From: Mark Kirkwood on
Tom Lane wrote:
> Robert Haas <robertmhaas(a)gmail.com> writes:
>
>> On Wed, Jan 20, 2010 at 8:44 PM, Josh Berkus <josh(a)agliodbs.com> wrote:
>>
>>> Well, as long as streaming rep is running, you can't do a smart shutdown
>>> ... smart shutdown seems to treat the walreciever as a client
>>> connection. At the very least, this should be in the documentation.
>>>
>
>
>> How hard is it to fix?
>>
>
> I think the first question is do we *want* to fix it, or is it
> appropriate behavior?
>
> If the master shuts down, will the slaves try to fail over to become
> masters? When the master restarts, will the slaves automatically
> reconnect? If these questions have the wrong answers, shutting down the
> master isn't something to be done lightly, and automatically
> disconnecting slaves would be a real bad idea.
>
>
Right - surely people who have been using pg_standby etc have discovered
this behaviour, so documenting it is fine I would think.

regards

Mark

--
Sent via pgsql-hackers mailing list (pgsql-hackers(a)postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers

From: Fujii Masao on
On Thu, Jan 21, 2010 at 10:44 AM, Josh Berkus <josh(a)agliodbs.com> wrote:
>
>> If it's "standby", it's a previously-existing behavior that a "smart"
>> shutdown doesn't work immediately during recovery. After a recovery
>> has been completed, it would work. Of course, I agree that such a
>> behavior should be documented.
>
> Well, as long as streaming rep is running, you can't do a smart shutdown
> ... smart shutdown seems to treat the walreciever as a client
> connection.

Even if SR is not running, as long as the startup process is running,
we can't do a smart shutdown. It's not peculiar to SR.

> At the very least, this should be in the documentation.

Agreed. Something like "smart shutdown is not allowed during recovery"
should be in the following section.
http://developer.postgresql.org/pgdocs/postgres/server-shutdown.html

Regards,

--
Fujii Masao
NIPPON TELEGRAPH AND TELEPHONE CORPORATION
NTT Open Source Software Center

--
Sent via pgsql-hackers mailing list (pgsql-hackers(a)postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers

From: Heikki Linnakangas on
Fujii Masao wrote:
> On Thu, Jan 21, 2010 at 10:44 AM, Josh Berkus <josh(a)agliodbs.com> wrote:
>>> If it's "standby", it's a previously-existing behavior that a "smart"
>>> shutdown doesn't work immediately during recovery. After a recovery
>>> has been completed, it would work. Of course, I agree that such a
>>> behavior should be documented.
>> Well, as long as streaming rep is running, you can't do a smart shutdown
>> ... smart shutdown seems to treat the walreciever as a client
>> connection.
>
> Even if SR is not running, as long as the startup process is running,
> we can't do a smart shutdown. It's not peculiar to SR.

Right, that's the way a standby server (= one still in recovery) has
always behaved. It has made sense in the past: it's not in the spirit of
smart shutdown to kill the WAL replay immediately. "smart" means wait
for recovery to finish, then shutdown.

It's a good question if that still makes sense with Hot Standby. Perhaps
we should redefine smart shutdown in standby mode to shut down as soon
as all read-only connections have died.

>> At the very least, this should be in the documentation.
>
> Agreed. Something like "smart shutdown is not allowed during recovery"
> should be in the following section.
> http://developer.postgresql.org/pgdocs/postgres/server-shutdown.html

It's allowed, it just doesn't do what you might expect.


In the master, smart shutdown shuts down as soon as all regular backends
are gone. It doesn't wait for the standby connections to die. In fact
they're not killed until after the shutdown checkpoint is written, so
that it gets sent to the standbys too. I think we're good there.

--
Heikki Linnakangas
EnterpriseDB http://www.enterprisedb.com

--
Sent via pgsql-hackers mailing list (pgsql-hackers(a)postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers

From: Greg Smith on
Heikki Linnakangas wrote:
> It's a good question if that still makes sense with Hot Standby. Perhaps
> we should redefine smart shutdown in standby mode to shut down as soon
> as all read-only connections have died.
>

I've advocated in the past that an escalating shutdown procedure would
be helpful in general to have available. Start kicking off clients with
smart, continue to fast if there's any left, and if there's still any
left after that (have seen COPY clients that ignore fast) disconnect
them and go to immediate to completely kill them. Once you've started
the server on the road to shutdown, even with smart, you've basically
committed to going all the way down by whatever means is available
anyway, so why not make that more automated and easier.

If something like that were available, I could see inserting a step in
the middle there specifically aimed at resolving this issue. Maybe it's
just a change to the beginning of fast shutdown, or to the end of smart
as I think you're suggesting. Perhaps you only get it if you do one of
these escalating shutdowns I'm proposing, making that the preferred way
to handle HS servers.

--
Greg Smith 2ndQuadrant Baltimore, MD
PostgreSQL Training, Services and Support
greg(a)2ndQuadrant.com www.2ndQuadrant.com


--
Sent via pgsql-hackers mailing list (pgsql-hackers(a)postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers

From: Fujii Masao on
On Thu, Jan 21, 2010 at 4:27 PM, Heikki Linnakangas
<heikki.linnakangas(a)enterprisedb.com> wrote:
> It's a good question if that still makes sense with Hot Standby. Perhaps
> we should redefine smart shutdown in standby mode to shut down as soon
> as all read-only connections have died.

Okay. Let's work out the details.

I guess that the startup process and the walreceiver should wait
for all read only backends to exit in smart shutdown case. It's
because those backends might be waiting for the record that conflicts
with their queries to be replayed. Is this OK? Or we should kill the
startup process and the walreceiver on ahead?

If my guess is right, we would need to add new PMState to cancel
recovery and replication after all read only connections have died.

Regards,

--
Fujii Masao
NIPPON TELEGRAPH AND TELEPHONE CORPORATION
NTT Open Source Software Center

--
Sent via pgsql-hackers mailing list (pgsql-hackers(a)postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers

First  |  Prev  |  Next  |  Last
Pages: 1 2 3 4 5
Prev: [HACKERS] HS/SR and smart shutdown
Next: plpython3 perf