Received: from malur.postgresql.org ([217.196.149.56])
	by arkaria.postgresql.org with esmtps  (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.94.2)
	(envelope-from <pgsql-general-owner+archive@lists.postgresql.org>)
	id 1ruVq8-005rC6-LJ
	for pgsql-general@arkaria.postgresql.org; Wed, 10 Apr 2024 11:10:05 +0000
Received: from localhost ([127.0.0.1] helo=malur.postgresql.org)
	by malur.postgresql.org with esmtp (Exim 4.94.2)
	(envelope-from <pgsql-general-owner+archive@lists.postgresql.org>)
	id 1ruVq6-0017KZ-Vw
	for pgsql-general@arkaria.postgresql.org; Wed, 10 Apr 2024 11:10:02 +0000
Received: from makus.postgresql.org ([2001:4800:3e1:1::229])
	by malur.postgresql.org with esmtps  (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.94.2)
	(envelope-from <guru@unixarea.de>)
	id 1ruVq6-0017KQ-LG
	for pgsql-general@lists.postgresql.org; Wed, 10 Apr 2024 11:10:02 +0000
Received: from ms-10.1blu.de ([178.254.4.101])
	by makus.postgresql.org with esmtps  (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.94.2)
	(envelope-from <guru@unixarea.de>)
	id 1ruVq2-002AaM-1h
	for pgsql-general@lists.postgresql.org; Wed, 10 Apr 2024 11:10:01 +0000
Received: from [212.222.85.114] (helo=pureos)
	by ms-10.1blu.de with esmtpsa  (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.95)
	(envelope-from <guru@unixarea.de>)
	id 1ruVpz-002aRs-3U
	for pgsql-general@lists.postgresql.org;
	Wed, 10 Apr 2024 13:09:55 +0200
Date: Wed, 10 Apr 2024 13:09:48 +0200
From: Matthias Apitz <guru@unixarea.de>
To: pgsql-general@lists.postgresql.org
Subject: mystery with postgresql.auto.conf
Message-ID: <ZhZzfLUm2QtqOURc@pureos>
Reply-To: Matthias Apitz <guru@unixarea.de>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
X-Operating-System: FreeBSD 14.0-CURRENT 1400094 (amd64)
X-message-flag: Mails in HTML will not be read!  Send only plain text.
X-Con-Id: 51246
X-Con-U: 0-guru
X-Originating-IP: 212.222.85.114
List-Id: <pgsql-general.lists.postgresql.org>
List-Help: <https://lists.postgresql.org/manage/>
List-Subscribe: <https://lists.postgresql.org/manage/>
List-Post: <mailto:pgsql-general@lists.postgresql.org>
List-Owner: <mailto:pgsql-general-owner@lists.postgresql.org>
List-Archive: <https://www.postgresql.org/list/pgsql-general>
Archived-At: <https://www.postgresql.org/message-id/ZhZzfLUm2QtqOURc%40pureos>
Precedence: bulk


Hello,

I've a Linux development / QA server were three different PostgreSQL
cluster are setup and the corresponding (self built) PostgreSQL
software:

The software is below corresponding directories (always the full tree):

# ls -ld /usr/local/sisis-pap/pgsql-*
drwxr-xr-x 7 bin bin 4096 Mar 21 11:01 /usr/local/sisis-pap/pgsql-13.1
drwxr-xr-x 7 bin bin 4096 Mar 21 11:02 /usr/local/sisis-pap/pgsql-15.1
drwxr-xr-x 7 bin bin 4096 Mar 25 10:54 /usr/local/sisis-pap/pgsql-16.2

The cluster:

# ls -ld /data/pos*
drwxr-xr-x  3 postgres root     4096 May  7  2021 /data/postgresql131
drwxr-xr-x 12 postgres root     4096 Mar 28  2023 /data/postgresql151
drwxr-xr-x  3 postgres postgres 4096 Mar 28 12:32 /data/postgresql162

This is to test our application software for the different Pos versions.

End of March I started to investigate the TDE extension pg_tde within
the 16.2 server. And only this software contains this extension:

# find /usr/local/sisis-pap/pgsql** | grep pg_tde
/usr/local/sisis-pap/pgsql-16.2/lib/pg_tde.so
/usr/local/sisis-pap/pgsql-16.2/share/extension/pg_tde--1.0.sql
/usr/local/sisis-pap/pgsql-16.2/share/extension/pg_tde.control

Today I wanted to start the 15.1 server and it failed with:

2024-04-10 11:32:32.179 CEST [14017] FATAL:  could not access file "pg_tde": No such file or directory
2024-04-10 11:32:32.181 CEST [14017] LOG:  database system is shut down

I investigated the reason and found that the pg_tde extension was
enabled also in the 15.1 server's file postgresql.auto.conf

# ls -l pos*/data/postgresql.auto.conf
-rw------- 1 postgres postgres  88 May  7  2021 postgresql131/data/postgresql.auto.conf
-rw------- 1 postgres postgres 124 Mar 28 11:35 postgresql151/data/postgresql.auto.conf
-rw------- 1 postgres postgres 124 Mar 28 12:58 postgresql162/data/postgresql.auto.conf

# cat postgresql151/data/postgresql.auto.conf
# Do not edit this file manually!
# It will be overwritten by the ALTER SYSTEM command.
shared_preload_libraries = 'pg_tde'

How is this possible? I only used in the 16.2 server the SQL commands:

sisis=# CREATE EXTENSION pg_tde;
sisis=# SELECT pg_tde_add_key_provider_file('file','/tmp/pgkeyring');
sisis=# SELECT pg_tde_set_master_key('my-master-key','file');

In the 15.1 server such command would give (correctly) an error, because
the software is not there:

# /usr/local/sisis-pap/pgsql-15.1/bin/psql -Usisis sisis
psql (15.1)
Type "help" for help.

sisis=# CREATE EXTENSION pg_tde;
ERROR:  extension "pg_tde" is not available
DETAIL:  Could not open extension control file "/usr/local/sisis-pap/pgsql-15.1/share/extension/pg_tde.control": No such file or directory.
HINT:  The extension must first be installed on the system where PostgreSQL is running.

How was this option set into the file postgresql151/data/postgresql.auto.conf?
And I did not do this by hand, I wasn't even aware until today that this
file exists at all.

	matthias


-- 
Matthias Apitz, ✉ guru@unixarea.de, http://www.unixarea.de/ +49-176-38902045
Public GnuPG key: http://www.unixarea.de/key.pub