On Thu, Dec 16, 2021 at 12:15 AM Bruce Momjian <br...@momjian.us> wrote: > > On Thu, Dec 2, 2021 at 07:19:50PM +0530, Dilip Kumar wrote: > From the patch: > > > Currently, CREATE DATABASE forces a checkpoint, then copies all the files, > > then forces another checkpoint. The comments in the createdb() function > > explain the reasons for this. The attached patch fixes this problem by > > making > > create database completely WAL logged so that we can avoid the checkpoints. > > > > This can also be useful for supporting the TDE. For example, if we need > > different > > encryption for the source and the target database then we can not > > re-encrypt the > > page data if we copy the whole directory. But with this patch, we are > > copying > > page by page so we have an opportunity to re-encrypt the page before > > copying that > > to the target database. > > Uh, why is this true? Why can't we just copy the heap/index files 8k at > a time and reencrypt them during the file copy, rather than using shared > buffers?
Hi Bruce, Yeah, you are right that if we copy in 8k block then we can re-encrypt the page, but in the current system, we are not copying block by block. So the main effort for this patch is not only for TDE but to get rid of the checkpoint we are forced to do before and after create database. So my point is that in this patch since we are copying page by page we get an opportunity to re-encrypt the page. I agree that if the re-encryption would have been the main goal of this patch then true we can copy files in 8k blocks and re-encrypt those blocks, that time even if we have to access some page data for re-encryption (like nonce) then also we can do it, but that is not the main objective. -- Regards, Dilip Kumar EnterpriseDB: http://www.enterprisedb.com
