RE: Stronger safeguard for archive recovery not to miss data

Hi, Laurenz

On Thursday, January 21, 2021 9:51 PM Laurenz Albe <laurenz(dot)albe(at)cybertec(dot)at> wrote:
> On Thu, 2021-01-21 at 11:49 +0000, osumi(dot)takamichi(at)fujitsu(dot)com wrote:
> > Adding a condition to check if "recovery_allow_data_corruption" is
> > 'on' around the end of
> > CheckRequiredParameterValues() sounds safer for me too, although
> > implementing a new GUC parameter sounds bigger than what I expected at
> first.
> > The default of the value should be 'off' to protect users from getting the
> corrupted server.
> > Does everyone agree with this direction ?
>
> I'd say that adding such a GUC is material for another patch, if we want it at all.
OK. You meant another different patch.

> I think it is very unlikely that people will switch from "wal_level=replica" to
> "minimal" and back very soon afterwards and also try to recover past such a
> switch, which probably explains why nobody has complained about data
> corruption generated that way. To get the server to start with
> "wal_level=minimal", you must set "archive_mode=off" and
> "max_wal_senders=0", and few people will do that and still expect recovery to
> work.
Yeah, the possibility is low of course.

> My vote is that we should not have a GUC for such an unlikely event, and that
> stopping recovery is good enough.
OK. IIUC, my current patch for this fix doesn't need to be changed or withdrawn.
Thank you for your explanation.

Best Regards,
Takamichi Osumi