Doug McNaught <doug@wireboard.com> writes:
> The tip is directed at those people for whom 'kill -9' is the first
> resort, not the last. ;) Clean shutdown is *always* better than
> unclean if you can manage it.
Agreed. But actually, the tip dates from several versions back, when
kill -9 was indeed dangerous.
Back then, if you killed the postmaster without letting it kill all its
child processes, it was possible to start a new postmaster (and then
have it launch new children) while old backends still remained running.
The old and new backends wouldn't know about each other, leading to
disaster if any conflicting updates were made.
There are now interlocks to prevent this scenario: a new postmaster will
look for extant backends in the same database, and refuse to start if it
finds any. So I believe that you cannot shoot yourself in the foot
that way anymore. (Digression: the ability to make this check is one of
the few good things about the SysV shared-memory interface.)
As of 7.1 or so, I think the tip could be rephrased as "kill -9 is not
the preferred way of shutting down the database" ;-)
regards, tom lane
