From: | Alvaro Herrera <alvherre(at)2ndquadrant(dot)com> |
---|---|
To: | "movead(dot)li(at)highgo(dot)ca" <movead(dot)li(at)highgo(dot)ca> |
Cc: | pgsql-hackers <pgsql-hackers(at)postgresql(dot)org> |
Subject: | Re: pg_resetwal --next-transaction-id may cause database failed to restart. |
Date: | 2020-07-07 15:06:39 |
Message-ID: | 20200707150639.GA8612@alvherre.pgsql |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
On 2020-Jul-07, movead(dot)li(at)highgo(dot)ca wrote:
> >ISTM that a reasonable compromise is that if you use -x (or -c, -m, -O)
> >and the input value is outside the range supported by existing files,
> >then it's a fatal error; unless you use --force, which turns it into
> >just a warning.
>
> I do not think '--force' is a good choice, so I add a '--test, -t' option to
> force to write a unsafe value to pg_control.
> Do you think it is an acceptable method?
The rationale for this interface is unclear to me. Please explain what
happens in each case?
In my proposal, we'd have:
* Bad value, no --force:
- program raises error, no work done.
* Bad value with --force:
- program raises warning but changes anyway.
* Good value, no --force:
- program changes value without saying anything
* Good value with --force:
- same
The rationale for this interface is convenient knowledgeable access: the
DBA runs the program with value X, and if the value is good, then
they're done. If the program raises an error, DBA has a choice: either
run with --force because they know what they're doing, or don't do
anything because they know that they would make a mess.
--
Álvaro Herrera https://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services
From | Date | Subject | |
---|---|---|---|
Next Message | Alvaro Herrera | 2020-07-07 15:08:30 | Re: Cache lookup errors with functions manipulation object addresses |
Previous Message | Magnus Hagander | 2020-07-07 15:01:30 | Re: TLS checking in pgstat |