Hi,
how come that the only comment in pg_rewind about fsyncing is '
void
close_target_file(void)
{
.../* fsync? */
}
Isn't that a bit, uh, minimal for a utility that's likely to be used in
failover scenarios?
I think we might actually be "saved" due to
http://git.postgresql.org/gitweb/?p=postgresql.git;a=commit;h=2ce439f33
because pg_rewind appears to leave the cluster in
ControlFile_new.state = DB_IN_ARCHIVE_RECOVERY; updateControlFile(&ControlFile_new);
a state that StartupXLOG will treat as needing recovery:
if (ControlFile->state != DB_SHUTDOWNED && ControlFile->state != DB_SHUTDOWNED_IN_RECOVERY)
SyncDataDirectory();
but that code went in after pg_rewind, so this certainly can't be an
intentional save.
I also don't think it's ok that you need to start the cluster to make it
safe against a crash?
I guess the easiest fix would be to shell out to initdb -s?
Greetings,
Andres Freund
