-
Notifications
You must be signed in to change notification settings - Fork 3.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
sql: fill out pg_advisory_lock stubs #13546
Comments
should this be closed? |
No - we have no-op stubs for these functions, but as Ben points out, we probably shouldn't just pretend that they work correctly. |
@jordanlewis does this need to be fixed for 1.0? |
No, I don't think so. |
I think it's unlikely we'll ever implement the |
An FAQ sgtm, pending @bdarnell's response. |
@andreimatei I'm not convinced we couldn't provide a close-enough approximation. We don't need perfect blocking semantics (polling would be fine), and it's not totally clear to me whether advisory locks need to be completely robust in the face of node failure. Perhaps we could use a (session id, node id, lock id) triple as the lock id and lazily invalidate locks if a node id corresponds to one that's been detected as down? I'm not familiar with how dead node detection works so perhaps this is misguided. |
But what about partitioned nodes? How do you tell a client that its lock is gone when the node it was talking to is partitioned away from... the quorum of the locks table? |
I think we have enough flexibility in the semantics that we can implement something that will work.
The same way postgres does - we don't. In the event of a partition you're not guaranteed to be notified that you've lost your lock before someone else gets it. |
What do you mean by "the same way postgres does"? How does a single-node Postgres have the same issue? If the client is partitioned away from the server, and the session loses the lock, I assume you can't do anything with that session anymore (probably because some TCP connection timed out somewhere). So you may not be notified of anything necessarily, but at least you won't be able to commit stuff while you believe you have the lock. Anyway, I was thinking that we could also abruptly close the client connection when we fail to heartbeat some session lease... |
You can't do anything else on that session, and maybe that's enough. But I've seen people do all kinds of crazy things with the advisory locks, using them to control stuff done outside the session (I think all of these schemes are basically unsound). But my point is that since these locks are used to govern things that are essentially non-transactional like DDL statements (because regular transactions do their own locking and don't need another layer of artificial locks), and the lock may be broken by node/network failure, you still have to account for various kinds of inconsistencies. These locks cannot be used to protect invariants in the way that regular mutexes are. |
@ajwerner can this be closed? |
No, we didn't do anything here. We prototyped something during the hackathon but it was far from something we'd merge. |
Here is another popular Rails ActiveJob (async job) adapter using Advisory Locks: |
|
I stumbled about this issue as well. May we at least document missing features like this in https://www.cockroachlabs.com/docs/stable/postgresql-compatibility.html? |
Lease pattern is an alternative to locks in distributed systems world. Is it possible to expose application level leases in CockroachDB specific SQL dialect? |
Please implement this soon 😄 |
How are migration tools supposed to prevent multiple instances from trying to run migrations at the same time? If you have multiple instances of a high-availability application with embedded migrations coming online at the same time, they're all going to see that the database needs to be migrated and attempt to apply migrations. If the migrations themselves aren't written with this scenario in mind, they may fail or cause data loss. |
@abonander , I've personally decided not to run migrations from application servers (though they could validate if already applied migrations are valid during startup). I decided to run migrations in a dedicated db manager service that runs at the beginning of deployment process. It runs queries from a db user that can change database schema. Application services run from another user that can change data but not the schema. So this approach gives improved security. |
Hey folks, would appreciate your advice on an infrastructure as code issue. I'm looking into this bug report on pulumi-postgresql: That user reports an error when creating multiple grants in Postgres via Pulumi with an error like so:
This was supposedly fixed upstream of our bridged provider in this PR, adding pg_advisory_locks to limit concurrency: However, that reportedly breaks compatibility with CockroachDB: That chain led me here, and I think what would help us unblock this issue with managing role grants in IaC would be advice for the repository owner (@cyrilgdn). I know my way around a SQL query and some Postgres internals, but I don't know the right answer here to address grants. I'd love to unblock upgrading our Postgres provider and ensure our users have a great experience using it on Cockroach. Can you lend us some advice? |
We defined some builtins around pg_advisory locks, but they are no-ops, and some functions are not even defined. This commit adds this limitation to unsupported postgres features. See cockroachdb/cockroach#13546.
We defined some builtins around pg_advisory locks, but they are no-ops, and some functions are not even defined. This commit adds this limitation to unsupported postgres features. See cockroachdb/cockroach#13546.
As @bdarnell points out in #13429,
We should provide an actual implementation of these builtins. I suppose it won't be too difficult to implement by writing some lock keys in a special system range.
Also Drupal uses this see #22211.
Epic CRDB-12077
Jira issue: CRDB-6112
The text was updated successfully, but these errors were encountered: