From: | Jeff Janes <jeff(dot)janes(at)gmail(dot)com> |
---|---|
To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
Cc: | Andres Freund <andres(at)2ndquadrant(dot)com>, Simon Riggs <simon(at)2ndquadrant(dot)com>, Heikki Linnakangas <hlinnakangas(at)vmware(dot)com>, Noah Misch <noah(at)leadboat(dot)com>, Pg Bugs <pgsql-bugs(at)postgresql(dot)org> |
Subject: | Re: PITR potentially broken in 9.2 |
Date: | 2012-12-06 00:35:00 |
Message-ID: | CAMkU=1xQKkj6DLz-ogr+Pj3zb=UR70RgqLLjm56kwcMSjtaqwQ@mail.gmail.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-bugs pgsql-hackers |
On Wed, Dec 5, 2012 at 11:17 AM, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> wrote:
> Jeff Janes <jeff(dot)janes(at)gmail(dot)com> writes:
>> Right now if I'm doing a PITR and want to look around before blessing
>> the restore, I have to:
>> [ do painful stuff ]
>
> Yeah. The worst thing about this is the cost of stepping too far
> forward, but I doubt we can do much about that --- WAL isn't reversible
> and I can't see us making it so. What we can get rid of is the pain
> of shutting down to move the recovery target forward.
>
> Another thought here is that it would be good to have some kind of
> visibility of the last few potential stop points (timestamps/XIDs),
> so that if you do roll too far forward, you have some idea of what
> to try after you reset everything. A zero-order implementation of
> that would be to emit LOG messages as we replay each potential
> commit, but maybe we can do better.
probably embellishments on xlogdump or xlogreader would be the way to go.
>
>> I would also be nice if only the superuser is allowed to connect to
>> the hot standby when pause_at_recovery_target=true, until after
>> pg_xlog_replay_resume() is called.
>
> Uh, why? Other users won't be able to do anything except look around;
On some systems, 95% of users never do anything (that the database
knows about) except look around. But I think it would be unfortunate
to accidentally show them data that will soon be revoked.
> they can't force the database to become read/write. I can't see that
> it's a good idea for recovery to play games with the pg_hba rules;
> too much chance of screwing things up for too little benefit.
OK. I don't know at all what is involved in implementing such a
thing. But a DBA in the middle of a rather arcane but urgent task has
a pretty high chance of screwing things up, too.
Cheers,
Jeff
From | Date | Subject | |
---|---|---|---|
Next Message | Tom Lane | 2012-12-06 00:37:55 | Re: PITR potentially broken in 9.2 |
Previous Message | Andres Freund | 2012-12-05 23:55:30 | Re: PITR potentially broken in 9.2 |
From | Date | Subject | |
---|---|---|---|
Next Message | Tom Lane | 2012-12-06 00:37:55 | Re: PITR potentially broken in 9.2 |
Previous Message | Tom Lane | 2012-12-06 00:33:02 | Re: Dumping an Extension's Script |