Re: pg_upgrade --logfile option documentation

On Tue, Feb 28, 2012 at 11:21 AM, Bruce Momjian <bruce(at)momjian(dot)us> wrote:
> On Wed, Feb 22, 2012 at 03:37:29PM -0500, Bruce Momjian wrote:
>> On Wed, Feb 22, 2012 at 05:22:29PM -0300, Alvaro Herrera wrote:
>> > Not sure about this.  If the upgrades completes successfully and the
>> > file is not renamed at the last minute due to some error, that would be
>> > a problem as well, because now the old cluster would happily run and
>> > perhaps corrupt the data files from under the new cluster.
>>
>> Well, the basic problem is that the user, before pg_upgrade started,
>> installed a new cluster that works.  If we rename the old control, but
>> rename it back on failure, there are cases we will miss, kill like -9 or
>> a server crash, and it will not be obvious to them that the control file
>> was renamed.
>>
>> Of course, if we only rename on success, and there is kill -9 or server
>> crash, the old cluster is still start-able, like the new one.
>>
>> One good argument for the rename early is that on a server crash, the
>> system is probably going to restart the database automatically, and that
>> means the old server.
>>
>> Right now we have a clear message that they need to rename the control
>> file to start the old server.  Not sure what the new wording would look
>> like --- let me try.
>
> I have thought about this, and feel that it would be odd to lock the old
> cluster at the start of the upgrade, and then unlock it on a failure,
> particularly because we can't always unlock it, e.g. operating system
> crash.
>
> A cleaner solution would be to lock it when we complete the upgrade,
> which I have done in the attached patch.  I have also added a warning
> about restarting the old server when link mode is used, and updated the
> documentation to match the new behavior.
>
> Patch attached.  I would like to apply this to 9.2/HEAD.
>
> ---------------------------------------------------------------------------
>
> Performing Consistency Checks
> -----------------------------
> Checking current, bin, and data directories                 ok
> Checking cluster versions                                   ok
> Checking database user is a superuser                       ok
> Checking for prepared transactions                          ok
> Checking for reg* system OID user data types                ok
> Checking for contrib/isn with bigint-passing mismatch       ok
> Creating catalog dump                                       ok
> Checking for prepared transactions                          ok
> Checking for presence of required libraries                 ok
>
> If pg_upgrade fails after this point, you must re-initdb the
> new cluster before continuing.
>
> Performing Upgrade
> ------------------
> Analyzing all rows in the new cluster                       ok
> Freezing all rows on the new cluster                        ok
> Deleting new commit clogs                                   ok
> Copying old commit clogs to new server                      ok
> Setting next transaction ID for new cluster                 ok
> Resetting WAL archives                                      ok
> Setting frozenxid counters in new cluster                   ok
> Creating databases in the new cluster                       ok
> Adding support functions to new cluster                     ok
> Restoring database schema to new cluster                    ok
> Removing support functions from new cluster                 ok
> Linking user relation files
>                                                            ok
> Setting next OID for new cluster                            ok
> Creating script to delete old cluster                       ok
> Adding ".old" suffix to old global/pg_control               ok
>
> If you want to start the old cluster, you will need to remove
> the ".old" suffix from /u/pgsql.old/data/global/pg_control.old.
> Because "link" mode was used, the old cluster cannot be safely
> started once the new cluster has been started.
>
> Upgrade complete
> ----------------
> Optimizer statistics are not transferred by pg_upgrade so
> consider running:
>    vacuumdb --all --analyze-only
> on the newly-upgraded cluster.
>
> Running this script will delete the old cluster's data files:
>    /usr/local/pgdev/pg_upgrade/delete_old_cluster.sh

I think you should rename the old control file just before the step
that says "linking user relation files". That's the point after which
it becomes unsafe to start the old cluster, right?

--
Robert Haas
EnterpriseDB: http://www.enterprisedb.com
The Enterprise PostgreSQL Company