Tom Lane wrote: > > I wonder why backup_label isn't automatically removed > > in normal crash recovery case. > > Removing it automatically could be catastrophic if done > incorrectly, no? > > It would be no less catastrophic if done incorrectly from outside the > postmaster; see for example the problems people have had historically > with startup scripts that think they should remove postmaster.pid.
I beg to differ. Removing postmaster.pid can lead to a corrupt database. Removing backup_label means that one of your backups will go wrong, and a subsequent pg_stop_backup() will throw an error. If you have a cluster failover during an online backup, I think any reasonable person would suspect that the backup went wrong. And if nothing else does, the error on pg_stop_backup() will tell you. Given a choice, I expect that everybody who is intent enough on availibility to implement such a solution will want the database to come up if it can be done without data loss. Is there a flaw in my reasoning? Yours, Laurenz Albe -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
