Re: [GENERAL] pg on Debian servers - Mailing list pgsql-general

From Mark Morgan Lloyd
Subject Re: [GENERAL] pg on Debian servers
Date
Msg-id oubukk$pu8$1@pye-srv-01.telemetry.co.uk
Whole thread Raw
In response to Re: [GENERAL] pg on Debian servers  (Karsten Hilbert <Karsten.Hilbert@gmx.net>)
List pgsql-general
On 12/11/17 19:15, Karsten Hilbert wrote:
> On Sat, Nov 11, 2017 at 01:03:18PM +0000, Mark Morgan Lloyd wrote:
> 
>> Several legacy programs written in Delphi ground to a halt this morning,
>> which turned out to be because a Debian system had updated its copy of
>> PostgreSQL and restarted the server, which broke any live connections.
>>
>> At least some versions of Delphi, not to mention other IDE/RAD tools with
>> database-aware components, don't automatically try to reestablish a database
>> session that's been interrupted. In any event, an unexpected server restart
>> (irrespective of all investment in UPSes etc.) has the potential of playing
>> havoc on a clustered system.
>>
>> Is there any way that either the package maintainer or a site
>> administrator/programmer such as myself can mark the Postgres server
>> packages as "manual upgrade only" or similar? Or since I'm almost certainly
>> not the first person to be bitten by this, is there a preferred hack in
>> mitigation?
> 
> Apart from that (putting packages on hold), PostgreSQL
> updates on Debian don't upgrade existing clusters
> automatically. They do create a new cluster but the old one
> is kept around and stays running, IIRC even on the very same
> port.
> 
> (Having gone all the way from PG 7.1 to PG 10 on Debian :)

With the caveat that Debian has only comparatively-recently introduced 
unattended updates as the default... I think only with Stretch. If 
you're still on Jessie you can yet be saved :-)

> What did
> 
>     pg_lsclusters
> 
> say ?

I don't have it from the time of the problem, but currently it gives me

Ver Cluster Port Status Owner    Data directory               Log file
9.6 main    5432 online postgres /var/lib/postgresql/9.6/main 
/var/log/postgresql/postgresql-9.6-main.log

i.e. a single-server system, although I've since done a manual restart 
so that I could change some DIMMs.

However syslog and postgresql-9.6-main.log show me this:

Nov 11 06:27:38 postgres1 systemd[1]: Starting Daily apt upgrade and 
clean activities...
Nov 11 06:28:05 postgres1 systemd[1]: Reloading.
Nov 11 06:28:07 postgres1 systemd[1]: Reloading.
Nov 11 06:28:07 postgres1 systemd[1]: Stopped PostgreSQL RDBMS.
Nov 11 06:28:07 postgres1 systemd[1]: Stopping PostgreSQL Cluster 
9.6-main...
Nov 11 06:28:08 postgres1 systemd[1]: Stopped PostgreSQL Cluster 9.6-main.
Nov 11 06:28:10 postgres1 systemd[1]: Reloading.

2017-11-11 06:28:07.587 UTC [675] LOG:  received fast shutdown request
2017-11-11 06:28:07.587 UTC [675] LOG:  aborting any active transactions
[Session names here]
2017-11-11 06:28:07.607 UTC [730] LOG:  autovacuum launcher shutting down
[More session names here]
2017-11-11 06:28:07.680 UTC [727] LOG:  shutting down
2017-11-11 06:28:07.984 UTC [675] LOG:  database system is shut down
2017-11-11 06:28:13.039 UTC [11122] LOG:  database system was shut down 
at 2017-11-11 06:28:07 UTC
2017-11-11 06:28:13.081 UTC [11122] LOG:  MultiXact member wraparound 
protections are now enabled
2017-11-11 06:28:13.085 UTC [11126] LOG:  autovacuum launcher started
2017-11-11 06:28:13.085 UTC [11121] LOG:  database system is ready to 
accept connections
2017-11-11 06:28:13.371 UTC [11128] [unknown]@[unknown] LOG:  incomplete 
startup packet

All live applications saw that as a loss of database connectivity, yet 
when I was alerted by their squeals of anguish (MIDI on app servers has 
its uses :-) I found the database server running and accepting connections.

> There must have been something additional at play.

The apps are written in Delphi, I admit not a very recent version and 
they're due to be converted to Lazarus which is an open-source and 
portable clone. I'll defend my choice of language since it is, 
basically, the best "4GL" you'll find.

However one flaw of Delphi etc. is that they assume that they can safely 
hold a database session open for an extended period. I can't speak for 
Delphi any more since it has, basically, priced itself out of our league 
particularly taking into account its lack of portability, but 
FPC/Lazarus appears to have something which is intended to reconnect a 
lost session, although it's so far unimplemented.

So I've got multiple options for fixing this at the application level: 
either fill in the unimplemented bit of the database control in the 
Lazarus Class Library, or prevent apps from holding database connections 
open. But the real problem, I feel, is that Debian is enabling 
unattended upgrades without checking with the user, and while an 
attended upgrade normally asks for confirmation before restarting a 
daemon an unattended one doesn't.

-- 
Mark Morgan Lloyd
markMLl .AT. telemetry.co .DOT. uk

[Opinions above are the author's, not those of his employers or colleagues]


-- 
Sent via pgsql-general mailing list (pgsql-general@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-general

pgsql-general by date:

Previous
From: Dinesh kumar
Date:
Subject: Re: [GENERAL] sync the data's from catalog table
Next
From: Adrien Nayrat
Date:
Subject: Re: [GENERAL] PG-10 + ICU and abbreviated keys