Re: Sync Rep v19

On Tue, Mar 8, 2011 at 7:05 AM, Fujii Masao <masao(dot)fujii(at)gmail(dot)com> wrote:
> Yeah, let's think about how shutdown should work. I'd like to propose the
> following. Thought?
>
> * Smart shutdown
> Smart shutdown should wait for all the waiting backends to be acked, and
> should not cause them to forcibly exit. But this leads shutdown to get stuck
> infinitely if there is no walsender at that time. To enable them to be acked
> even in that situation, we need to change postmaster so that it accepts the
> replication connection even during smart shutdown (until we reach
> PM_SHUTDOWN_2 state). Postmaster has already accepted the superuser
> connection to cancel backup during smart shutdown. So I don't think that
> the idea to accept the replication connection during smart shutdown is so
> ugly.
>
> * Fast shutdown
> I agree with you about fast shutdown. Fast shutdown should cause all the
> backends including waiting ones to exit immediately. At that time, the
> non-acked backend should not return the success, according to the
> definition of sync rep. So we need to change a backend so that it gets rid
> of itself from the waiting queue and exits before returning the success,
> when it receives SIGTERM. This change leads the waiting backends to
> do the same even when pg_terminate_backend is called. But since
> they've not been acked yet, it seems to be reasonable to prevent them
> from returning the COMMIT.

The fast shutdown handling seems fine, but why not just handle smart
shutdown the same way? I don't really like the idea of allowing
replication connections for longer, and the idea that we don't want to
keep waiting for a commit ACK once we're past the point where it's
possible for one to occur seems to apply generically to any shutdown
sequence.

--
Robert Haas
EnterpriseDB: http://www.enterprisedb.com
The Enterprise PostgreSQL Company