Re: basebackups during ALTER DATABASE ... SET TABLESPACE ... not safe?

On Mon, Jan 26, 2015 at 4:03 PM, Andres Freund <andres(at)2ndquadrant(dot)com> wrote:
>> I basically have two ideas to fix this.
>>
>> 1) Make do_pg_start_backup() acquire a SHARE lock on
>> pg_database. That'll prevent it from starting while a movedb() is
>> still in progress. Then additionally add pg_backup_in_progress()
>> function to xlog.c that checks (XLogCtl->Insert.exclusiveBackup ||
>> XLogCtl->Insert.nonExclusiveBackups != 0). Use that in createdb() and
>> movedb() to error out if a backup is in progress.
>
> Attached is a patch trying to this. Doesn't look too bad and lead me to
> discover missing recovery conflicts during a AD ST.
>
> But: It doesn't actually work on standbys, because lock.c prevents any
> stronger lock than RowExclusive from being acquired. And we need need a
> lock that can conflict with WAL replay of DBASE_CREATE, to handle base
> backups that are executed on the primary. Those obviously can't detect
> whether any standby is currently doing a base backup...
>
> I currently don't have a good idea how to mangle lock.c to allow
> this. I've played with doing it like in the second patch, but that
> doesn't actually work because of some asserts around ProcSleep - leading
> to locks on database objects not working in the startup process (despite
> already being used).
>
> The easiest thing would be to just use a lwlock instead of a heavyweight
> lock - but those aren't canceleable...

How about just wrapping an lwlock around a flag variable? movedb()
increments the variable when starting and decrements it when done
(must use PG_ENSURE_ERROR_CLEANUP). Starting a backup errors out (or
waits in 1-second increments) if it's non-zero.

--
Robert Haas
EnterpriseDB: http://www.enterprisedb.com
The Enterprise PostgreSQL Company