David Steele <david@pgmasters.net> writes:
> On 7/25/18 11:09 AM, Andres Freund wrote:
>> The problem is that that'll just hide the issue for a bit longer, while
>> continuing (due to the O_CREAT we'll not PANIC anymore). Which can lead
>> to a lot of followup issues, like checkpoints removing old WAL that'd
>> have been useful for data recovery.
> So if a panic is the best thing to do, it might still be good to write
> out a copy of pg_control to another file and let the user know that it's
> there. More information seems better than less to me.
I'm still dubious that this is fixing any real-world problem that is
more pressing than the problems it would create. If you're asked to
resuscitate a dead cluster, do you trust pg_control.bak if you find
it? Maybe it's horribly out of date (consider likelihood that someone
removed pg_control more than once, having got away with that the first
time). If there's both that and pg_control, which do you trust?
regards, tom lane
