-
Notifications
You must be signed in to change notification settings - Fork 3.9k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
sql: add txn rows written/read guardrails
This commit introduces the guardrails on the number of rows written/read by a single txn. The limits are enforced after each statement of a txn has been fully executed (i.e. we don't proactively cancel work in the middle of the execution if the txn has just reached the limits). This is done in the connExecutor since it is a very convenient place to enforce the limits so that they apply only to the desired statements. Notably, things for which we don't want the application of the limits (things like BACKUP, IMPORT, CREATE STATISTICS, etc) don't go through the connExecutor and, thus, aren't affected. The accumulation of the number of rows read by a txn has already been in place, and this commit introduces the explicit collection of the number of rows written via the same mechanism - by propagating "rows written" metrics during the draining of the execution flow. Initially, we considered using "rows affected" values, but those have a different meaning from what we want. This metrics collection required teaching the planNodeToRowSource adapter to ask the mutation planNodes for the number of rows written. Note that in many cases, the internal executor doesn't have the sessionData properly set (i.e. the default values are used), so we'll never log anything then. This seems acceptable since the focus of these guardrails is on the externally initiated queries. One notable change is because of our "after the fact" enforcement of these limits, this commit disables the auto commit option for the mutation statements in the execbuilder if the txn row count limits are enabled. Release note (ops change): New cluster settings `sql.defaults.transaction_rows_written_log`, `sql.defaults.transaction_rows_written_err`, `sql.defaults.transaction_rows_read_log`, and `sql.defaults.transaction_rows_read_err` (as well as the corresponding session variables have been introduced. These settings determine the "size" of the transactions in written and read rows upon reaching of which the transactions are logged or rejected. The logging will go into SQL_PERF logging channel. Note that the internal queries (i.e. those issued by CockroachDB internally) cannot error out but can be logged instead into SQL_INTERNAL_PERF logging channel. The "written" limits apply to INSERT, INSERT INTO SELECT FROM, INSERT ON CONFLICT, UPSERT, UPDATE, and DELETE whereas the "read" limits apply to SELECT statement in addition to all of these. These limits will not apply to CREATE TABLE AS SELECT, IMPORT, TRUNCATE, DROP, ALTER TABLE, BACKUP, RESTORE, or CREATE STATISTICS statements. Release justification: low-risk, high benefit change to existing functionality.
- Loading branch information
1 parent
2b0a6b0
commit 2177dc7
Showing
39 changed files
with
3,346 additions
and
674 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.