Re: (A) native Windows port - Mailing list pgsql-hackers

From Lamar Owen
Subject Re: (A) native Windows port
Date
Msg-id 200207091909.19990.lamar.owen@wgcr.org
Whole thread Raw
In response to Re: (A) native Windows port  (Hannu Krosing <hannu@tm.ee>)
Responses Re: (A) native Windows port
Re: (A) native Windows port
Re: (A) native Windows port
List pgsql-hackers
On Tuesday 09 July 2002 04:17 pm, Hannu Krosing wrote:
> On Tue, 2002-07-09 at 22:10, Lamar Owen wrote:
> > The pre-upgrade script is run in an environment that isn't robust enough
> > to handle that.  What if you run out of disk space during the dump?

> You can either check beforehand or abort and delete the offending
> dumpfile.

And what if you have enough disk space to do the dump, but then that causes 
the OS upgrade to abort because there wasn't enough space left to finish 
upgrading (larger packages, perhaps)?  The system's hosed, and it's our 
fault.

> > What if a postmaster is running -- and many people stop their postmaster
> > before upgrading their version of PostgreSQL?

> It is quite easy to both check for a running postmaster and start/stop
> one.

Not when there is no ps in your path.  Or pg_ctl for that matter.  Nor is 
there necessarily a /proc tree waiting to be exploited.  We're talking the 
anaconda environment, which is tailored for OS installation and upgrading.  
You cannot start a postmaster; you cannot check to see if one is running -- 
you can't even check to see if you're in the anaconda chroot or not, so that 
you can use more tools if not in the OS installation mode.  Again -- the 
total OS upgrade path is a big part of this scenario, as far as the RPM's are 
concerned.  The Debian package may or may not have as grievous a structure.

The only tool you can really use under the anaconda chroot is busybox, and it 
may not do what you want it to.

> > Besides, at least in the case of the RPM, during OS upgrade time the %pre
> > scriptlet (the one you allude to) isn't running in a system with all the
> > normal tools available.

> I don't think that postmaster needs very many normal tools - it should
> be quite independent, except for compat  libs for larger version
> upgrades

The problem there is that you really have no way to tell the system which sets 
of libraries you want.  More to the point: RPM dependencies cannot take 
conditionals and have no concept of if..then.  Nor can you tell the system to 
_install_ the new postgresql instead of _upgrade_ (incidentally, in the RPM 
context an upgrade is an install of the new version followed by an uninstall 
of the old one -- if the new one overwrote files their traces are just wiped 
from the RPM database, if they weren't overwritten, the files get wiped along 
with their respective database entries).  If I could _force_ no upgrades, it 
would be much easier -- but I can't.  Nor can I be sure the %pre scriptlet 
will be run -- some people are so paranoid that they use rpm -U --no-scripts 
religiously.

Thus, when the old postgresql rpm's database entries (in practice virtually 
every old executable gets overwritten) are removed, its dependency 
information is also removed.  As the install/upgrade path builds a complete 
dependency tree of the final installation as part of the process, it knows 
whether the compat libs are needed or not.  If no other program needs them, 
you don't get them, even if you kept an old backend around that does need 
them.  But you really can't make the -server subpackage Require the compat 
packages, because you don't necessarily know what they will be named, or 
anything else they will provide.  If compat libs are even available for the 
version you're upgrading from.

> > Nor is there a postmaster running.  Due to a largish
> > RAMdisk, a postmaster running might cause all manners of problems.

> I don't know anything about the largish RAMdisk,what I meant was that
> postmaster (a 2.7 MB program with ~4 MB RAM footprint) could include the
> functionality of pg_dump and be runnable in single-user mode for dumping
> old databases.

If a standalone backend could reliably dump the database without needing 
networking and many of the other things we take for granted (the install mode 
is a cut-down single-user mode of sorts, running in a chroot of a sort), then 
it might be worth looking at.

> > And an error in the scriptlet could potentially cause the OS upgrade to
> > abort in midstream -- not a nice thing to do to users, having a package

> But is it not the same with _every_ package ? Is there any actual
> upgrading done in the pre/post scripts or are they generally not to be
> trusted ?

No other package is so *different* to require such a complicated upgrade 
process.  Some packages do more with their scriptlets than others, but no 
package does anything near as complicated as dumping a database.  

> We already do a pretty good job with pg_dump, but I would still not
> trust it to do everything automatically and erase the originals.

And that's a big problem.  We shouldn't have that ambivalence.  IOW, I think 
we need more upgrade testing.  I don't think I've seen a cycle yet that 
didn't have upgrade problems.

> If we start claiming that postgresql can do automatic "binary" upgrades
> there will be much fun with people who have some application that runs
> fine on 7.0.3 but barfs on 7.1.2, even if it is due to stricter
> adherence to SQL99 and the SQL is completely out of control or rpm/apt.

That's just us not being backward compatible.  I'm impacted by those things, 
being that I'm running OpenACS here on 7.2.1, when OACS is optimized for 7.1.  
Certain things are very broken.

> There may be even some lazy people who will think that now is the time
> to auto-upgrade from 6.x ;/

And why not?  If Red Hat Linux can upgrade a whole operating environment from 
version 2.0 all the way up to 7.3 (which they claim), why can't we?  If we 
can just give people the tools to deal with potential problems after the 
upgrade, then I think we can do it.  Such a tool as a old-version dumper 
would be a lifesaver to people, I believe.

> Ok. But would it be impossible to move the old postmaster to some other
> place, or is the environment too fragile even for that ?

That is what I have done in the past -- the old backend got copied over (the 
executable), then a special script was run (after upgrade, manually, by the 
user) that tried to pull a dump using the old backend.  It wasn't reliable.  
The biggest problem is that I have no way of insuring that the old backend's 
dependencies stay satisfied -- 'satisfied' meaning that the old glibc stays 
installed for compatibility.  Glibc, after all, is being upgraded out from 
under us, and I can't stop it or even slow it down.

And this could even be that most pathological of cases, where an a.out based 
system is being upgraded to an elf system without a.out kernel support.  
(point of note: PostgreSQL first appeared in official Red Hat Linux as 
version 6.2.1, released with Red Hat Linux 5.0, which was ELF/glibc 
(contrasted to 3.0.3 which was a.out/libc4 and 4.x which was ELF/libc5) -- 
but I don't know about the Debian situation and its pathology.)

> If we move the old postmaster instead of copying then there will be a
> lot less issues about running out of disk space :)

The disk space issue is with the ASCII dump file itself.  Furthermore, what 
happens if the dumpfile is greater than MAXFILESIZE?  Again, wc isn't in the 
path (because it too is being upgraded out from under us -- nothing is left 
untouched by the upgrade EXCEPT that install image RAMdisk, which has a very 
limited set of tools (and a nonstandard kernel to boot).  Networking might or 
might not be available.  Unix domain sockets might or might not be available.

But the crux is that the OS upgrade environment is designed to do one thing 
and one thing alone -- get the OS installed and/or upgraded.  General purpose 
tools just take up space on the install media, a place where space is at a 
very high premium.

> What we are facing here is a problem similar to trying upgrade all users
> C programs when upgrading gcc. While it would be a good thing, nobody
> actually tries to do it - we require them to have source code and to do
> the "upgrade" manually.

Is that directly comparable?  If you have alot of user functions written in C 
then possibly.  But I'm not interested in pathological cases -- I'm
interested in something that works OK for the majority of users.  As long as 
it works properly for users who aren't sophisticated enough to need the 
pathological cases handled, then it should be available.  Besides, one can 
always dump and restore if one wants to.  And just how well does the 
venerable dump/restore cycle work in the presence of these pathological 
cases?

Red Hat Linux doesn't claim upgradability in the presence of highly 
pathological cases (such as rogue software installed from non-RPM sources, or 
non-Red Hat RPM's installed (particularly Ximian Gnome).  So you have to go 
through a process with that.  But it is something you can recover from after 
the upgrade is complete.  That's what I'm after.  I don't hold out hope for a 
fully automatic upgrade -- it would be nice, but we are too extensible for it 
to be practical.  No -- I want tools to be able to recover my old data 
without the old version backend held-over from the previous install.  And I 
think this is a very resonable expectation.

> That's what I propose - dump all databases in pre-upgrade (if you are
> concerned about disk usage, run it twice, first to | wc and then to a
> file) and try to load in post-upgrade.

The wc utility isn't in the path in an OS install situation.  The df utility 
isn't in the path, either.  You can use python, though. :-)  Not that that 
would be a good thing in this context, however.

> There will still be some things that are be impossible to "upgrade" like
> upgrading a.out "C" functions to elf format backend.

If a user is sophisticated enough to write such, that user is sophisticated 
enough to take responsibility for the upgrade.  I'm not talking about users 
of that level here.  But even then, it would be nice to at least get the data 
back out -- the function can then be rebuilt easily enough from source.

> Perhaps we will be able to detect what we can actually upgrade and bail
> out if we find something unupgradable ?

All is alleviated if I can run a utility after the fact to read in my old 
data, without requiring the old packaged binaries.  I don't have to 
workaround ANYTHING.

Again I say -- would such a data dumper not be useful in cases of system 
catalog corruption that prevents a postmaster from starting?  I'm talking 
about a multipurpose utility here, not just something to make my life as RPM 
maintainer easy.

The pg_fsck program is a good beginning to such a program.
-- 
Lamar Owen
WGCR Internet Radio
1 Peter 4:11


pgsql-hackers by date:

Previous
From: "Michael J. Ditto"
Date:
Subject: Re: pg_access
Next
From: Rod Taylor
Date:
Subject: Re: (A) native Windows port