On Wed, Dec 04, 2019 at 11:52:33AM +0100, Peter Eisentraut wrote: > Is it possible to do this in a mostly bullet-proof way? Just because the > directory exists and looks pretty good otherwise, doesn't mean we can read a > file created in it later in a way that doesn't fall afoul of the existing > error checks. There could be something like SELinux lurking, for example. > > Maybe some initial checking would be useful, but I think we still need to > downgrade the error check at use time a bit to not crash in the cases that > we miss.
I got that thread in my backlog for some time, and was not able to come back to it. Reading it again the thread, it seems to me that using a LOG would make the promote file handling more consistent with what we do for the SSL context reload. Still, one downside I can see here is that this causes the backend to create a new LOG entry each time the promote file is checked, aka each time we check if WAL is available. Couldn't that bloat be a problem? During the SSL reload, we only generate LOG entries for each backend on SIGHUP. -- Michael
signature.asc
Description: PGP signature
