| From: | Nathan Bossart <nathandbossart(at)gmail(dot)com> |
|---|---|
| To: | pgsql-hackers(at)postgresql(dot)org |
| Subject: | allow specifying action when standby encounters incompatible parameter settings |
| Date: | 2022-04-13 21:35:21 |
| Message-ID: | 20220413213521.GA2162009@nathanxps13 |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Hi hackers,
As of 15251c0, when a standby encounters an incompatible parameter change,
it pauses replay so that read traffic can continue while the administrator
fixes the parameters. Once the server is restarted, replay can continue.
Before this change, such incompatible parameter changes caused the standby
to immediately shut down.
I noticed that there was some suggestion in the thread associated with
15251c0 [0] for making this behavior configurable, but there didn't seem to
be much interest at the time. I am interested in allowing administrators
to specify the behavior before 15251c0 (i.e., immediately shut down the
standby when an incompatible parameter change is detected). The use-case I
have in mind is when an administrator has automation in place for adjusting
these parameters and would like to avoid stopping replay any longer than
necessary. FWIW this is what we do in RDS.
I've attached a patch that adds a new GUC where users can specify the
action to take when an incompatible parameter change is detected on a
standby. For now, there are just two options: 'pause' and 'shutdown'.
This new GUC is largely modeled after recovery_target_action.
I initially set out to see if it was possible to automatically adjust these
parameters on a standby, but that is considerably more difficult. It isn't
enough to just hook into the restart_after_crash functionality since it
doesn't go back far enough in the postmaster logic. IIUC we'd need to
reload preloaded libraries (which there is presently no support for),
recalculate MaxBackends, etc. Another option I considered was to
automatically adjust the parameters during startup so that you just need to
restart the server. However, we need to know for sure that the server is
going to be a hot standby, and I don't believe we have that information
where such GUC changes would need to occur (I could be wrong about this).
Anyway, for now I'm just proposing the modest change described above, but
I'd welcome any discussion about improving matters further in this area.
[0] https://postgr.es/m/4ad69a4c-cc9b-0dfe-0352-8b1b0cd36c7b%402ndquadrant.com
--
Nathan Bossart
Amazon Web Services: https://aws.amazon.com
| Attachment | Content-Type | Size |
|---|---|---|
| v1-0001-Introduce-insufficient_standby_setting_action.patch | text/x-diff | 11.0 KB |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | David Rowley | 2022-04-13 21:39:42 | Re: typos |
| Previous Message | Peter Geoghegan | 2022-04-13 21:18:32 | Re: Improving the "Routine Vacuuming" docs |