| From: | Justin Pryzby <pryzby(at)telsasoft(dot)com> |
|---|---|
| To: | Andres Freund <andres(at)anarazel(dot)de> |
| Cc: | Peter Eisentraut <peter(dot)eisentraut(at)2ndquadrant(dot)com>, pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: RFC: Add 'taint' field to pg_control. |
| Date: | 2018-02-28 22:28:24 |
| Message-ID: | 20180228222824.GC32095@telsasoft.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Wed, Feb 28, 2018 at 02:18:12PM -0800, Andres Freund wrote:
> On 2018-02-28 17:14:18 -0500, Peter Eisentraut wrote:
> > I can see why you'd want that, but as a DBA, I don't necessarily want
> > all of that recorded, especially in a quasi-permanent way.
>
> Huh? You're arguing that we should make it easier for DBAs to hide
> potential causes of corruption? I fail to see when that's necessary /
> desirable? That a cluster ran with fsync=off isn't an embarassing thing,
> nor does it contain private data...
The more fine grained these are the more useful they can be:
Running with fsync=off is common advice while loading, so reporting that
"fsync=off at some point" is much less useful than reporting "having to run
recovery from an fsync=off database".
I propose there could be two bits:
1. fsync was off at some point in history when the DB needed recovery;
2. fsync was off during the current instance; I assume the bit would be set
whenever fsync=off was set, but could be cleared when the server was
cleanly shut down. If the bit is set during recovery, the first bit would
be permanently set. Not sure but if this bit is set and then fsync
re-enabled, maybe this could be cleared after any checkpoint and not just
shutdown ?
Justin
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Peter Eisentraut | 2018-02-28 22:28:51 | INOUT parameters in procedures |
| Previous Message | Andres Freund | 2018-02-28 22:23:19 | Re: RFC: Add 'taint' field to pg_control. |