Re: How to shoot yourself in the foot: kill -9 postmaster

From: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To: Hiroshi Inoue <Inoue(at)tpf(dot)co(dot)jp>
Cc: pgsql-hackers(at)postgreSQL(dot)org
Subject: Re: How to shoot yourself in the foot: kill -9 postmaster
Date: 2001-03-06 02:28:20
Message-ID: 3632.983845700@sss.pgh.pa.us
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

Hiroshi Inoue <Inoue(at)tpf(dot)co(dot)jp> writes:
> Tom Lane wrote:
>> I think we need a stronger interlock to prevent this scenario, but I'm
>> unsure what it should be. Ideas?

> Seems the simplest way is to inhibit starting postmaster
> if the pid file exists.

Then we're unable to recover from a crash without manual intervention.

The tricky part of this is not to give up the ability to restart when
there *has* been a crash.

> Another way is to use flock() if flock() is available.
> We could flock() the pid file so that another postmaster
> could detect the lock of the file.

This would only work if every backend is holding flock on the file,
which would mean they'd all have to keep it open all the time. Kind
of annoying to use up that many file descriptors on it. Might be the
best answer though; I haven't thought of anything I like better...

regards, tom lane

In response to

Responses

Browse pgsql-hackers by date

  From Date Subject
Next Message Thomas Lockhart 2001-03-06 02:31:32 Re: CORBA and PG
Previous Message Tom Lane 2001-03-06 02:25:17 Re: How to handle waitingForLock in LockWaitCancel()