| From: | Thomas Swan <tswan-lst(at)ics(dot)olemiss(dot)edu> |
|---|---|
| To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Cc: | pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: How to shoot yourself in the foot: kill -9 postmaster |
| Date: | 2001-03-05 23:19:34 |
| Message-ID: | 5.0.2.1.0.20010305171513.02527340@tangent.ics.olemiss.edu |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
At 3/5/2001 04:30 PM, you wrote:
>Now, killing the postmaster -9 and not cleaning up the backends has
>always been a good way to shoot yourself in the foot, but up to now the
>worst thing that was likely to happen to you was isolated corruption in
>specific tables. In the brave new world of WAL the stakes are higher,
>because the system will refuse to start up if it finds a corrupted
>checkpoint record. Clueless admins who resort to kill -9 as a routine
>admin tool *will* lose their databases. Moreover, the init scripts
>that are running around now are dangerous weapons if used with 7.1.
>
>I think we need a stronger interlock to prevent this scenario, but I'm
>unsure what it should be. Ideas?
Is there anyway to see if the other processes (child) have a lock on the
log file?
On a lot of systems, when a daemon starts, will record the PID in a file so
it/'the admin' can do a 'shutdown' script with the PID listed.
Can child processes list themselves like child.PID in a configurable
directory, and have the starting process look for all of these and shut the
"orphaned" child processes down?
Just thoughts...
Thomas
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Alfred Perlstein | 2001-03-05 23:47:51 | Re: How to shoot yourself in the foot: kill -9 postmaster |
| Previous Message | Tom Lane | 2001-03-05 22:30:26 | How to shoot yourself in the foot: kill -9 postmaster |