| From: | Andres Freund <andres(at)anarazel(dot)de> |
|---|---|
| To: | pgsql-hackers(at)lists(dot)postgresql(dot)org,Brian Faherty <anothergenericuser(at)gmail(dot)com>,pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: Missing pg_control crashes postmaster |
| Date: | 2018-07-23 19:55:48 |
| Message-ID: | 2A3449E6-D4C9-4A81-BBDB-47E92037EC7A@anarazel.de |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On July 23, 2018 12:31:13 PM PDT, Brian Faherty <anothergenericuser(at)gmail(dot)com> wrote:
>Hey Hackers,
>
>If a postmaster is running and the pg_control file is removed postgres
>will PANIC.
>
>Steps to recreate:
>
>1.) start a new cluster
>2.) rm $DATADIR/pg_control
>3.) psql => CHECKPOINT;
>
>PANIC: could not open control file "global/pg_control": No such file
>or directory
>
>After the PANIC there is no pg_control. Recovery would be difficult
>without a replica or a backup. Instead of crashing we can just write a
>new pg_control file since all the data is in memory at the time.
>
>There does not really seem to be a need for this behavior as all the
>information postgres needs is in memory at this point. I propose with
>a patch to just recreate pg_control on updates if it does not exist.
What's the issue this would solve? Given that there's moments, until the control file is rewritten, where you would be toast either way, I don't buy this gives much added safety. Nor have you explained which realistic scenarios lead to the file missing, without much broader problems being present.
Andres
--
Sent from my Android device with K-9 Mail. Please excuse my brevity.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Jeff Janes | 2018-07-23 20:14:40 | Re: BUG #15182: Canceling authentication due to timeout aka Denial of Service Attack |
| Previous Message | David G. Johnston | 2018-07-23 19:49:33 | Re: Missing pg_control crashes postmaster |