Re: max_standby_delay considered harmful

From: Florian Pflug <fgp(at)phlo(dot)org>
To: Dimitri Fontaine <dfontaine(at)hi-media(dot)com>
Cc: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Andres Freund <andres(at)anarazel(dot)de>, pgsql-hackers(at)postgresql(dot)org, Bruce Momjian <bruce(at)momjian(dot)us>, Greg Smith <greg(at)2ndquadrant(dot)com>, Robert Haas <robertmhaas(at)gmail(dot)com>, Simon Riggs <simon(at)2ndquadrant(dot)com>, Josh Berkus <josh(at)agliodbs(dot)com>
Subject: Re: max_standby_delay considered harmful
Date: 2010-05-09 14:10:34
Message-ID: 1F61AC85-79B2-4D49-AA93-2DA451A26574@phlo.org
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

On May 9, 2010, at 13:59 , Dimitri Fontaine wrote:
> Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> writes:
>> I like the proposal of a boolean because it provides only the minimal
>> feature set of two cases that are both clearly needed and easily
>> implementable. Whatever we do later is certain to provide a superset
>> of those two cases. If we do something else (and that includes my own
>> proposal of a straight lock timeout), we'll be implementing something
>> we might wish to take back later. Taking out features after they've
>> been in a release is very hard, even if we realize they're badly
>> designed.
>
> That's where I though my proposal fitted in. I fail to see us wanting to
> take back explicit pause/resume admin functions in any future release.
>
> Now, after having read Greg's arguments, my vote would be the following:
> - hot_standby_conflict_winner = queries|replay, defaults to replay
> - add pause/resume so that people can switch temporarily to queries
> - label max_standby_delay *experimental*, keep current code

Adding pause/resume seems to introduce some non-trivial locking problems, though. How would you handle a pause request if the recovery process currently held a lock?

Dropping the lock is not an option for correctness reasons. Otherwise you wouldn't have needed to take the lock in the first place, no?

Pausing with the lock held leads to priority-inversion like problems. Queries now might block until recovery is resumed - quite the opposite of what pause() is supposed to archive

The only remaining option is to continue applying WAL until you reach a point where no locks are held, then pause. But from a user's POV that is nearly indistinguishable from simply setting hot_standby_conflict_winner to in the first place I think.

best regards,
Florian Pflug

In response to

Responses

Browse pgsql-hackers by date

  From Date Subject
Next Message David Fetter 2010-05-09 14:49:13 Re: 9.0b1: "ERROR: btree index keys must be ordered by attribute"
Previous Message Dimitri Fontaine 2010-05-09 11:59:50 Re: max_standby_delay considered harmful