| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | Oliver Elphick <olly(at)lfix(dot)co(dot)uk> |
| Cc: | Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us>, Hannu Krosing <hannu(at)tm(dot)ee>, mlw <pgsql(at)mohawksoft(dot)com>, Lamar Owen <lamar(dot)owen(at)wgcr(dot)org>, pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: Upgrading rant. |
| Date: | 2003-01-04 15:53:41 |
| Message-ID: | 27263.1041695621@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Oliver Elphick <olly(at)lfix(dot)co(dot)uk> writes:
> On Sat, 2003-01-04 at 02:17, Tom Lane wrote:
>> There isn't any simple way to lock *everyone* out of the DB and still
>> allow pg_upgrade to connect via the postmaster, and even if there were,
>> the DBA could too easily forget to do it.
> I tackled this issue in the Debian upgrade scripts.
> I close the running postmaster and open a new postmaster using a
> different port, so that normal connection attempts will fail because
> there is no postmaster running on the normal port.
That's a good kluge, but still a kluge: it doesn't completely guarantee
that no one else connects while pg_upgrade is trying to do its thing.
I am also concerned about the consequences of automatic background
activities. Even the periodic auto-CHECKPOINT done by current code
is not obviously safe to run behind pg_upgrade's back (it does make
WAL entries). And the auto-VACUUM that we are currently thinking of
is even less obviously safe. I think that someday, running pg_upgrade
standalone will become *necessary*, not just a good safety feature.
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2003-01-04 16:02:01 | Re: pg_dump.options.diff |
| Previous Message | Kaare Rasmussen | 2003-01-04 12:59:35 | Re: Threads |