Turn off JIT for only monitoring user's context

It prevents issues related to monitoring queries: - slow query executing due to unnecessary inlining, optimization and emission - memory leak due to re-creating struct types during inlining related issues (CrunchyData/crunchy-containers#1381) (CrunchyData/pgmonitor#182) On the other hand database is open to enabling JIT for other users Issue: [sc-15755] Signed-off-by: Kirill Petrov <chobostar85@gmail.com>
percona · Sep 27, 2022 · df492f1 · df492f1
1 parent 39a8e1f
commit df492f1
Show file tree

Hide file tree

Showing 3 changed files with 30 additions and 17 deletions.
diff --git a/internal/controller/postgrescluster/pgmonitor_test.go b/internal/controller/postgrescluster/pgmonitor_test.go
@@ -437,7 +437,7 @@ func TestReconcilePGMonitorExporterStatus(t *testing.T) {
 		podExecCalled:   false,
 		// Status was generated manually for this test case
 		// TODO jmckulk: add code to generate status
-		status:                      v1beta1.MonitoringStatus{ExporterConfiguration: "8b589fd65"},
+		status:                      v1beta1.MonitoringStatus{ExporterConfiguration: "5f599686cf"},
 		statusChangedAfterReconcile: false,
 	}} {
 		t.Run(test.name, func(t *testing.T) {
@@ -504,9 +504,9 @@ func TestReconcilePGMonitorExporterStatus(t *testing.T) {
 
 			assert.NilError(t, reconciler.reconcilePGMonitorExporter(ctx,
 				cluster, observed, secret))
-			assert.Equal(t, called, test.podExecCalled)
 			assert.Assert(t, test.statusChangedAfterReconcile == (cluster.Status.Monitoring.ExporterConfiguration != test.status.ExporterConfiguration),
 				"got %v", cluster.Status.Monitoring.ExporterConfiguration)
+			assert.Equal(t, called, test.podExecCalled)
 		})
 	}
 }

diff --git a/internal/pgmonitor/postgres.go b/internal/pgmonitor/postgres.go
@@ -88,7 +88,7 @@ func DisableExporterInPostgreSQL(ctx context.Context, exec postgres.Executor) er
 // EnableExporterInPostgreSQL runs SQL setup commands in `database` to enable
 // the exporter to retrieve metrics. pgMonitor objects are created and expected
 // extensions are installed. We also ensure that the monitoring user has the
-// current password and can login.
+// current password, optimal config and can login.
 func EnableExporterInPostgreSQL(ctx context.Context, exec postgres.Executor,
 	monitoringSecret *corev1.Secret, database, setup string) error {
 	log := logging.FromContext(ctx)
@@ -134,6 +134,12 @@ func EnableExporterInPostgreSQL(ctx context.Context, exec postgres.Executor,
 				// password; update the password and ensure that the ROLE
 				// can login to the database
 				`ALTER ROLE :"username" LOGIN PASSWORD :'verifier';`,
+
+				// disable JIT for only ccp_monitoring user's context to prevent:
+				// - slow executing due unnecessary inlining, optimization and emission
+				// - memory leak due to re-creating struct types during inlining
+				// and allow to enable JIT for other database users transparently
+				`ALTER ROLE :"username" SET jit = off;`,
 			}, "\n"),
 			map[string]string{
 				"database": database,

diff --git a/testing/kuttl/e2e/exporter/01--check-exporter.yaml b/testing/kuttl/e2e/exporter/01--check-exporter.yaml
@@ -2,20 +2,27 @@
 apiVersion: kuttl.dev/v1beta1
 kind: TestStep
 commands:
-  # Ensure that the metrics endpoint is available from inside the exporter container
   - script: |
-      name=$(kubectl -n ${NAMESPACE} get pods --no-headers -o custom-columns="name:{metadata.name}" \
-        --selector='postgres-operator.crunchydata.com/cluster=exporter,postgres-operator.crunchydata.com/instance-set=instance1')
-      kubectl -n ${NAMESPACE} exec $name -it -c exporter -- curl http://localhost:9187/metrics
-  # Ensure that the ccp_monitoring user exists in the database
-  - script: |
-      name=$(kubectl -n ${NAMESPACE} get pods --no-headers -o custom-columns="name:{metadata.name}" \
-        --selector='postgres-operator.crunchydata.com/cluster=exporter,postgres-operator.crunchydata.com/instance-set=instance1')
-      kubectl -n ${NAMESPACE} exec $name -it -c database -- \
-        psql -c "DO \$\$
+      set -e
+      PRIMARY=$(
+        kubectl get pod --namespace "${NAMESPACE}" \
+          --output name --selector '
+            postgres-operator.crunchydata.com/cluster=exporter,
+            postgres-operator.crunchydata.com/role=master'
+      )
+
+      # Ensure that the metrics endpoint is available from inside the exporter container
+      kubectl exec --namespace "${NAMESPACE}" "${PRIMARY}" -c exporter -- curl http://localhost:9187/metrics
+
+      # Ensure that the monitoring user exists and is configured.
+      kubectl exec --stdin --namespace "${NAMESPACE}" "${PRIMARY}" \
+        -- psql -qb --set ON_ERROR_STOP=1 --file=- <<'SQL'
+        DO $$
         DECLARE
-          result boolean;
+          result record;
         BEGIN
-          SELECT 1 from pg_roles where rolname='ccp_monitoring' INTO result;
-          ASSERT result = 't', 'ccp_monitor not found';
-        END \$\$;"
+          SELECT * INTO result FROM pg_catalog.pg_roles WHERE rolname = 'ccp_monitoring';
+          ASSERT FOUND, 'user not found';
+          ASSERT result.rolconfig @> '{jit=off}', format('got config: %L', result.rolconfig);
+        END $$
+      SQL