Re: Missing pg_control crashes postmaster

From: Andres Freund <andres(at)anarazel(dot)de>
To: pgsql-hackers(at)lists(dot)postgresql(dot)org,Brian Faherty <anothergenericuser(at)gmail(dot)com>,pgsql-hackers(at)postgresql(dot)org
Subject: Re: Missing pg_control crashes postmaster
Date: 2018-07-23 19:55:48
Message-ID: 2A3449E6-D4C9-4A81-BBDB-47E92037EC7A@anarazel.de
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

On July 23, 2018 12:31:13 PM PDT, Brian Faherty <anothergenericuser(at)gmail(dot)com> wrote:
>Hey Hackers,
>
>If a postmaster is running and the pg_control file is removed postgres
>will PANIC.
>
>Steps to recreate:
>
>1.) start a new cluster
>2.) rm $DATADIR/pg_control
>3.) psql => CHECKPOINT;
>
>PANIC: could not open control file "global/pg_control": No such file
>or directory
>
>After the PANIC there is no pg_control. Recovery would be difficult
>without a replica or a backup. Instead of crashing we can just write a
>new pg_control file since all the data is in memory at the time.
>
>There does not really seem to be a need for this behavior as all the
>information postgres needs is in memory at this point. I propose with
>a patch to just recreate pg_control on updates if it does not exist.

What's the issue this would solve? Given that there's moments, until the control file is rewritten, where you would be toast either way, I don't buy this gives much added safety. Nor have you explained which realistic scenarios lead to the file missing, without much broader problems being present.

Andres
--
Sent from my Android device with K-9 Mail. Please excuse my brevity.

In response to

Browse pgsql-hackers by date

  From Date Subject
Next Message Jeff Janes 2018-07-23 20:14:40 Re: BUG #15182: Canceling authentication due to timeout aka Denial of Service Attack
Previous Message David G. Johnston 2018-07-23 19:49:33 Re: Missing pg_control crashes postmaster