fix(init): add setting to enable durable locks on crdb (#7982)

feat(init): add setting to enable durable locks on crdb
2025-08-11 16:47:32 +00:00 · 2024-05-27 11:03:34 +02:00
parent 0b366bece6
commit cff0f73e24
9 changed files with 102 additions and 4 deletions
--- a/cmd/initialise/init.go
+++ b/cmd/initialise/init.go
@@ -19,6 +19,7 @@ var (

 	createUserStmt           string
 	grantStmt                string
+	settingsStmt             string
 	databaseStmt             string
 	createEventstoreStmt     string
 	createProjectionsStmt    string
@@ -53,7 +54,7 @@ The user provided by flags needs privileges to
 		},
 	}

-	cmd.AddCommand(newZitadel(), newDatabase(), newUser(), newGrant())
+	cmd.AddCommand(newZitadel(), newDatabase(), newUser(), newGrant(), newSettings())
 	return cmd
 }

@@ -62,6 +63,7 @@ func InitAll(ctx context.Context, config *Config) {
 		VerifyUser(config.Database.Username(), config.Database.Password()),
 		VerifyDatabase(config.Database.DatabaseName()),
 		VerifyGrant(config.Database.DatabaseName(), config.Database.Username()),
+		VerifySettings(config.Database.DatabaseName(), config.Database.Username()),
 	)
 	logging.OnError(err).Fatal("unable to initialize the database")

@@ -147,6 +149,11 @@ func ReadStmts(typ string) (err error) {
 		return err
 	}

+	settingsStmt, err = readStmt(typ, "11_settings")
+	if err != nil {
+		return err
+	}
+
 	return nil
 }

--- a/cmd/initialise/sql/cockroach/11_settings.sql
+++ b/cmd/initialise/sql/cockroach/11_settings.sql
@@ -0,0 +1,4 @@
+-- replace the first %[1]q with the database in double quotes
+-- replace the second \%[2]q with the user in double quotes$
+-- For more information see technical advisory 10009 (https://zitadel.com/docs/support/advisory/a10009)
+ALTER ROLE %[2]q IN DATABASE %[1]q SET enable_durable_locking_for_serializable = on;
--- a/cmd/initialise/sql/postgres/11_settings.sql
+++ b/cmd/initialise/sql/postgres/11_settings.sql
--- a/cmd/initialise/verify_settings.go
+++ b/cmd/initialise/verify_settings.go
@@ -0,0 +1,44 @@
+package initialise
+
+import (
+	_ "embed"
+	"fmt"
+
+	"github.com/spf13/cobra"
+	"github.com/spf13/viper"
+	"github.com/zitadel/logging"
+
+	"github.com/zitadel/zitadel/internal/database"
+)
+
+func newSettings() *cobra.Command {
+	return &cobra.Command{
+		Use:   "settings",
+		Short: "Ensures proper settings on the database",
+		Long: `Ensures proper settings on the database.
+
+Prerequisites:
+- cockroachDB or postgreSQL
+
+Cockroach
+- Sets enable_durable_locking_for_serializable to on for the zitadel user and database
+`,
+		Run: func(cmd *cobra.Command, args []string) {
+			config := MustNewConfig(viper.GetViper())
+
+			err := initialise(config.Database, VerifySettings(config.Database.DatabaseName(), config.Database.Username()))
+			logging.OnError(err).Fatal("unable to set settings")
+		},
+	}
+}
+
+func VerifySettings(databaseName, username string) func(*database.DB) error {
+	return func(db *database.DB) error {
+		if db.Type() == "postgres" {
+			return nil
+		}
+		logging.WithFields("user", username, "database", databaseName).Info("verify settings")
+
+		return exec(db, fmt.Sprintf(settingsStmt, databaseName, username), nil)
+	}
+}