Re: postmaster recovery and automatic restart suppression

From: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To: Greg Stark <stark(at)enterprisedb(dot)com>
Cc: Simon Riggs <simon(at)2ndquadrant(dot)com>, Fujii Masao <masao(dot)fujii(at)gmail(dot)com>, "Kolb, Harald (NSN - DE/Munich)" <harald(dot)kolb(at)nsn(dot)com>, pgsql-hackers(at)postgresql(dot)org, "Czichy, Thoralf (NSN - FI/Helsinki)" <thoralf(dot)czichy(at)nsn(dot)com>
Subject: Re: postmaster recovery and automatic restart suppression
Date: 2009-06-08 20:30:57
Message-ID: 3173.1244493057@sss.pgh.pa.us
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

Greg Stark <stark(at)enterprisedb(dot)com> writes:
>> On Mon, 2009-06-08 at 09:47 -0400, Tom Lane wrote:
>>> I think the proposed don't-restart flag is exceedingly ugly and will not
>>> solve any real-world problem.

> Hm. I'm not sure I see a solid use case for it -- in my experience you
> want to be pretty sure you have a persistent problem before you fail
> over.

Yeah, and when you do fail over you want more guarantee than "none at
all" that the primary won't start back up again on its own.

> But I don't really see why it's ugly either.

Because it's intentionally blowing a hole in one of the most prized
properties of the database, ie, that it doesn't go down if it can help
it. I want a *WHOLE* lot stronger rationale than "somebody might want
it someday" before providing a switch that lets somebody thoughtlessly
break a property we've sweated blood for ten years to ensure.

regards, tom lane

In response to

Responses

Browse pgsql-hackers by date

  From Date Subject
Next Message Bruce Momjian 2009-06-08 21:33:33 Re: pg_migrator issue with contrib
Previous Message Greg Stark 2009-06-08 20:12:58 Re: postmaster recovery and automatic restart suppression