronym>IPC</> parameters can be set in the <application>System Administration Manager</> (<acronym>SAM</>) under <menuchoice><guimenu>Kernel - Configuration</><guimenuitem>Configurable Parameters</></>. Hit + Configuration</><guimenuitem>Configurable Parameters</></>. Choose <guibutton>Create A New Kernel</> when you're done. </para> </listitem> @@ -926,8 +909,8 @@ options SEMMAP=256 <prompt>$</prompt> <userinput>sysctl -w kernel.shmmax=134217728</userinput> <prompt>$</prompt> <userinput>sysctl -w kernel.shmall=2097152</userinput> </screen> - In addition these settings can be saved between reboots in - <filename>/etc/sysctl.conf</filename>. + In addition these settings can be preserved between reboots in + the file <filename>/etc/sysctl.conf</filename>. </para> <para> @@ -964,7 +947,7 @@ sysctl -w kern.sysv.shmall In OS X 10.3 and later, these commands have been moved to <filename>/etc/rc</> and must be edited there. Note that <filename>/etc/rc</> is usually overwritten by OS X updates (such as - 10.3.6 to 10.3.7) so you should expect to have to redo your editing + 10.3.6 to 10.3.7) so you should expect to have to redo your edits after each update. </para> @@ -995,7 +978,7 @@ kern.sysv.shmall=1024 </para> <para> - In all OS X versions, you'll need to reboot to make changes in the + In all OS X versions, you will need to reboot to have changes in the shared memory parameters take effect. </para> </listitem> @@ -1304,11 +1287,11 @@ echo -17 > /proc/self/oom_adj Some vendors' Linux 2.4 kernels are reported to have early versions of the 2.6 overcommit <command>sysctl</command> parameter. However, setting <literal>vm.overcommit_memory</> to 2 - on a kernel that does not have the relevant code will make - things worse not better. It is recommended that you inspect + on a 2.4 kernel that does not have the relevant code will make + things worse, not better. It is recommended that you inspect the actual kernel source code (see the function <function>vm_enough_memory</> in the file <filename>mm/mmap.c</>) - to verify what is supported in your copy before you try this in a 2.4 + to verify what is supported in your kernel before you try this in a 2.4 installation. The presence of the <filename>overcommit-accounting</> documentation file should <emphasis>not</> be taken as evidence that the feature is there. If in any doubt, consult a kernel expert or your @@ -1357,7 +1340,7 @@ echo -17 > /proc/self/oom_adj The server disallows new connections and sends all existing server processes <systemitem>SIGTERM</systemitem>, which will cause them to abort their current transactions and exit promptly. It then - waits for the server processes to exit and finally shuts down. + waits for all server processes to exit and finally shuts down. If the server is in online backup mode, backup mode will be terminated, rendering the backup useless. </para> @@ -1428,7 +1411,7 @@ $ <userinput>kill -INT `head -1 /usr/local/pgsql/data/postmaster.pid`</userinput <para> While the server is running, it is not possible for a malicious user to take the place of the normal database server. However, when the - server is down it is possible for a local user to spoof the normal + server is down, it is possible for a local user to spoof the normal server by starting their own server. The spoof server could read passwords and queries sent by clients, but could not return any data because the <varname>PGDATA</> directory would still be secure because @@ -1489,7 +1472,7 @@ $ <userinput>kill -INT `head -1 /usr/local/pgsql/data/postmaster.pid`</userinput the administrator cannot determine the actual password assigned to the user. If MD5 encryption is used for client authentication, the unencrypted password is never even temporarily present on the - server because the client MD5 encrypts it before being sent + server because the client MD5-encrypts it before being sent across the network. </para> </listitem> @@ -1523,11 +1506,12 @@ $ <userinput>kill -INT `head -1 /usr/local/pgsql/data/postmaster.pid`</userinput <listitem> <para> - On Linux, encryption can be layered on top of a file system mount + On Linux, encryption can be layered on top of a file system using a <quote>loopback device</quote>. This allows an entire - file system partition be encrypted on disk, and decrypted by the + file system partition to be encrypted on disk, and decrypted by the operating system. On FreeBSD, the equivalent facility is called - GEOM Based Disk Encryption, or <acronym>gbde</acronym>. + GEOM Based Disk Encryption (<acronym>gbde</acronym>), and many + other operating systems support this functionality, including Windows. </para> <para> @@ -1550,7 +1534,7 @@ $ <userinput>kill -INT `head -1 /usr/local/pgsql/data/postmaster.pid`</userinput <para> The <literal>MD5</> authentication method double-encrypts the password on the client before sending it to the server. It first - MD5 encrypts it based on the user name, and then encrypts it + MD5-encrypts it based on the user name, and then encrypts it based on a random salt sent by the server when the database connection was made. It is this double-encrypted value that is sent over the network to the server. Double-encryption not only @@ -1635,7 +1619,7 @@ $ <userinput>kill -INT `head -1 /usr/local/pgsql/data/postmaster.pid`</userinput <productname>PostgreSQL</> server can be started with <acronym>SSL</> enabled by setting the parameter <xref linkend="guc-ssl"> to <literal>on</> in - <filename>postgresql.conf</>. The server will listen for both standard + <filename>postgresql.conf</>. The server will listen for both normal and <acronym>SSL</> connections on the same TCP port, and will negotiate with any connecting client on whether to use <acronym>SSL</>. By default, this is at the client's option; see <xref @@ -1750,7 +1734,7 @@ $ <userinput>kill -INT `head -1 /usr/local/pgsql/data/postmaster.pid`</userinput <row> <entry><filename>server.key</></entry> <entry>server private key</entry> - <entry>proves server certificate sent by owner; does not indicate + <entry>proves server certificate was sent by the owner; it does not indicate certificate owner is trustworthy</entry> </row> @@ -1828,7 +1812,7 @@ chmod og-rwx server.key </indexterm> <para> - One can use <application>SSH</application> to encrypt the network + It is possible to use <application>SSH</application> to encrypt the network connection between clients and a <productname>PostgreSQL</productname> server. Done properly, this provides an adequately secure network connection, even for non-SSL-capable @@ -1845,7 +1829,7 @@ chmod og-rwx server.key ssh -L 63333:localhost:5432 joe@foo.com </programlisting> The first number in the <option>-L</option> argument, 63333, is the - port number of your end of the tunnel; it can be chosen freely. + port number of your end of the tunnel; it can be any unused port. (IANA reserves ports 49152 through 65535 for private use.) The second number, 5432, is the remote end of the tunnel: the port number your server is using. The name or IP address between the @@ -1873,7 +1857,7 @@ psql -h localhost -p 63333 postgres In order for the tunnel setup to succeed you must be allowed to connect via <command>ssh</command> as <literal>joe@foo.com</literal>, just - as if you had attempted to use <command>ssh</command> to set up a + as if you had attempted to use <command>ssh</command> to create a terminal session. </para> diff --git a/doc/src/sgml/user-manag.sgml b/doc/src/sgml/user-manag.sgml index 7023c2c724..01c1ba9480 100644 --- a/doc/src/sgml/user-manag.sgml +++ b/doc/src/sgml/user-manag.sgml @@ -1,4 +1,4 @@ -<!-- $PostgreSQL: pgsql/doc/src/sgml/user-manag.sgml,v 1.41 2008/10/28 12:10:42 mha Exp $ --> +<!-- $PostgreSQL: pgsql/doc/src/sgml/user-manag.sgml,v 1.42 2010/02/03 17:25:06 momjian Exp $ --> <chapter id="user-manag"> <title>Database Roles and Privileges @@ -11,8 +11,7 @@ tables) and can assign privileges on those objects to other roles to control who has access to which objects. Furthermore, it is possible to grant membership in a role to another role, thus - allowing the member role use of privileges assigned to the role it is - a member of. + allowing the member role to use privileges assigned to another role. @@ -110,9 +109,9 @@ SELECT rolname FROM pg_roles; - Every connection to the database server is made in the name of some + Every connection to the database server is made using the name of some particular role, and this role determines the initial access privileges for - commands issued on that connection. + commands issued in that connection. The role name to use for a particular database connection is indicated by the client that is initiating the connection request in an application-specific fashion. For example, @@ -129,11 +128,11 @@ SELECT rolname FROM pg_roles; The set of database roles a given client connection can connect as is determined by the client authentication setup, as explained in . (Thus, a client is not - necessarily limited to connect as the role with the same name as + limited to connect as the role matching its operating system user, just as a person's login name need not match her real name.) Since the role identity determines the set of privileges available to a connected - client, it is important to carefully configure this when setting up + client, it is important to carefully configure privileges when setting up a multiuser environment. @@ -152,7 +151,7 @@ SELECT rolname FROM pg_roles; Only roles that have the LOGIN attribute can be used as the initial role name for a database connection. A role with - the LOGIN attribute can be considered the same thing + the LOGIN attribute can be considered the same as a database user. To create a role with login privilege, use either: @@ -204,7 +203,7 @@ CREATE USER name; other roles, too, as well as grant or revoke membership in them. However, to create, alter, drop, or change membership of a superuser role, superuser status is required; - CREATEROLE is not sufficient for that. + CREATEROLE is insufficient for that. @@ -250,15 +249,15 @@ CREATE USER name; want to disable index scans (hint: not a good idea) anytime you connect, you can use: -ALTER ROLE myname SET enable_indexscan TO off; +ALTER ROLE myname SET statement_timeout = '5min'; This will save the setting (but not set it immediately). In subsequent connections by this role it will appear as though - SET enable_indexscan TO off; had been executed + SET statement_timeout = '5min' had been executed just before the session started. You can still alter this setting during the session; it will only be the default. To remove a role-specific default setting, use - ALTER ROLE rolename RESET varname;. + ALTER ROLE rolename RESET varname. Note that role-specific defaults attached to roles without LOGIN privilege are fairly useless, since they will never be invoked. @@ -381,15 +380,16 @@ REVOKE group_role FROM role1 - The members of a role can use the privileges of the group role in two + The members of a group role can use the privileges of the role in two ways. First, every member of a group can explicitly do to temporarily become the group role. In this state, the database session has access to the privileges of the group role rather than the original login role, and any database objects created are considered owned by the group role not the login role. Second, member - roles that have the INHERIT attribute automatically have use of - privileges of roles they are members of. As an example, suppose we have + roles that have the INHERIT attribute automatically inherit the + privileges of roles of which they are members, including their + INHERIT attributes. As an example, suppose we have done: CREATE ROLE joe LOGIN INHERIT; @@ -454,7 +454,7 @@ RESET ROLE; special privileges, but they are never inherited as ordinary privileges on database objects are. You must actually SET ROLE to a specific role having one of these attributes in order to make use of - the attribute. Continuing the above example, we might well choose to + the attribute. Continuing the above example, we might choose to grant CREATEDB and CREATEROLE to the admin role. Then a session connecting as role joe would not have these privileges immediately, only after doing @@ -478,7 +478,7 @@ DROP ROLE name; - Functions and Triggers + Function and Trigger Security Functions and triggers allow users to insert code into the backend diff --git a/doc/src/sgml/wal.sgml b/doc/src/sgml/wal.sgml index 76f1fdcf3b..2c5ce01112 100644 --- a/doc/src/sgml/wal.sgml +++ b/doc/src/sgml/wal.sgml @@ -1,4 +1,4 @@ - + Reliability and the Write-Ahead Log @@ -42,9 +42,9 @@ Next, there might be a cache in the disk drive controller; this is particularly common on RAID controller cards. Some of - these caches are write-through, meaning writes are passed - along to the drive as soon as they arrive. Others are - write-back, meaning data is passed on to the drive at + these caches are write-through, meaning writes are sent + to the drive as soon as they arrive. Others are + write-back, meaning data is sent to the drive at some later time. Such caches can be a reliability hazard because the memory in the disk controller cache is volatile, and will lose its contents in a power failure. Better controller cards have @@ -61,7 +61,7 @@ particularly likely to have write-back caches that will not survive a power failure. To check write caching on Linux use hdparm -I; it is enabled if there is a * next - to Write cache. hdparm -W to turn off + to Write cache; hdparm -W to turn off write caching. On FreeBSD use atacontrol. (For SCSI disks use sdparm @@ -79,10 +79,10 @@ - When the operating system sends a write request to the disk hardware, + When the operating system sends a write request to the storage hardware, there is little it can do to make sure the data has arrived at a truly non-volatile storage area. Rather, it is the - administrator's responsibility to be sure that all storage components + administrator's responsibility to make certain that all storage components ensure data integrity. Avoid disk controllers that have non-battery-backed write caches. At the drive level, disable write-back caching if the drive cannot guarantee the data will be written before shutdown. @@ -100,11 +100,11 @@ to power loss at any time, meaning some of the 512-byte sectors were written, and others were not. To guard against such failures, PostgreSQL periodically writes full page images to - permanent storage before modifying the actual page on + permanent WAL storage before modifying the actual page on disk. By doing this, during crash recovery PostgreSQL can restore partially-written pages. If you have a battery-backed disk controller or file-system software that prevents partial page writes - (e.g., ReiserFS 4), you can turn off this page imaging by using the + (e.g., ZFS), you can turn off this page imaging by turning off the parameter. @@ -140,12 +140,12 @@ Because WAL restores database file - contents after a crash, journaled filesystems are not necessary for + contents after a crash, journaled file systems are not necessary for reliable storage of the data files or WAL files. In fact, journaling overhead can reduce performance, especially if journaling causes file system data to be flushed to disk. Fortunately, data flushing during journaling can - often be disabled with a filesystem mount option, e.g. + often be disabled with a file system mount option, e.g. data=writeback on a Linux ext3 file system. Journaled file systems do improve boot speed after a crash. @@ -308,7 +308,7 @@ committing at about the same time. Setting commit_delay can only help when there are many concurrently committing transactions, and it is difficult to tune it to a value that actually helps rather - than hurting throughput. + than hurt throughput. @@ -326,7 +326,7 @@ Checkpointscheckpoint are points in the sequence of transactions at which it is guaranteed - that the data files have been updated with all information written before + that the heap and index data files have been updated with all information written before the checkpoint. At checkpoint time, all dirty data pages are flushed to disk and a special checkpoint record is written to the log file. (The changes were previously flushed to the WAL files.) @@ -349,18 +349,18 @@ - The server's background writer process will automatically perform + The server's background writer process automatically performs a checkpoint every so often. A checkpoint is created every log segments, or every seconds, whichever comes first. - The default settings are 3 segments and 300 seconds respectively. + The default settings are 3 segments and 300 seconds (5 minutes), respectively. It is also possible to force a checkpoint by using the SQL command CHECKPOINT. Reducing checkpoint_segments and/or - checkpoint_timeout causes checkpoints to be done + checkpoint_timeout causes checkpoints to occur more often. This allows faster after-crash recovery (since less work will need to be redone). However, one must balance this against the increased cost of flushing dirty data pages more often. If @@ -469,7 +469,7 @@ server processes to add their commit records to the log so as to have all of them flushed with a single log sync. No sleep will occur if - is not enabled, nor if fewer than + is not enabled, or if fewer than other sessions are currently in active transactions; this avoids sleeping when it's unlikely that any other session will commit soon. Note that on most platforms, the resolution of a sleep request is @@ -483,7 +483,7 @@ The parameter determines how PostgreSQL will ask the kernel to force WAL updates out to disk. - All the options should be the same as far as reliability goes, + All the options should be the same in terms of reliability, but it's quite platform-specific which one will be the fastest. Note that this parameter is irrelevant if fsync has been turned off. @@ -521,26 +521,26 @@ access/xlog.h; the record content is dependent on the type of event that is being logged. Segment files are given ever-increasing numbers as names, starting at - 000000010000000000000000. The numbers do not wrap, at - present, but it should take a very very long time to exhaust the + 000000010000000000000000. The numbers do not wrap, + but it will take a very, very long time to exhaust the available stock of numbers. - It is of advantage if the log is located on another disk than the - main database files. This can be achieved by moving the directory - pg_xlog to another location (while the server + It is advantageous if the log is located on a different disk from the + main database files. This can be achieved by moving the + pg_xlog directory to another location (while the server is shut down, of course) and creating a symbolic link from the original location in the main data directory to the new location. - The aim of WAL, to ensure that the log is - written before database records are altered, can be subverted by + The aim of WAL is to ensure that the log is + written before database records are altered, but this can be subverted by disk drivesdisk drive that falsely report a successful write to the kernel, when in fact they have only cached the data and not yet stored it - on the disk. A power failure in such a situation might still lead to + on the disk. A power failure in such a situation might lead to irrecoverable data corruption. Administrators should try to ensure that disks holding PostgreSQL's WAL log files do not make such false reports. @@ -549,8 +549,8 @@ After a checkpoint has been made and the log flushed, the checkpoint's position is saved in the file - pg_control. Therefore, when recovery is to be - done, the server first reads pg_control and + pg_control. Therefore, at the start of recovery, + the server first reads pg_control and then the checkpoint record; then it performs the REDO operation by scanning forward from the log position indicated in the checkpoint record. Because the entire content of data pages is saved in the @@ -562,12 +562,12 @@ To deal with the case where pg_control is - corrupted, we should support the possibility of scanning existing log + corrupt, we should support the possibility of scanning existing log segments in reverse order — newest to oldest — in order to find the latest checkpoint. This has not been implemented yet. pg_control is small enough (less than one disk page) that it is not subject to partial-write problems, and as of this writing - there have been no reports of database failures due solely to inability + there have been no reports of database failures due solely to the inability to read pg_control itself. So while it is theoretically a weak spot, pg_control does not seem to be a problem in practice. -- 2.11.0