> > > >> If the sysadmin had left the recovery.conf and removed the trigger file, > >> pg_standby in restore_command would have restored all WAL files required > >> for recovery, and recovery would advance well. > > > > That may be true, but it's certainly seems unfortunate that we don't > > handle this case a bit more gracefully. > > Yeah. I don't think we can do much better in versions <= 8.3, though we > should change that unlink() call to cause the FATAL error in a more > explicit way; it seems accidental and possibly non-portable as it is. > > Adding the note to the docs that Mason suggested is a good idea. > > Given that this situation did NOT actually cause corruption, rather the error message was mangled such that it suggested corruption, I offer this revised suggestion for update to the documentation:
Important note: It is critical the trigger file be created with permissions > allowing the postgres process to remove the file. Generally this is best > done by creating the file from the postgres user account. Failure to do so > will prevent completion of WAL file recovery and the server from coming back > online successfully. Best regards, Mason
