Re: [PROPOSAL] Termination of Background Workers for ALTER/DROP DATABASE - Mailing list pgsql-hackers
| From | Pavel Stehule |
|---|---|
| Subject | Re: [PROPOSAL] Termination of Background Workers for ALTER/DROP DATABASE |
| Date | |
| Msg-id | CAFj8pRAc7a+KsLARqpK8mSqdY-Ats8iJCNtWONkprfDeNt_0zg@mail.gmail.com Whole thread Raw |
| In response to | Re: [PROPOSAL] Termination of Background Workers for ALTER/DROP DATABASE (Michael Paquier <michael@paquier.xyz>) |
| List | pgsql-hackers |
Hi
po 29. 12. 2025 v 1:52 odesílatel Michael Paquier <michael@paquier.xyz> napsal:
On Fri, Dec 26, 2025 at 12:04:47PM +0100, Pavel Stehule wrote:
> I am not sure if I understand what you prefer.
Seems to me that Iwata-san sides with compatibility. Spoiler alert: I
do side with compatibility. See below for more details.
> 1. When bgworker is marked as INTERRUPTIBLE, then can be cancelled
> immediately - there is full agreement - I don't see any problem - just
> probably almost all bgworkers will be not be marked as INTERRUPTIBLE
Yes, these can and should be stopped.
> 2. When bgworker is not marked as INTERRUPTIBLE, then can it be cancelled?
> How dangerous is this? If it cannot be cancelled, then ALTER should wait on
> lock forever, or there should be some special timeout - like CREATE, DROP
> DATABASE and waiting on template databases.
Cancellation is a different thing. bgworkers can be tweaked to answer
to specific signals with their own handlers. What we are discussing
here is if a signal should be sent to a bgworker or not when
performing specific operations.
> 3. If the user needs to execute ALTER, then probably he manually terminates
> the worker any time. Are currently used workers safe against terminating?
> We know so mostly workers will be restarted after timeout - and then it is
> "safe". It is really safe? Can we expect it? If it is safe, then we can
> implement FORCE clause. Probably any worker can be restarted - and without
> safety it is hard to imagine using in the production.
That would be up to an extension developer. The new behavior can be
useful in some cases. Forcing it by default could lead to unwanted
results.
> I think there is a fundamental question that should be solved before - what
> is a risk of canceling bgworker? The possible reply is so there is not any
> risk for correctly implemented bgworkers. And then there is a question if
> we still need the flag INTERRUPTIBLE? My opinion for this case is probably
> yes, because cancelling can introduce some bigger latency.
I can think about two reasons at the top of my mind, at least:
1) Making the background workers non-interruptible is the default
behavior that we have since 9.3. Changing the default by allowin
these to be interrupted could lead to a silent behavior change that
extension developers are not aware of because the bgworker lubrary
code would still be compiled as-is, and would still be able to start
correctly. This links to my second point.
2) Operator error, and these tend to happen a lot. Somebody with the
right to create a database could decide to use as template a database
that a bgworker is linked to, leading to failures with operations
background workers expect to be able to achieve while online if we
change the default, because it does things that are critical and
should not be interrupted (one could compare that to what an
autovacuum worker does with an antiwraparound work, perhaps, which
cannot be interrupted).
As a whole, I think that we have more advantages in keeping the
default, making the possibility to make a bgworker interruptible an
opt-in choice is extra cream that can be added on top of a cake, and
one is free to add the extra cream to their portion of the cake.
ok
Regards
Pavel
--
Michael
pgsql-hackers by date: