Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> wrote:
> "Kevin Grittner" <Kevin(dot)Grittner(at)wicourts(dot)gov> writes:
>> A symbolic link seems both safer and easier.
> The notion of mounting a filesystem directly there scares me, on
> the whole. Here is the problem: what if someday that filesystem
> happens not to be mounted? Then you have a bare mountpoint
> directory, with no real way for the postmaster to notice that that
> wasn't what you intended. Hilarity ensues.
Yeah, we've experienced that in our shop with backup mount points --
so it was not quite so hilarious as live database directories, but
funny enough from a space utilization perspective. We've taken to
ensuring that the subdirectory used as a mount point is locked down
to a root:root owner with no rights granted. Since we don't do our
backups as the root user, failure to mount (or to mount in time)
generates understandable errors in a timely fashion. I still much
prefer a symlink for pg_xlog, but I thought that this suggestion
might save someone some pain.
> don't symlink to exactly the filesystem mount point but rather a
> directory level or two down, so that the target dir is not there
> if the mount fails.
Good point. We have done it that way, but primarily for another
reason -- we often have more than one database cluster running on
the machine, and we generally have them share an xlog filesystem.
-Kevin