Re: Immediate shutdown and system(3) - Mailing list pgsql-hackers

Per discussion, here's a patch for pg_standby in REL8_3_STABLE. The
signal handling is changed so that SIGQUIT no longer triggers failover,
but immediately kills pg_standby, triggering FATAL death of the startup
process too. That's what you want with immediate shutdown.

SIGUSR1 is now accepted as a signal to trigger failover. SIGINT is still
accepted too, but that should be considered deprecated since we're
likely to use SIGINT for immediate shutdown (for startup process) in 8.4.

We should document the use of signals to trigger failover in the
manual... Any volunteers?

This should be noted in the release notes:

If you are using pg_standby, and if you are using signals (e.g "killall
-SIGINT pg_standby") to trigger failover, change your scripts to use
SIGUSR1 instead of SIGQUIT or SIGINT. SIGQUIT no longer triggers
failover, but aborts the recovery and shuts down the standby database.
SIGINT is still accepted as failover trigger, but should be considered
as deprecated and will also be changed to trigger immediate shutdown in
a future release.

--
   Heikki Linnakangas
   EnterpriseDB   http://www.enterprisedb.com
Index: pg_standby.c
===================================================================
RCS file: /cvsroot/pgsql/contrib/pg_standby/pg_standby.c,v
retrieving revision 1.10.2.3
diff -c -r1.10.2.3 pg_standby.c
*** pg_standby.c    6 Jan 2009 17:27:19 -0000    1.10.2.3
--- pg_standby.c    4 Mar 2009 09:13:34 -0000
***************
*** 451,464 ****
      signaled = true;
  }

  /*------------ MAIN ----------------------------------------*/
  int
  main(int argc, char **argv)
  {
      int            c;

!     (void) signal(SIGINT, sighandler);
!     (void) signal(SIGQUIT, sighandler);

      while ((c = getopt(argc, argv, "cdk:lr:s:t:w:")) != -1)
      {
--- 451,487 ----
      signaled = true;
  }

+ /* We don't want SIGQUIT to core dump */
+ static void
+ sigquit_handler(int sig)
+ {
+     signal(SIGINT, SIG_DFL);
+     kill(getpid(), SIGINT);
+ }
+
+
  /*------------ MAIN ----------------------------------------*/
  int
  main(int argc, char **argv)
  {
      int            c;

!     /*
!      * You can send SIGUSR1 to trigger failover.
!      *
!      * Postmaster uses SIGQUIT to request immediate shutdown. The default
!      * action is to core dump, but we don't want that, so trap it and
!      * commit suicide without core dump.
!      *
!      * We used to use SIGINT and SIGQUIT to trigger failover, but that
!      * turned out to be a bad idea because postmaster uses SIGQUIT to
!      * request immediate shutdown. We still trap SIGINT, but that is
!      * deprecated. We will likely switch to using SIGINT for immediate
!      * shutdown in future releases.
!      */
!     (void) signal(SIGUSR1, sighandler);
!     (void) signal(SIGINT, sighandler); /* deprecated, use SIGUSR1 */
!     (void) signal(SIGQUIT, sigquit_handler);

      while ((c = getopt(argc, argv, "cdk:lr:s:t:w:")) != -1)
      {