Re: [PROPOSAL] Termination of Background Workers for ALTER/DROP DATABASE

čt 18. 12. 2025 v 12:47 odesílatel Aya Iwata (Fujitsu) <
iwata(dot)aya(at)fujitsu(dot)com> napsal:

> Hi Pavel-san
>
> Thank you for your feedback!
>
> > From: Pavel Stehule <pavel(dot)stehule(at)gmail(dot)com>
> > Sent: Thursday, December 18, 2025 12:33 AM
> > To: Iwata, Aya/岩田 彩 <iwata(dot)aya(at)fujitsu(dot)com>
> > Cc: Michael Paquier <michael(at)paquier(dot)xyz>; Peter Smith <
> smithpb2250(at)gmail(dot)com>; Chao Li <li(dot)evan(dot)chao(at)gmail(dot)com>; Kuroda,
> Hayato/黒田 隼人 <kuroda(dot)hayato(at)fujitsu(dot)com>; pgsql-hackers <
> pgsql-hackers(at)postgresql(dot)org>
> > Subject: Re: [PROPOSAL] Termination of Background Workers for ALTER/DROP
> DATABASE
> >> Hi Pavel-san,
> >>
> >> >> So maybe there should be ALTER DATABASE ... RENAME ... FORCE - or if
> FORCE can terminare all workers (without special FLAG) ?
> >> >
> >> > For the proposed feature, we've added a flag allowing each extension
> developer to decide whether to terminate it via DROP/ALTER DATABASE.
> >> > Adding a FORCE option to ALTER to let database definition modifiers
> decide whether to force termination of background workers might be better
> discussed in a separate thread.
> >> >
> >> > When I thought about it - there can be a second alternative.
> >> >
> >> > Introduce a pair of flags BGWORKER_INTERRUPTABLE and
> BGWORKER_PROTECTED (the names can be enhanced or changed).
> BGWORKER_INTERRUPTABLE can be default.
> >> > ALTER DATABASE RENAME and related commands can stop any non protected
> workers. ALTER DATABASE RENAME FORCE can stop any workers (including
> protected).
> >>
> >> I can't image any use cases for BGWORKER_PROTECTED. Do you have any
> idea?
> >> Also, I think the parameter settings might get a complicated.
> >> If we start discussing the "FORCE" option, it is better to think about
> this parameter.
> >>
> >> > Is there any reason why BGWORKER_INTERRUPTABLE cannot be default?
> Probably nobody would block some possibly common operations on database
> level without strong reason.
> >>
> >> As Michael-san mentioned in a previous email, this behavior has
> remained unchanged since bgworkers were introduced in v9.3.
> >> I don't see a compelling reason to alter it now. Additionally, this
> specification can be modified later.
>
> > I understand the request for unchanging behaviour - but I am not sure if
> this concept is really helpful - or if the naming is best. I am afraid so
> this feature without changing the workers code is useless (and maybe it is
> wanted).
>
> It is our intention; this feature would enable when developer expressly
> set.
>
> > Any worker should be interruptable by sigterm. And then the name
> BGWORKER_INTERRUPTABLE is little bit vague. Maybe some like
> BGWORKER_CAREFREE_INTERRUPTABLE can be better (or some like this - maybe
> BGWORKER_CANCELABLE)? This can be a signal from bgworker's authors - it is
> ok to kill the worker anytime when it is necessary.
>
> That's right, "interruptable" may not be appropriate. This is because even
> bgworkers without this flag set can be interrupted by sigterm.
> Hmm, I feel these ideas may not be clear what it does. Do someone have
> other idea?
>
> > Some workers can have the flag BGW_NEVER_RESTART - cannot be used as
> signal so this worker is protected, and others can be terminated safely,
> because they will be restarted after 60 seconds?
>
> In my understanding, you are suggesting that the bgworker which set
> bgw_restart_time as BGW_NEVER_RESTART is not terminated by DROP/ALTER,
> right?
> Do you think what kind of use cases might there be?
>

I don't think about use cases - just workers that can be restarted can be
terminated with less risk than workers that shouldn't be restarted - and
maybe BGWORKER_CAREFREE_INTERRUPTABLE is just negation of BGW_NEVER_RESTART
in almost cases.

I afraid so BGWORKER_CAREFREE_INTERRUPTABLE (or
maybe BGWORKER_SAFELY_INTERRUPTABLE) will be source of bugs - this flag is
just "safeguard" for very special cases - and very common bug will be
omission of this flug until someone reports (after long time) "it block
database rename".

Second objection against this design is inconsistency with current CREATE,
DROP DATABASE commands. Without the FORCE flag, it terminates nothing. And
with the FORCE flag it terminates anything that is necessary. Proposed
design is safe - because only specially marked bgworkers are terminated,
but for users it can be unwanted surprise still - and at the end in next
versions - mostly bgworkers will have this flag, because nobody want to
block DDL

Regards

Pavel

> Best Regards,
> Aya Iwata
>