Hi,
On 2022-07-14 23:42:56 -0400, Tom Lane wrote:
> Andres Freund <andres@anarazel.de> writes:
> > On 2022-07-14 20:48:57 -0400, Tom Lane wrote:
> >> (I wonder if we shouldn't refactor this so that the postmaster
> >> and standalone mode share more of the initialization logic.
> >> Keeping these bits in sync seems unlikely to happen otherwise.)
>
> > Yes, that might be worthwhile. OTOH, I wonder if we should spend that time to
> > remove single user mode instead - the architectural complexity really doesn't
> > seem worth it anymore, and IMO my prototype from a few months back showed that
> > it's feasible.
>
> I dunno ... if your DB is in bad enough shape that you need to resort
> to single-user mode, you probably don't want any more moving parts
> in the system than you absolutely have to have.
Well, right now the main reason people need single user is anti-wraparound
stuff. And there it's actively harmful (requiring a shutdown checkpoint,
emptying shared buffers, foreground checkpoints, foreground writing of all
WAL, etc).
It's also not comforting to hit a lot of codepaths that are exercised rarely,
when things already have gone pear-shaped. We've had plenty bugs - in
important paths like releasing lwlocks in case of errors - that were single
user specific.
> Autovacuum, custom background workers, and the like are going to be
> counterproductive.
I think it'd be better to address those with a GUC more squarely aimed at
disabling systems you don't need when on a corrupted cluster.
Greetings,
Andres Freund