DML concurrent
DML shared locks on the table
before modifying a row of data, the row lock block other transactions modify this line
has the row locked transaction uncommitted other matters to be modified before the line can only wait for the transaction commits
DML end when not release the table and row locks when submitted to put table and row locks
MVCC
multi-version concurrency control provide a controlled highly concurrent data access
concurrency control is a set of functions provided by the database allows many people to simultaneously access and modify data in
multiple versions simultaneously materialized value GaussDB multiple versions of data read and write to each other so that does not block default the case of multiple versions of a statement-level consistency
Management rollback segment
before the first transaction to modify the data in the original data stored rollback
rollback function:
1, the user roll back the transaction or the transaction fails to restore data to transaction execution before
2, read and write the same write transaction concurrent read and write at the scene to save the original data can be read transaction rollback segments to rollback read him visibility version to ensure data consistency
3, Flashback query users can query data at some point in the past
4, database recovery after the data recovery recover database instance restart after the first use of redo logs and then use the rollback uncommitted transactions before rebooting rollback
5, rollback multiplexed data rollback message duration expires rollback may be multiplexed
6, valid configuration rollback
Multi-version management
to maintain data consistency to improve the reading and writing of data
history and current versions separate storage
of data pages keeping only the best new version history version rollback segments stored in
the transaction table and rollback recycling
tuple head leaving only ITL ID transaction information by the operation of storing the current page ITL
visibility determination system SCN SCN comparison value is determined by obtaining the current visibility
rollback spatial multiplexing automatic recovery
Row-level MVCC
each row of data are recorded rollback address
the same line of data constitutes a chain undo information
to obtain the version of history need to roll back row of data visible version of
the data space large
MVCC level page
of each transaction record rollback segment address value
of the same transaction information is composed of a chain undo
data footprint small
configure tuning parameters CR POOL
Snapshot too old
rollback multiplexing
insufficient undo space
long inquiry
Affairs multiplexing
affairs limited number of transactions slots recycling
Affairs delay occurred cleanup does not clean page itl information visit the page again Affairs has been unable to obtain multiplexed transaction can not lead to timely submit time determine whether the version visible
solving strategies
to increase the undo table space
to increase undo reserved space
to increase the number of transactions
Lock management
table lock management
table lock control occur at the table level DML and DDL concurrent
DML operations will add table-level shared locks to prevent concurrent DDL operations query unlocked
DDL will add a table-level exclusive locks block other DDL
table lock mode
share shared locks lowest level table locks allow concurrent conduct DML but not concurrently DDL
Exclusiive exclusive lock does not allow other affairs of any DDL and DML on the table after the highest-level restrictions on access to X locks write
IX intent exclusive lock on the table have been case of shared locks DDL would like to add exclusive lock will first add intent lock and prevent subsequent shared lock is added to prevent DDL been unable to get a lock belonging to wait for the process is not lock have been added
Row lock management
row lock is caused by DML operations
row lock exclusive lock only one kind of species do not share lock
line associated with row lock on the page to lock onto a transaction, if other transactions to modify a line to see this line has been linked to a affairs it must wait until the transaction commits or wait for the timeout modified
row lock wait time can be configured by the configuration parameters LOCK_TIMEOUT
A deadlock check
session1 waiting session2 session2 waiting session1
table lock lock session1 to A an exclusive lock session2 to Table B, an exclusive lock session1 to Table B plus exclusive lock wait session2, session2 to the A table with an exclusive lock into the waiting session1
transaction deadlock row lock lock -> Services Amendment 1 rowA not pay, modify rowB uncommitted transaction 2, 1 transactions modify rowB went into business affairs wait wait 2 to submit, modify rowA went into business affairs 2 wait wait for the transaction to submit 1
ITL deadlock modify page
monitoring: GaussDb automatically detects deadlock and rolled back the deadlock in the statement level
Deadlock deadlock will print run log
Monitoring deadlock in one session and proposed to break the deadlock deadlock error wait
Database Security Management
Network Security System Security Data security can be divided into three levels [broadly]
network : from the technical aspects of network level security Technically system consists of encryption technology, firewall technology intrusion detection
system : to protect the core server security , mainly in the server account passwords and other access
data management : a database audit data access encrypted data backup safety audit
Security: access control and SSL to prevent disclosure of client information and interactive information counterfeit falsification
reinforcement to prevent the rights to the database server through the user privilege elevation risk
safety audits all operations on the database are well documented by
LSNR_ADDR 地址 LSNR_PORT 端口
SESSIONS 默认值200 由预留的系统用户session merge用户session 普通用户session组成
系统用户包括:固定的32个session 用于内部使用会话 资源回收 checkpoint等 固定预留的16个session 用于sql并行框架会话
emerg用户包括: Super_user_reserved_session 参数控制
普通用户包括: session-32-16 至少配置一个 ,否则数据库无法启动
session取值建议配置 optimized_worker_threads*1.2
super_user_reserved_sessions: 预留给sys session个数 默认值5
optimized_worker_threads 最优工作线程个数 默认100
客户端连接方法 :
按口令分类 口令认证登录 、本地免密登录
按登录协议分类:tcp 或 UDS(本地登录 一般作为业务管理通道)
TCP连接
管理员登录[仅只有管理员可以免密登录] zsql / as SYSDBA [ip:port] -d /home/omm/data1 如果启了多个数据库实例,需要使用-d 指定数据库目录
普通用户登录 zsql user/userpassword@ip:port [-d /home/omm/data1] -q -w connect_timeout -s silent_log
当数据库管理员 管理多个实例的时候 连接制定的实例需要指定-d 数据目录 、-q 取消ssl登录认证 、-s 用于设置无提示模式执行sql 、-w 参数用于配置客户端连续数据库时间超时
UDS 连接方法
主要是保障数据库在异常情况下 客户端可以登录到服务器端
UDS 只能支持本地登录 本质上UDS 是通过文件方式 模拟tcp通信
UDS 不仅提供紧急会话登录 也适用于普通会话
如果要切换用户会话到UDS路径 需要服务端和客户端分别配置监听UDS socket文件 此时用户登录的会话不再占用紧急预留会话
DV_SESSION 查看会话信息
select * from dv_session where module!="UNKOWN";
zsql user/user_password@uds -d /home/omm/data1 -q -s silent_file -w connect_timeout
连接安全认证
支持配置用户白名单 IP白名单 ip黑名单 有效控制访问连接
用户白名单 : 添加zhba.conf有效条目 以限制指定用户只能从限定的IP访问数据库
IP白名单 : 配置TCP_INVITED_NODES参数 限制只能从指定IP地址访问数据库
IP黑名单 :配置TCP_EXCLUDED_NODES 参数 限制不能从指定IP 访问数据库
IP黑名单 权限最高
配置客户端接入认证
假设服务器地址192.168.1.1 监听端口为1888
配置用户白名单
zhba.conf ----> host user 127.0.0.1,192.168.3.222, 20AB:9217:afcf:feab:fcd0/64
type 当前支持 host hostssl ,host表示普通TCP连接 ,hostssl 表示ssl连接
ipv4 :192.168.3.222
IPV6 : 20AB:9217:afcf:feab:fcd0/64
select value from v$parameter where name = 'tcp_invited_nodes'; #查询白名单
select value from v$parameter where name = "tcp_excluded_nodes" #查询黑名单
在线配置白名单 黑名单
alter system set tcp_invited_noes = "(127.0.0.1, 192.168.0.1, 192.168.2.*)"
alter system set tcp_excluded_nodes = "(192.168.10.*, 192.168.0.255)"
启动监测开关 直接生效
alter system set tcp_valid_node_checking =true ;
ssl证书
双向认证 单向认证