mirror of
https://git.postgresql.org/git/postgresql.git
synced 2025-02-23 19:39:53 +08:00
doc: Add advice about systemd RemoveIPC
Reviewed-by: Magnus Hagander <magnus@hagander.net>
This commit is contained in:
parent
e6c7ff9e38
commit
6a1459f67c
@ -1162,6 +1162,85 @@ project.max-msg-ids=(priv,4096,deny)
|
||||
|
||||
</sect2>
|
||||
|
||||
<sect2 id="systemd-removeipc">
|
||||
<title>systemd RemoveIPC</title>
|
||||
|
||||
<indexterm>
|
||||
<primary>systemd</primary>
|
||||
<secondary>RemoveIPC</secondary>
|
||||
</indexterm>
|
||||
|
||||
<para>
|
||||
If <productname>systemd</productname> is in use, some care must be taken
|
||||
that IPC resources (shared memory and semaphores) are not prematurely
|
||||
removed by the operating system. This is especially of concern when
|
||||
installing PostgreSQL from source. Users of distribution packages of
|
||||
PostgreSQL are less likely to be affected, as
|
||||
the <literal>postgres</literal> user is then normally created as a system
|
||||
user.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
The setting <literal>RemoveIPC</literal>
|
||||
in <filename>logind.conf</filename> controls whether IPC objects are
|
||||
removed when a user fully logs out. System users are exempt. This
|
||||
setting defaults to on in stock <productname>systemd</productname>, but
|
||||
some operating system distributions default it to off.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
A typical observed effect when this setting is on is that the semaphore
|
||||
objects used by a PostgreSQL server are removed at apparently random
|
||||
times, leading to the server crashing with log messages like
|
||||
<screen>
|
||||
LOG: semctl(1234567890, 0, IPC_RMID, ...) failed: Invalid argument
|
||||
</screen>
|
||||
Different types of IPC objects (shared memory vs. semaphores, System V
|
||||
vs. POSIX) are treated slightly differently
|
||||
by <productname>systemd</productname>, so one might observe that some IPC
|
||||
resources are not removed in the same way as others. But it is not
|
||||
advisable to rely on these subtle differences.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
A <quote>user logging out</quote> might happen as part of a maintenance
|
||||
job or manually when an administrator logs in as
|
||||
the <literal>postgres</literal> user or something similar, so it is hard
|
||||
to prevent in general.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
What is a <quote>system user</quote> is determined
|
||||
at <productname>systemd</productname> compile time from
|
||||
the <symbol>SYS_UID_MAX</symbol> setting
|
||||
in <filename>/etc/login.defs</filename>.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
Packaging and deployment scripts should be careful to create
|
||||
the <literal>postgres</literal> user as a system user by
|
||||
using <literal>useradd -r</literal>, <literal>adduser --system</literal>,
|
||||
or equivalent.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
Alternatively, if the user account was created incorrectly or cannot be
|
||||
changed, it is recommended to set
|
||||
<programlisting>
|
||||
RemoveIPC=no
|
||||
</programlisting>
|
||||
in <filename>/etc/systemd/logind.conf</filename> or another appropriate
|
||||
configuration file.
|
||||
</para>
|
||||
|
||||
<caution>
|
||||
<para>
|
||||
At least one of these two things has to be ensured, or the PostgreSQL
|
||||
server will be very unreliable.
|
||||
</para>
|
||||
</caution>
|
||||
</sect2>
|
||||
|
||||
<sect2>
|
||||
<title>Resource Limits</title>
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user