On Mon, Aug 7, 2023 at 11:29 AM Julien Rouhaud <rjuju...@gmail.com> wrote: > > On Mon, Aug 07, 2023 at 09:24:02AM +0530, Amit Kapila wrote: > > > > I think autovacuum is not enabled during the upgrade. See comment "Use > > -b to disable autovacuum." in start_postmaster(). However, I am not > > sure if there can't be any additional WAL from checkpointer or > > bgwriter. Checkpointer has a code that ensures that if there is no > > important WAL activity then it would be skipped. Similarly, bgwriter > > also doesn't LOG xl_running_xacts unless there is an important > > activity. I feel if there is a chance of any WAL activity during the > > upgrade, we need to either change the check to ensure such WAL records > > are expected or document the same in some way. > > Unless I'm missing something I don't see what prevents something to connect > using the replication protocol and issue any query or even create new > replication slots? >
I think the point is that if we have any slots where we have not consumed the pending WAL (other than the expected like SHUTDOWN_CHECKPOINT) or if there are invalid slots then the upgrade won't proceed and we will request user to remove such slots or ensure that WAL is consumed by slots. So, I think in the case you mentioned, the upgrade won't succeed. > Note also that as complained a few years ago nothing prevents a bgworker from > spawning up during pg_upgrade and possibly corrupt the upgraded cluster if > multixid are assigned. If publications are preserved wouldn't it mean that > such bgworkers could also lead to data loss? > Is it because such workers would write some WAL which slots may not process? If so, I think it is equally dangerous as other problems that can arise due to such a worker. Do you think of any special handling here? -- With Regards, Amit Kapila.
