Re: [PATCH] postgres_fdw connection caching - cause remote sessions linger till the local session exit
| От | Fujii Masao |
|---|---|
| Тема | Re: [PATCH] postgres_fdw connection caching - cause remote sessions linger till the local session exit |
| Дата | |
| Msg-id | 2a0d7305-1cf6-db59-7fc6-241c55c8fc8b@oss.nttdata.com обсуждение исходный текст |
| Ответ на | Re: [PATCH] postgres_fdw connection caching - cause remote sessions linger till the local session exit (Bharath Rupireddy <bharath.rupireddyforpostgres@gmail.com>) |
| Ответы |
Re: [PATCH] postgres_fdw connection caching - cause remote sessions linger till the local session exit
(Bharath Rupireddy <bharath.rupireddyforpostgres@gmail.com>)
|
| Список | pgsql-hackers |
On 2020/12/12 15:05, Bharath Rupireddy wrote:
> On Sat, Dec 12, 2020 at 12:19 AM Fujii Masao <masao.fujii@oss.nttdata.com <mailto:masao.fujii@oss.nttdata.com>>
wrote:
> > I was thinking that in the case of drop of user mapping or server, hash_search(ConnnectionHash) in GetConnection()
cannotfind the cached connection entry invalidated by that drop. Because "user->umid" used as hash key is changed. So I
wasthinking that that invalidated connection will not be closed nor reconnected.
> >
>
> You are right in saying that the connection leaks.
>
> Use case 1:
> 1) Run foreign query in session1 with server1, user mapping1
> 2) Drop user mapping1 in another session2, invalidation message gets logged which will have to be processed by other
sessions
> 3) Run foreign query again in session1, at the start of txn, the cached entry gets invalidated via
pgfdw_inval_callback().Whatever may be the type of foreign query (select, update, explain, delete, insert, analyze
etc.),upon next call to GetUserMapping() from postgres_fdw.c, the cache lookup fails(with ERROR: user mapping not
foundfor "XXXX") since the user mapping1 has been dropped in session2 and the query will also fail before reaching
GetConnection()where the connections associated with invalidated entries would have got disconnected.
>
> So, the connection associated with invalidated entry would remain until the local session exits which is a problem to
solve.
>
> Use case 2:
> 1) Run foreign query in session1 with server1, user mapping1
> 2) Try to drop foreign server1, then we would not be allowed to do so because of dependency. If we use CASCADE, then
thedependent user mapping1 and foreign tables get dropped too [1].
> 3) Run foreign query again in session1, at the start of txn, the cached entry gets invalidated via
pgfdw_inval_callback(),it fails because there is no foreign table and user mapping1.
>
> But, note that the connection remains open in session1, which is again a problem to solve.
>
> To solve the above connection leak problem, it looks like the right place to close all the invalid connections is
pgfdw_xact_callback(),once registered, which gets called at the end of every txn in the current session(by then all the
subtxns also would have been finished). Note that if there are too many invalidated entries, then one of the following
txnhas to bear running this extra code, but that's okay than having leaked connections. Thoughts? If okay, I can code a
separatepatch.
Thanks for further analysis! Sounds good. Also +1 for making it as separate patch. Maybe only this patch needs to be
back-patched.
> static void
> pgfdw_xact_callback(XactEvent event, void *arg)
> {
> HASH_SEQ_STATUS scan;
> ConnCacheEntry *entry;
> * /* HERE WE CAN LOOK FOR ALL INVALIDATED ENTRIES AND DISCONNECT THEM*/*
This may cause the connection to be closed before sending COMMIT TRANSACTION command to the foreign server, i.e., the
connectionis closed in the middle of the transaction. So as you explained before, we should avoid that? If this my
understandingis right, probably the connection should be closed after COMMIT TRANSACTION command is sent to the foreign
server.What about changing the following code in pgfdw_xact_callback() so that it closes the connection even when it's
markedas invalidated?
if (PQstatus(entry->conn) != CONNECTION_OK ||
PQtransactionStatus(entry->conn) != PQTRANS_IDLE ||
entry->changing_xact_state)
{
elog(DEBUG3, "discarding connection %p", entry->conn);
disconnect_pg_server(entry);
}
> /* Quick exit if no connections were touched in this transaction. */
> if (!xact_got_connection)
> return;
>
> And we can also extend postgres_fdw_disconnect() something like.
>
> postgres_fdw_disconnect(bool invalid_only) --> default for invalid_only false. disconnects all connections. when
invalid_onlyis set to true then disconnects only invalid connections.
> postgres_fdw_disconnect('server_name') --> disconnections connections associated with the specified foreign server
>
> Having said this, I'm not in favour of invalid_only flag, because if we choose to change the code in
pgfdw_xact_callbackto solve connection leak problem, we may not need this invalid_only flag at all, because at the end
oftxn (even for the txns in which the queries fail with error, pgfdw_xact_callback gets called), all the existing
invalidconnections get disconnected. Thoughts?
+1 not to have invalid_only flag. On the other hand, I think that postgres_fdw_get_connections() should return all the
cachedconnections including invalidated ones. Otherwise, the number of connections observed via
postgres_fdw_get_connections()may be different from the number of connections actually established, and which would be
confusingto users. BTW, even after fixing the connection-leak issue, postgres_fdw_get_connections() may see invalidated
cachedconnections when it's called during the transaction.
>
> [1]
> postgres=# drop server loopback1 ;
> ERROR: cannot drop server loopback1 because other objects depend on it
> DETAIL: user mapping for bharath on server loopback1 depends on server loopback1
> foreign table f1 depends on server loopback1
> HINT: Use DROP ... CASCADE to drop the dependent objects too.
>
> postgres=# drop server loopback1 CASCADE ;
> NOTICE: drop cascades to 2 other objects
> DETAIL: drop cascades to user mapping for bharath on server loopback1
> drop cascades to foreign table f1
> DROP SERVER
>
> > > if (entry->conn != NULL && entry->invalidated && entry->xact_depth == 0)
> > > {
> > > elog(DEBUG3, "closing connection %p for option changes to take effect",
> > > entry->conn);
> > > disconnect_pg_server(entry);
> > > }
> > >
> > >> If so, this seems like a connection-leak bug, at least for me.... Thought?
> > >>
> > >
> > > It's not a leak. The comment before pgfdw_inval_callback() [1]
> > > explains why we can not immediately close/disconnect the connections
> > > in pgfdw_inval_callback() after marking them as invalidated.
> >
> > *If* invalidated connection cannot be close immediately even in the case of drop of server or user mapping, we can
deferit to the subsequent call to GetConnection(). That is, GetConnection() closes not only the target invalidated
connectionbut also the other all invalidated connections. Of course, invalidated connections will remain until
subsequentGetConnection() is called, though.
> >
>
> I think my detailed response to the above comment clarifies this.
>
> > > Here is the scenario how in the midst of a txn we get invalidation
> > > messages(AtStart_Cache()-->AcceptInvalidationMessages()-->pgfdw_inval_callback()
> > > happens):
> > >
> > > 1) select from foreign table with server1, usermapping1 in session1
> > > 2) begin a top txn in session1, run a few foreign queries that open up
> > > sub txns internally. meanwhile alter/drop server1/usermapping1 in
> > > session2, then at each start of sub txn also we get to process the
> > > invalidation messages via
> > > AtStart_Cache()-->AcceptInvalidationMessages()-->pgfdw_inval_callback().
> > > So, if we disconnect right after marking invalidated in
> > > pgfdw_inval_callback, that's a problem since we are in a sub txn under
> > > a top txn.
> >
> > Maybe. But what is the actual problem here?
> >
> > OTOH, if cached connection should not be close in the middle of transaction, postgres_fdw_disconnect() also should
bedisallowed to be executed during transaction?
>
> +1. Yeah that makes sense. We can avoid closing the connection if (entry->xact_depth > 0). I will modify it in
disconnect_cached_connections().
>
> > >> Could you tell me why ConnectionHash needs to be destroyed?
> > >
> > > Say, in a session there are hundreds of different foreign server
> > > connections made and if users want to disconnect all of them with the
> > > new function and don't want any further foreign connections in that
> > > session, they can do it. But then why keep the cache just lying around
> > > and holding those many entries? Instead we can destroy the cache and
> > > if necessary it will be allocated later on next foreign server
> > > connections.
> > >
> > > IMHO, it is better to destroy the cache in case of disconnect all,
> > > hoping to save memory, thinking that (next time if required) the cache
> > > allocation doesn't take much time. Thoughts?
> >
> > Ok, but why is ConnectionHash destroyed only when "all" is true? Even when "all" is false, for example, the
followingquery can disconnect all the cached connections. Even in this case, i.e., whenever there are no cached
connections,ConnectionHash should be destroyed?
> >
> > SELECT postgres_fdw_disconnect(srvname) FROM pg_foreign_server ;
>
> +1. I can check all the cache entries to see if there are any active connections, in the same loop where I try to
findthe cache entry for the given foreign server, if none exists, then I destroy the cache. Thoughts?
+1
Regards,
--
Fujii Masao
Advanced Computing Technology Center
Research and Development Headquarters
NTT DATA CORPORATION
В списке pgsql-hackers по дате отправления:
Предыдущее
От: JammieДата:
Сообщение: Movement of restart_lsn position movement of logical replication slots is very slow
Следующее
От: "tsunakawa.takay@fujitsu.com"Дата:
Сообщение: RE: [Patch] Optimize dropping of relation buffers using dlist