On 12/31/16 11:43 AM, Tom Lane wrote: > Magnus Hagander <mag...@hagander.net> writes: >> I still think that some wording in the direction of the fact that the >> majority of all users won't actually have this problem is the right thing >> to do (regardless of our previous history in the area as pointed out by >> Craig) > > +1. The use-a-system-user solution is the one that's in place on the > ground for most current PG users on affected platforms. We should explain > that one first and make clear that platform-specific packages attempt to > set it up that way for you. The RemoveIPC technique should be documented > as a fallback to be used if you can't/won't use a system userid.
How about this version, which shifts the emphasis a bit, as suggested? -- Peter Eisentraut http://www.2ndQuadrant.com/ PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services
>From 5b4ba436d3882bfa2ce0e6243b9ab2ece66a4da4 Mon Sep 17 00:00:00 2001 From: Peter Eisentraut <pete...@gmx.net> Date: Fri, 10 Feb 2017 16:34:20 -0500 Subject: [PATCH v2] doc: Add advice about systemd RemoveIPC --- doc/src/sgml/runtime.sgml | 77 +++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 77 insertions(+) diff --git a/doc/src/sgml/runtime.sgml b/doc/src/sgml/runtime.sgml index 130c386462..25c57192db 100644 --- a/doc/src/sgml/runtime.sgml +++ b/doc/src/sgml/runtime.sgml @@ -1165,6 +1165,83 @@ <title><systemitem class="osname">System V</> <acronym>IPC</> Parameters</title> </sect2> + <sect2 id="systemd-removeipc"> + <title>systemd RemoveIPC</title> + + <indexterm> + <primary>systemd</primary> + <secondary>RemoveIPC</secondary> + </indexterm> + + <para> + If <productname>systemd</productname> is in use, some care must be taken + that IPC resources (shared memory and semaphores) are not prematurely + removed by the operating system. This is especially of concern when + installing PostgreSQL from source. Users of distribution packages of + PostgreSQL are less likely to be affected. + </para> + + <para> + The setting <literal>RemoveIPC</literal> + in <filename>logind.conf</filename> controls whether IPC objects are + removed when a user fully logs out. System users are exempt. This + setting defaults to on in stock <productname>systemd</productname>, but + some operating system distributions default it to off. + </para> + + <para> + A typical observed effect when this setting is on is that the semaphore + objects used by a PostgreSQL server are removed at apparently random + times, leading to the server crashing with log messages like +<screen> +LOG: semctl(1234567890, 0, IPC_RMID, ...) failed: Invalid argument +</screen> + Different types of IPC objects (shared memory vs. semaphores, System V + vs. POSIX) are treated slightly differently + by <productname>systemd</productname>, so one might observe that some IPC + resources are not removed in the same way as others. But it is not + advisable to rely on these subtle differences. + </para> + + <para> + A <quote>user logging out</quote> might happen as part of a maintenance + job or manually when an administrator logs in as + the <literal>postgres</literal> user or similar, so it is hard to prevent + in general. + </para> + + <para> + What is a <quote>system user</quote> is determined + at <productname>systemd</productname> compile time from + the <symbol>SYS_UID_MAX</symbol> setting + in <filename>/etc/login.defs</filename>. + </para> + + <para> + Packaging and deployment scripts should be careful to create + the <literal>postgres</literal> user as a system user by + using <literal>useradd -r</literal>, <literal>adduser --system</literal>, + or equivalent. + </para> + + <para> + Alternatively, if the user account was created incorrectly or cannot be + changed, it is recommended to set +<programlisting> +RemoveIPC=no +</programlisting> + in <filename>/etc/systemd/logind.conf</filename> or another appropriate + configuration file. + </para> + + <caution> + <para> + At least one of these two things have to be ensured, or the PostgreSQL + server will be very unreliable. + </para> + </caution> + </sect2> + <sect2> <title>Resource Limits</title> -- 2.11.1
-- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers