Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

PG-1116 Documented how to define tde_heap as default table access method #328

Merged
merged 6 commits into from
Nov 26, 2024
Merged

PG-1116 Documented how to define tde_heap as default table access method #328

merged 6 commits into from
Nov 26, 2024

Conversation

nastena1606
Copy link
Collaborator

modified: documentation/docs/setup.md
new file: documentation/docs/table-access-method.md
modified: documentation/mkdocs.yml

@github-actions GitHub Actions
Copy link

github-actions bot commented Nov 6, 2024
edited
Loading

Performance test results:
Normal queries: 9007
TDE queries: 8668
Percentage: 96%
CSV entries: 1010312 pp-2019.csv
Sequential scan read times

HEAP: 1087.149
TDE: 1306.972 (120%)
TDE_BASIC: 1306.972 (161%)

@nastena1606 nastena1606 force-pushed the PG-1116-Def-table-access-method branch from 960434b to 85f9913 Compare November 6, 2024 11:07
nastena1606
nastena1606 commented Nov 6, 2024
View reviewed changes
documentation/docs/table-access-method.md

While the `tde_heap_basic` access method is available with both PostgreSQL Community and Percona Server for PostgreSQL, the `tde_heap` (tech preview) table access method is available only with Percona Server for PostgreSQL. Check how to install it [On Ubuntu](apt.md#__tabbed_2_2) and [on RHEL and derivatives](yum.md#__tabbed_2_2)


Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Does it make sense to explain how tde_heap works with data? I need your input here, please

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes I think it would be helpful to do that, let me get back to you with a graphic that we can add.

@nastena1606 nastena1606 force-pushed the PG-1116-Def-table-access-method branch from 9a0c74a to 5620089 Compare November 6, 2024 16:27
@ImTheKai
Copy link
Collaborator

ImTheKai commented Nov 8, 2024

This PR needs a rebase

@nastena1606 nastena1606 force-pushed the PG-1116-Def-table-access-method branch from 5620089 to 77bf425 Compare November 13, 2024 13:05
@nastena1606
Copy link
Collaborator Author

Rebased. I have a pending question in comments. I believe it is useful to explain what happens behind the scenes. I'd like to hear your opinion.

artemgavrilov
artemgavrilov reviewed Nov 15, 2024
View reviewed changes
documentation/docs/table-access-method.md Outdated Show resolved Hide resolved
documentation/docs/table-access-method.md Outdated Show resolved Hide resolved
documentation/docs/test.md Show resolved Hide resolved
dAdAbird
dAdAbird approved these changes Nov 25, 2024
View reviewed changes
Copy link
Member

@dAdAbird dAdAbird left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM/ Just a minor suggestion

documentation/docs/table-access-method.md Outdated

The `tde_heap` access method works on top of the default `heap` access method and is a marker to point which tables require encryption. It uses the custom storage manager TDE SMGR, which becomes active only after you installed the `pg_tde` extension.

When a table requires encryption, every data block is encrypted before it is written to disk and decrypted after reading before it is sent to the PostgreSQL core and then to the client. The encryption is done at the storage manager level.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Idk if it makes sense, but maybe we should clarify that data is decrypted before being sent(written) to Buffer Manager. Because the core (backend) reads data from there (Buffer Manager) in order to send it to a client or perform any other operation.
I think it'll add more understanding for those who more or less familiar with the PG internals

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@dAdAbird Does Buffer manager participate in encryption process or only in decryption?

@nastena1606 nastena1606 merged commit 6ba62e9 into main Nov 26, 2024
13 checks passed
@nastena1606 nastena1606 deleted the PG-1116-Def-table-access-method branch November 26, 2024 19:18
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dAdAbird dAdAbird dAdAbird approved these changes

@ImTheKai ImTheKai ImTheKai approved these changes

@artemgavrilov artemgavrilov artemgavrilov approved these changes

@dutow dutow Awaiting requested review from dutow

@codeforall codeforall Awaiting requested review from codeforall

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@nastena1606 @ImTheKai @dAdAbird @artemgavrilov