Heikki Linnakangas wrote: > Simon Riggs wrote: >> On Thu, 2010-03-25 at 10:11 +0200, Heikki Linnakangas wrote: >> >>> PANIC seems like the appropriate solution for now. >> It definitely is not. Think some more. > > Well, what happens now in previous versions with pg_standby et al is > that the standby starts up. That doesn't seem appropriate either. > > Hmm, it would be trivial to just stay in the standby mode at a corrupt > file, continuously retrying to restore it and continue replay. If it's > genuinely corrupt, it will never succeed and the standby gets stuck at > that point. Maybe that's better; it's close to what Fujii suggested > except that you don't need a new mode for it.
On second thought, that's easy for the built-in standby mode, but not for archive recovery where we're not currently retrying anything. In archive recovery, we could throw a WARNING and start up, which would be like the current behavior in older versions except you get a WARNING instead of LOG, or we could PANIC. I'm leaning towards PANIC, which makes most sense for genuine point-in-time or archive recovery (ie. not a standby server), but I can see the rationale for WARNING too, for pg_standby and for the sake of preserving old behavior. -- Heikki Linnakangas EnterpriseDB http://www.enterprisedb.com -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
