-
Notifications
You must be signed in to change notification settings - Fork 853
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Timescale/Postgres Grants Issue with Extraneous relations #4936
Comments
Hi @udesaiitrs , thank you for reaching out! I also tried the steps above in a database with timescaledb 2.7.2 and pg14, where I created some tables and hypertables in the public schema, everything works as expected. Might it be possible for you to provide answers to a few questions that will hopefully help debug this?
Thank you! |
Hi @konskov , thanks for the quick reply. Yes we see this happening each time the job runs. We do have several environments, but they are not perfectly identical. Some are running on AWS, some are on-prem. Some are with > 1 HA nodes, but this one is with a single HA node. We do run VACUUM, and have set the following default settings:
We pinpointed that the error occurs after this command: So it does seem as though there are some phantom tables or relations created? But we cannot seem to find where these are stored as records so that when the |
The resulting error is also not consistent, this last time I ran the job, the error that was shown was: One other point to consider is the command succeeds if run interactively from psql, but not if the command comes from stdin exactly like written above. |
Thank you for pointing that out, useful to know. A few more things that would help us investigate this:
|
Adding the verbose setting shows this:
We are using compressed hypertables, yes. Unfortunately we can't share the full schema. I can provide more details without the full schema if that will help, just let me know what details to include. Running that query you provided returns no results, which I believe is a good thing if you can confirm? |
Yes, that is good, permissions are consistent on hypertables and their chunks. The function |
hi @udesaiitrs, given the information you have shared and that we do not trigger this from our code, it seems unlikely that this is a TimescaleDB issue... If you are able to get a stacktrace for this error then it would help determine which functions (and from what extensions) are involved |
@konskov Understood thanks, do you know the easiest way to get a stacktrace for PG or increase the logging to show more details on the error? |
To get a stacktrace using gdb, you can attach to the pid that is running the statements above and set a breakpoint at |
Actually in this case the location of the error is already known after doing |
We experience the same issue after upgrading from version 2.5.x to 2.8.1 of the TimescaleDB extension. We got four clusters running (2x staging, 2x prod) but only three (1x staging, 2x prod) are throwing these errors. We use Vault to create ephemeral roles for our developers and services to access the database. Vault additionally executes a GRANT ON SCHEMA statement, to give the role the correct permissions, that's when the error occurs.
We observed this behavior immediately after the update extension command. TimescaleDB and plpgsql are also our only extensions enabled on that database.
It happens sporadically but often. It's bad because it prevents our services at startup from connecting to their databases. Or at least it takes a long time until Vault can create a role and issue the GRANT statement without an error. We're running this image timescale/timescaledb-ha:pg13-ts2.8-latest on a Kubernetes cluster in EKS, I don't know if that info is helpful. |
Hello @mrkwtz, Thank you for sharing the log file. I have tried to reproduce the issue in my local environment, but so far, I was not able to reproduce it. You mention that a Would it be possible for you to provide the schema of the database (the CREATE table / hypertable / schema statements)? This would help me to create a local environment similar to yours. |
Dear Author, This issue has been automatically marked as stale due to lack of activity. With only the issue description that is currently provided, we do not have enough information to take action. If you have or find the answers we would need, please reach out. Otherwise, this issue will be closed in 30 days. Thank you! |
Dear Author, We are closing this issue due to lack of activity. Feel free to add a comment to this issue if you can provide more information and we will re-open it. Thank you! |
What type of bug is this?
Unexpected error
What subsystems and features are affected?
Other
What happened?
We are running into a weird permissions error that possibly seems to be related to timescale more than postgres, but its not clear what exactly is causing the issue. We run a script which grants the permissions below to a user, and for some reason, there are a many extraneous tables or relations that we have not created. When GRANT commands are run, does timescale do any extra permission changes? We only have 10 tables created in the public schema, and 6 of those are hypertables.
TimescaleDB version affected
2.7.2
PostgreSQL version used
14
What operating system did you use?
docker image: timescale-ha-base:pg14.5-ts2.7.2-p0-r0
What installation method did you use?
Docker, Other
What platform did you run on?
On prem/Self-hosted
Relevant log output and stack trace
We also saw this error once when running the same job, but then the error doesn’t happen on the next run:
How can we reproduce the bug?
The text was updated successfully, but these errors were encountered: