| From: | Magnus Hagander <magnus(at)hagander(dot)net> |
|---|---|
| To: | Michael Banck <michael(dot)banck(at)credativ(dot)de> |
| Cc: | Michael Paquier <michael(at)paquier(dot)xyz>, Fabien COELHO <coelho(at)cri(dot)ensmp(dot)fr>, Sergei Kornilov <sk(at)zsrv(dot)org>, PostgreSQL Developers <pgsql-hackers(at)lists(dot)postgresql(dot)org> |
| Subject: | Re: Offline enabling/disabling of data checksums |
| Date: | 2019-03-15 09:01:32 |
| Message-ID: | CABUevEzQ=V9ZkMiNtM9XCfKa5oCKo=LjLzFQ1qXyhDUYz+OXOQ@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Thu, Mar 14, 2019 at 4:26 PM Michael Banck <michael(dot)banck(at)credativ(dot)de>
wrote:
> Hi,
>
> Am Donnerstag, den 14.03.2019, 15:26 +0100 schrieb Magnus Hagander:
> > Given that the failure is data corruption, I don't think big fat
> > warning is enough. We should really make it impossible to start up the
> > postmaster by mistake during the checksum generation. People don't
> > read the documentation until it's too late. And it might not even be
> > under their control - some automated tool might go in and try to start
> > postgres, and boom, corruption.
>
> I guess you're right.
>
> > One big-hammer method could be similar to what pg_upgrade does --
> > temporarily rename away the controlfile so postgresql can't start, and
> > when done, put it back.
>
> That sounds like a good solution to me. I've made PoC patch for that,
> see attached.
>
The downside with this method is we can't get a nice error message during
the attempted startup. But it should at least be safe, which is the most
important part. And at least it's clear what's happening once you list the
files and see the name of the temporary one.
//Magnus
| From | Date | Subject | |
|---|---|---|---|
| Next Message | MikalaiKeida | 2019-03-15 09:11:44 | RE: Timeout parameters |
| Previous Message | Magnus Hagander | 2019-03-15 08:57:50 | Re: Offline enabling/disabling of data checksums |