Re: Exit walsender before confirming remote flush in logical replication - Mailing list pgsql-hackers
From | Masahiko Sawada |
---|---|
Subject | Re: Exit walsender before confirming remote flush in logical replication |
Date | |
Msg-id | CAD21AoDdbtcwUUthjahzk94K+Pu4fXK=md8Zocg2bdW6ihMnfQ@mail.gmail.com Whole thread Raw |
In response to | Re: Exit walsender before confirming remote flush in logical replication (Amit Kapila <amit.kapila16@gmail.com>) |
Responses |
Re: Exit walsender before confirming remote flush in logical replication
|
List | pgsql-hackers |
On Fri, Jan 20, 2023 at 7:45 PM Amit Kapila <amit.kapila16@gmail.com> wrote: > > On Tue, Jan 17, 2023 at 2:41 PM Amit Kapila <amit.kapila16@gmail.com> wrote: > > > > Let me try to summarize the discussion till now. The problem we are > > trying to solve here is to allow a shutdown to complete when walsender > > is not able to send the entire WAL. Currently, in such cases, the > > shutdown fails. As per our current understanding, this can happen when > > (a) walreceiver/walapply process is stuck (not able to receive more > > WAL) due to locks or some other reason; (b) a long time delay has been > > configured to apply the WAL (we don't yet have such a feature for > > logical replication but the discussion for same is in progress). > > > > Both reasons mostly apply to logical replication because there is no > > separate walreceiver process whose job is to just flush the WAL. In > > logical replication, the process that receives the WAL also applies > > it. So, while applying it can stuck for a long time waiting for some > > heavy-weight lock to be released by some other long-running > > transaction by the backend. > > > > While checking the commits and email discussions in this area, I came > across the email [1] from Michael where something similar seems to > have been discussed. Basically, whether the early shutdown of > walsender can prevent a switchover between publisher and subscriber > but that part was never clearly answered in that email chain. It might > be worth reading the entire discussion [2]. That discussion finally > lead to the following commit: > > commit c6c333436491a292d56044ed6e167e2bdee015a2 > Author: Andres Freund <andres@anarazel.de> > Date: Mon Jun 5 18:53:41 2017 -0700 > > Prevent possibility of panics during shutdown checkpoint. > > When the checkpointer writes the shutdown checkpoint, it checks > afterwards whether any WAL has been written since it started and > throws a PANIC if so. At that point, only walsenders are still > active, so one might think this could not happen, but walsenders can > also generate WAL, for instance in BASE_BACKUP and logical decoding > related commands (e.g. via hint bits). So they can trigger this panic > if such a command is run while the shutdown checkpoint is being > written. > > To fix this, divide the walsender shutdown into two phases. First, > checkpointer, itself triggered by postmaster, sends a > PROCSIG_WALSND_INIT_STOPPING signal to all walsenders. If the backend > is idle or runs an SQL query this causes the backend to shutdown, if > logical replication is in progress all existing WAL records are > processed followed by a shutdown. > ... > ... > > Here, as mentioned in the commit, we are trying to ensure that before > checkpoint writes its shutdown WAL record, we ensure that "if logical > replication is in progress all existing WAL records are processed > followed by a shutdown.". I think even before this commit, we try to > send the entire WAL before shutdown but not completely sure. There was > no discussion on what happens if the logical walreceiver/walapply > process is waiting on some heavy-weight lock and the network socket > buffer is full due to which walsender is not able to process its WAL. > Is it okay for shutdown to fail in such a case as it is happening now, > or shall we somehow detect that and shut down the walsender, or we > just allow logical walsender to always exit immediately as soon as the > shutdown signal came? +1 to eliminate condition (b) for logical replication. Regarding (a), as Amit mentioned before[1], I think we should check if pq_is_send_pending() is false. Otherwise, we will end up terminating the WAL stream without the done message. Which will lead to an error message "ERROR: could not receive data from WAL stream: server closed the connection unexpectedly" on the subscriber even at a clean shutdown. In a case where pq_is_send_pending() doesn't become false for a long time, (e.g., the network socket buffer got full due to the apply worker waiting on a lock), I think users should unblock it by themselves. Or it might be practically better to shutdown the subscriber first in the logical replication case, unlike the physical replication case. I've not studied the time-delayed logical replication patch yet, though. Regards, [1] https://www.postgresql.org/message-id/CAA4eK1%2BpD654%2BXnrPugYueh7Oh22EBGTr6dA_fS0%2BgPiHayG9A%40mail.gmail.com -- Masahiko Sawada Amazon Web Services: https://aws.amazon.com
pgsql-hackers by date: