Skip to content

Allow to control the order of shared_preload_libraries (citus) #3530

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 5 commits into from
Closed

Allow to control the order of shared_preload_libraries (citus) #3530

wants to merge 5 commits into from

Conversation

ratranqu
Copy link

@ratranqu ratranqu commented Jan 13, 2023
edited
Loading

The citus extension needs to be loaded first when bringing up a cluster. The current implementation allows customising the extensions loaded, but extensions provided by the resource definition will be loaded after any internal ones.

Therefore, we updated the implementation such that the extension list order will be driven by the shared_preload_libraries list when present.

When your definition has a shared_preload_libraries list containing one of the internally loaded libraries, the extension order will change to take the order from the shared_preload_libraries list. This may change the behaviour of existing definitions when the shared_preload_libraries contains one of the internally loaded libraries.

When there shared_preload_libraries list contains one or more or the internal extensions, the duplicate internal extensions will be ignored, which allows the user to fully define the order of loading of extensions.

Issue: #3194

ratranqu and others added 2 commits January 13, 2023 14:41
@ratranqu
Allow to control the order of shared_preload_libraries (specifically …
9a62618 
…for citus extension)

The citus extension needs to be loaded first when bringing up a cluster. The current implementation allows customising the extensions loaded, but extensions provided by the resource definition will be loaded after any internal ones.

Therefore, we updated the implementation such that the extension list order will be driven by the shared_preload_libraries list when present.

When your definition has a shared_preload_libraries list, the extension order will change to put the shared_preload_libraries first. ***This may change the behaviour of existing definitions when the order relied on the internal libs list***.

When there shared_preload_libraries list contains one or more or the internal extensions, the duplicate internal extensions will be ignored, which allows the user to fully define the order of loading of extensions.

Issue: CrunchyData#3194
@ratranqu
Merge branch 'CrunchyData:master' into citus
7854f0d
@cbandy
Copy link
Member

cbandy commented Jan 13, 2023

🔧 This will need tests before it can merge. Perhaps here or a new dedicated one:

postgres-operator/internal/patroni/config_test.go

Line 156 in 2171bfe

func TestDynamicConfiguration(t *testing.T) {

This looks like it will unblock the referenced issue, but I do want to point out that there is still no way to communicate "front of list" with this. Yes, setting citus,pgaudit indicates "citus before pgaudit", but that may not always resolve to the front of the list.

🤔 I also want to consider security boundaries here. One of the reasons PGO puts pgaudit early is to try to audit as much as possible. Prior to this PR, there is no way to disrupt the placement of pgaudit.

@cbandy
Copy link
Member

cbandy commented Jan 13, 2023

that may not always resolve to the front of the list

Sorry, as written, it does. But I'm still thinking about pgaudit and "mandatory" and how we might want those to be "ahead" of things.

@ratranqu
Copy link
Author

ratranqu commented Jan 13, 2023
edited
Loading

@cbandy thx for the feedback. I have added two tests which cover ordering and the preventing of duplication.

Furthermore, I realised that I misrepresented what is happening in the original PR description (updated). Indeed, we only change the location of the internally loaded extensions if they are redefined in the shared_preload_libraries. Sorry about that, the change has been done a few weeks ago.

I think that might address part of your security concerns in so far as the default behaviour remains the same unless there is an explicit intent of changing the order of internally loaded extension.

@ratranqu
Copy link
Author

ratranqu commented Feb 9, 2023

Is there anything I can help with to take this forward or is there no interest for this change at this stage?

@tunatoksoz
Copy link

Also interested - looking to activate citus, like @ratranqu

@tony-landreth
Copy link
Contributor

@ratranqu Thank you for your PR. We have plans to provide a solution to specifically support Citus.

@ratranqu
Copy link
Author

@ratranqu Thank you for your PR. We have plans to provide a solution to specifically support Citus.

Awesome! Any sort of timeframe? Happy to beta test if useful!

@tunatoksoz
Copy link

Any guesses on the timeframe?

@tunatoksoz
Copy link

@tony-landreth hey tony / crunchydata team - any guesses on timeframe? Really appreciate it.

@cbandy cbandy mentioned this pull request Oct 26, 2023
Merged
6 tasks
@cbandy
Copy link
Member

cbandy commented Oct 30, 2023

We took a different approach in #3761 to specifically accommodate the citus library. Please let me know if that doesn't resolve things or if there are other extensions that need to be loaded a certain way. Thanks!

@cbandy cbandy closed this Oct 30, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@ratranqu @cbandy @tunatoksoz @tony-landreth