Re: Proposed WAL changes

Please forgive me if I'm misunderstanding something of these rather
complex issues. But I think this is an important question from the
perspective of a sytem administrator responsible for the safety and
uncorruptedness of his users' data.

If I understand correctly, it is possible, through power failure,
Postgres or OS crash, or disk failure, to end up with a situation
where Postgres cannot put the database in a consistent state. Rather
than failing to start at all, something will be put in place that
allows PG to partially recover and start up, so that you can get to
your data. I think that leaves DBAs wondering two things:

First, how will I know that my database is corrupted? I may not be
present to witness the power failure, unattended reboot, and automatic
restart/quasi-recovery. If the DB has become inconsistent, it is
critical that users do not continue to use it. I'm all for having
Postgres throw up its hands and refuse to start until I put it in
disaster-dump mode.

Secondly, since disaster-dump seems to be a good term for it, is there
some way to know the extent of the damage? I.e. in the typical case
of power failure, is the inconsistent part just the "recent" data,
and would it be possible to find out which records are part of that
damaged set?
--
Christopher Masto Senior Network Monkey NetMonger Communications
chris(at)netmonger(dot)net info(at)netmonger(dot)net http://www.netmonger.net

Free yourself, free your machine, free the daemon -- http://www.freebsd.org/