On Tue, Mar 19, 2019 at 11:48:25AM +0100, Fabien COELHO wrote: > Moving the controlfile looks like an effective way to prevent any concurrent > start, as the fs operation is probably atomic and especially if external > tools uses the same trick. However this is not the case yet, eg > "pg_resetwal" uses a "postmaster.pid" hack instead.
pg_upgrade does so. Note that pg_resetwal does not check either that the PID in the file is actually running. > Probably the method could be unified, possibly with some functions > in "controlfile_utils.c". Hm. postmaster.pid is just here to make sure that the instance is not started at all, while we require the instance to be stopped cleanly with other tools, so that's not really consistent in my opinion to combine both. > Ok, this might not work, because of the following, less likely, race > condition: > > postmaster opens control file RW > pg_checksums moves control file, postmater open file handle follows > ... > > So ISTM that we really need some locking to have something clean. We are talking about complicating a method which is already fine for a a window where the whole operation works, as it could take hours to enable checksums, versus a couple of instructions. I am not sure that it is worth complicating the code more. > Help line about --check not simplified as suggested in a prior review, > although you said you would take it into account. Oops, it looks like this got lost because of the successive rebases. I am sure to have updated it at some point.. Anyway, thanks for pointing it out, I got that fixed on my local branch. -- Michael
signature.asc
Description: PGP signature
