Re: [HACKERS] Point in Time Recovery - Mailing list pgsql-admin
| From | Bruce Momjian |
|---|---|
| Subject | Re: [HACKERS] Point in Time Recovery |
| Date | |
| Msg-id | 200407220336.i6M3a5l18707@candle.pha.pa.us Whole thread Raw |
| In response to | Re: [HACKERS] Point in Time Recovery (Tom Lane <tgl@sss.pgh.pa.us>) |
| Responses |
Re: [HACKERS] Point in Time Recovery
|
| List | pgsql-admin |
Agreed, it might not be possible, but your report does point out a limitation in our implementation --- that a shutdown database contains more information than a backup and the archive logs. That is not intuitive. In fact, if you shutdown your database and want to reproduce it on another machine, how do you do it? Seems you have to copy pg_xlog directory over to the new machine. In fact, moving pg_xlog to a new location doesn't make that clear either. Seems documentation might be the only way to make this clear. One idea would be to just push the partial WAL file to the archive on server shutdown and not reuse it and start with a new WAL file on startup. At least for a normal system shutdown this will give us an archive that contains all the information that is in pg_xlog. --------------------------------------------------------------------------- Tom Lane wrote: > Bruce Momjian <pgman@candle.pha.pa.us> writes: > > I think we should push the partially complete WAL file to the archive > > location before shutdown. ... > > When you are running and finally fill up the WAL file it would then > > overwrite the one in the archive but I think that is OK. > > I don't think this can fly at all. Here are some off-the-top-of-the-head > objections: > > 1. We don't have the luxury of spending indefinite amounts of time to > do a database shutdown. Commonly we are under a twenty-second sentence > of death from init. I don't want to spend the 20 seconds waiting to see > if the archiver will manage to push 16MB onto a slow tape drive. Also, > if the archiver does fail to push the data in time, it'll likely leave a > broken (partial) xlog file in the archive, which would be really bad > news if the user then relies on that. > > 2. What if the archiver process entirely fails to push the file? (Maybe > there's not enough disk space, for instance.) In normal operation we'll > just retry every so often. We definitely can't do that during shutdown. > > 3. You're blithely assuming that the archival process can easily provide > overwrite semantics for multiple pushes of the same xlog filename. Stop > thinking about "cp to some directory" and start thinking "dump to tape" > or "burn onto CD" or something like that. We'll be raising the ante > considerably if we require the archive_command to deal with this. > > I think the last one is really the most significant issue. We have to > keep the archiver API as simple as possible. > > regards, tom lane > -- Bruce Momjian | http://candle.pha.pa.us pgman@candle.pha.pa.us | (610) 359-1001 + If your life is a hard drive, | 13 Roberts Road + Christ can be your backup. | Newtown Square, Pennsylvania 19073
pgsql-admin by date: