Re: pg_resetwal --next-transaction-id may cause database failed to restart.

From: Alvaro Herrera <alvherre(at)2ndquadrant(dot)com>
To: "movead(dot)li(at)highgo(dot)ca" <movead(dot)li(at)highgo(dot)ca>
Cc: pgsql-hackers <pgsql-hackers(at)postgresql(dot)org>
Subject: Re: pg_resetwal --next-transaction-id may cause database failed to restart.
Date: 2020-07-07 15:06:39
Message-ID: 20200707150639.GA8612@alvherre.pgsql
Views: Raw Message | Whole Thread | Download mbox | Resend email
Lists: pgsql-hackers

On 2020-Jul-07, movead(dot)li(at)highgo(dot)ca wrote:

> >ISTM that a reasonable compromise is that if you use -x (or -c, -m, -O)
> >and the input value is outside the range supported by existing files,
> >then it's a fatal error; unless you use --force, which turns it into
> >just a warning.
> I do not think '--force' is a good choice, so I add a '--test, -t' option to
> force to write a unsafe value to pg_control.
> Do you think it is an acceptable method?

The rationale for this interface is unclear to me. Please explain what
happens in each case?

In my proposal, we'd have:

* Bad value, no --force:
- program raises error, no work done.
* Bad value with --force:
- program raises warning but changes anyway.
* Good value, no --force:
- program changes value without saying anything
* Good value with --force:
- same

The rationale for this interface is convenient knowledgeable access: the
DBA runs the program with value X, and if the value is good, then
they're done. If the program raises an error, DBA has a choice: either
run with --force because they know what they're doing, or don't do
anything because they know that they would make a mess.

Álvaro Herrera
PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services

In response to


Browse pgsql-hackers by date

  From Date Subject
Next Message Alvaro Herrera 2020-07-07 15:08:30 Re: Cache lookup errors with functions manipulation object addresses
Previous Message Magnus Hagander 2020-07-07 15:01:30 Re: TLS checking in pgstat