| From: | Fujii Masao <masao(dot)fujii(at)oss(dot)nttdata(dot)com> |
|---|---|
| To: | Sergei Kornilov <sk(at)zsrv(dot)org>, Kyotaro Horiguchi <horikyota(dot)ntt(at)gmail(dot)com>, "a(dot)lubennikova(at)postgrespro(dot)ru" <a(dot)lubennikova(at)postgrespro(dot)ru> |
| Cc: | "robertmhaas(at)gmail(dot)com" <robertmhaas(at)gmail(dot)com>, "michael(at)paquier(dot)xyz" <michael(at)paquier(dot)xyz>, "andres(at)anarazel(dot)de" <andres(at)anarazel(dot)de>, "peter(dot)eisentraut(at)2ndquadrant(dot)com" <peter(dot)eisentraut(at)2ndquadrant(dot)com>, "pgsql-hackers(at)postgresql(dot)org" <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Allow some recovery parameters to be changed with reload |
| Date: | 2020-11-06 16:28:49 |
| Message-ID: | a136a397-1401-9531-20c1-1b83575fd68d@oss.nttdata.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On 2020/11/06 21:36, Sergei Kornilov wrote:
> Hello
>
>> Currently when restore_command is not set, archive recovery fails
>> at the beginning. With the patch, how should we treat the case where
>> retore_command is reset to empty during archive recovery? We should
>> reject that change of restore_command?
>
> Good point. I think we should reject that change. But (AFAIC) I cannot use GUC check callback for this purpose, as only the startup process knows StandbyModeRequested. I think it would be appropriate to call validateRecoveryParameters from StartupRereadConfig.
I don't think this idea is ok because emptying restore_command and the reload
of configuration file could cause the server doing archive recovery to
shut down with FATAL error.
I'm wondering if it's safe to allow restore_command to be emptied during
archive recovery. Even when it's emptied, archive recovery can proceed
by reading WAL files from pg_wal directory. This is the same behavior as
when restore_command is set to, e.g., /bin/false. So maybe we don't need
to treat the empty restore_command so special??
OTOH, we should not remove the check of restore_command in
validateRecoveryParameters(). Otherwise, when users forget to specify
restore_command when starting archive recovery, recovery could
wrongly proceed and the database could get corrupted.
Regards,
--
Fujii Masao
Advanced Computing Technology Center
Research and Development Headquarters
NTT DATA CORPORATION
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Fujii Masao | 2020-11-06 17:30:44 | Re: Use standard SIGHUP and SIGTERM handlers in autoprewarm module |
| Previous Message | Anastasia Lubennikova | 2020-11-06 15:56:25 | Re: [PATCH] postgres_fdw connection caching - cause remote sessions linger till the local session exit |