From: | Robert Haas <robertmhaas(at)gmail(dot)com> |
---|---|
To: | Andres Freund <andres(at)2ndquadrant(dot)com> |
Cc: | "pgsql-hackers(at)postgresql(dot)org" <pgsql-hackers(at)postgresql(dot)org> |
Subject: | Re: basebackups during ALTER DATABASE ... SET TABLESPACE ... not safe? |
Date: | 2015-01-27 12:16:27 |
Message-ID: | CA+TgmoYC3xXs5ham+oO4cykwih7cfkX_heAkNnC8mo4AkQ=+ZA@mail.gmail.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
On Mon, Jan 26, 2015 at 4:03 PM, Andres Freund <andres(at)2ndquadrant(dot)com> wrote:
>> I basically have two ideas to fix this.
>>
>> 1) Make do_pg_start_backup() acquire a SHARE lock on
>> pg_database. That'll prevent it from starting while a movedb() is
>> still in progress. Then additionally add pg_backup_in_progress()
>> function to xlog.c that checks (XLogCtl->Insert.exclusiveBackup ||
>> XLogCtl->Insert.nonExclusiveBackups != 0). Use that in createdb() and
>> movedb() to error out if a backup is in progress.
>
> Attached is a patch trying to this. Doesn't look too bad and lead me to
> discover missing recovery conflicts during a AD ST.
>
> But: It doesn't actually work on standbys, because lock.c prevents any
> stronger lock than RowExclusive from being acquired. And we need need a
> lock that can conflict with WAL replay of DBASE_CREATE, to handle base
> backups that are executed on the primary. Those obviously can't detect
> whether any standby is currently doing a base backup...
>
> I currently don't have a good idea how to mangle lock.c to allow
> this. I've played with doing it like in the second patch, but that
> doesn't actually work because of some asserts around ProcSleep - leading
> to locks on database objects not working in the startup process (despite
> already being used).
>
> The easiest thing would be to just use a lwlock instead of a heavyweight
> lock - but those aren't canceleable...
How about just wrapping an lwlock around a flag variable? movedb()
increments the variable when starting and decrements it when done
(must use PG_ENSURE_ERROR_CLEANUP). Starting a backup errors out (or
waits in 1-second increments) if it's non-zero.
--
Robert Haas
EnterpriseDB: http://www.enterprisedb.com
The Enterprise PostgreSQL Company
From | Date | Subject | |
---|---|---|---|
Next Message | Robert Haas | 2015-01-27 12:28:18 | Re: pg_upgrade and rsync |
Previous Message | Pavel Stehule | 2015-01-27 10:41:16 | Re: proposal: row_to_array function |