On Wed, 2009-12-23 at 12:50 +0200, Heikki Linnakangas wrote:
> I just realized that the current history file fails to recognize this
> scenario:
>
> 1. pg_start_backup()
> 2. cp -a $PGDATA data-backup
> 3. create data-backup/recovery.conf
> 4. postmaster -D data-backup
>
> That is, starting postmaster on a data directory, without ever calling
> pg_stop_backup(). Because pg_stop_backup() was not called, the history
> file is not there, and recovery won't complain about not reaching the
> safe starting point.
>
> That is of course a case of "don't do that!", but perhaps we should
> refuse to start up if the backup history file is not found? At least in
> the WAL-based approach, I think we should refuse to start up if we don't
> see the pg_stop_backup WAL record.
The code has always been capable of starting without this, which was
considered a feature to be able start from a hot copy. I would like to
do as you suggest, but it would remove the feature. This would be a
great example of why I don't want too many ways to start HS.
-- Simon Riggs www.2ndQuadrant.com
