| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | Hiroshi Inoue <Inoue(at)tpf(dot)co(dot)jp> |
| Cc: | pgsql-hackers(at)postgreSQL(dot)org |
| Subject: | Re: How to shoot yourself in the foot: kill -9 postmaster |
| Date: | 2001-03-06 02:28:20 |
| Message-ID: | 3632.983845700@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Hiroshi Inoue <Inoue(at)tpf(dot)co(dot)jp> writes:
> Tom Lane wrote:
>> I think we need a stronger interlock to prevent this scenario, but I'm
>> unsure what it should be. Ideas?
> Seems the simplest way is to inhibit starting postmaster
> if the pid file exists.
Then we're unable to recover from a crash without manual intervention.
The tricky part of this is not to give up the ability to restart when
there *has* been a crash.
> Another way is to use flock() if flock() is available.
> We could flock() the pid file so that another postmaster
> could detect the lock of the file.
This would only work if every backend is holding flock on the file,
which would mean they'd all have to keep it open all the time. Kind
of annoying to use up that many file descriptors on it. Might be the
best answer though; I haven't thought of anything I like better...
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Thomas Lockhart | 2001-03-06 02:31:32 | Re: CORBA and PG |
| Previous Message | Tom Lane | 2001-03-06 02:25:17 | Re: How to handle waitingForLock in LockWaitCancel() |