Multiple Postmasters - Automatic Shutdown -Tom Lane

From: mlaks <mlaks(at)bellatlantic(dot)net>
To: pgsql-admin(at)postgresql(dot)org
Subject: Multiple Postmasters - Automatic Shutdown -Tom Lane
Date: 2003-05-09 13:47:26
Message-ID: 200305090947.26864.mlaks@bellatlantic.net
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-admin

Dear Gurus,

From Tom's comment in the Automatic Shutdown thread - that postmaster and the
backend interpret SIGTERM as a fast shutdown request, I can now understand
why Bruno Wolff's usage of the "daemontools" "svc -d" command which sends a
SIGTERM signal to the postmaster is an ok thing to do, while "svc -k" which
sends SIGKILL would be (of course) forbidden.

However, if I may persist in asking Tom and Bruno to clarify what you have
told me till now.

I am sorry to keep asking for clarification, but I am in a bit of a bind. I
read your response cautioning me from shooting myself in the foot by creating
a script that might possibly erase the lock file and lead to duplicate
postmasters making changes to the same data directory.

I also searched the archives and read a very clear comment Tom made to
someone in Jan 2003

*****
The real risk of having a script that automatically removes the
postmaster.pid file is that the script might get run after the
postmaster has started.

Even then, you're not necessarily hosed; but you no longer have any
protection against accidentally starting a second postmaster in the same
database directory. (Which would be disastrous: the two postmasters
won't know about each other and will make unsynchronized changes in the
database.)

Note also that under most circumstances, a stale postmaster.pid file
should not prevent the postmaster from starting (because it will ignore
the old .pid file if it can see that there is no process with that PID
alive anymore). The case where you lose is only when there is another
process running that by chance has the same PID that was assigned to the
old postmaster on the system's previous uptime cycle. The postmaster
can't tell that such a process isn't really a conflicting postmaster,
so it gives up for safety's sake.

If you can be absolutely certain that your script will *only* get run
early in system boot, then having it remove postmaster.pid is arguably
a reasonable thing to do. (Putting "rm postmaster.pid" into the startup
script for the postmaster itself would not be reasonable, since you
might well use that script to restart the postmaster --- with the rm in
place, you've just fried the interlock against starting two postmasters.)

Whether the benefits outweigh the risks is up to you to decide.
****

My situation is a bit unique. My machine is a dedicated machine that will run
only one /usr/bin/postmaster. It runs a single application depending upon the
database being up. It will have only one set of Postgresql databases. My goal
is to keep Postgresql and the application that depends upon it always up.

My idea is to use DJ bernstein's "daemontools", to monitor the postmaster, as
well as to monitor, separately, my application that depends upon it. If they
go down, for some reason, I want daemontools to restart them.

I am putting myself in the situation where the following shell script will run
to initialize the postmaster process,
however it may possibly be rerun!!! an unlimited number of times !!!!if the
process!!!! /usr/bin/postmaster goes down
namely

[this file is called the ./run file in daemontools. it is "supervised" to make
sure it is always running by the supervise program]

_______________________
#!/usr/bin/sh
pid = $(pidof -s /usr/bin/postmaster)
if [ pid]
then echo $" Postmaster is already running."
else
rm -f /tmp/.s.PSQL.* > /dev/null
rm -f /var/lib/pgsql/data/postmaster.pid > /dev/null
exec 2>&1
exec setuidgid postgres /usr/bin/postmaster -D /var/lib/pgsql/data
fi
______________________

I copied the clause

pid = $(pidof -s /usr/bin/postmaster)
if [ pid]
then echo $" Postmaster is already running."
else

from Lamar Owen's postgresql service script on RedHat linux.
(Q. why does he put echo $" Postmaster is already running " instead of just
echo "Postmaster is already running" ?)

I need your expert opinion. I am a complete ignoramous about this. In your
wide experience,
In this very restricted circumstance, even though I am violating Tom's rule of
running the
rm -f /var/lib/pgsql/data/postmaster.pid beyond boot time, will I possibly
start 2 postmasters at once?
Am I shooting myself in the foot?

Kapow!

Mitchell

Responses

Browse pgsql-admin by date

  From Date Subject
Next Message Randall Perry 2003-05-09 13:51:54 Re: Pg_hba and dynamic dns
Previous Message David W Noon 2003-05-09 13:21:38 Re: Automatic shutdown from Linux.