Thread: Multiple Postmasters - Automatic Shutdown -Tom Lane

Multiple Postmasters - Automatic Shutdown -Tom Lane

From
mlaks
Date:
Dear Gurus,

From Tom's comment in the Automatic Shutdown thread - that postmaster and the
backend interpret SIGTERM as a fast shutdown request, I can now understand
why Bruno Wolff's usage of the "daemontools" "svc -d" command which sends a
SIGTERM signal to the postmaster is an ok thing to do, while "svc -k" which
sends SIGKILL would be (of course) forbidden.

However, if I may persist in asking Tom and Bruno to clarify what you have
told me  till now.

I am sorry to keep asking for clarification, but I am in a bit of a bind. I
read your response cautioning me from shooting myself in the foot by creating
a script that might possibly erase the lock file and lead to duplicate
postmasters making changes to the same data directory.

I also searched the archives and read a very clear comment Tom  made to
someone in Jan 2003

*****
The real risk of having a script that automatically removes the
postmaster.pid file is that the script might get run after the
postmaster has started.

Even then, you're not necessarily hosed; but you no longer have any
protection against accidentally starting a second postmaster in the same
database directory.  (Which would be disastrous: the two postmasters
won't know about each other and will make unsynchronized changes in the
database.)

Note also that under most circumstances, a stale postmaster.pid file
should not prevent the postmaster from starting (because it will ignore
the old .pid file if it can see that there is no process with that PID
alive anymore).  The case where you lose is only when there is another
process running that by chance has the same PID that was assigned to the
old postmaster on the system's previous uptime cycle.  The postmaster
can't tell that such a process isn't really a conflicting postmaster,
so it gives up for safety's sake.

If you can be absolutely certain that your script will *only* get run
early in system boot, then having it remove postmaster.pid is arguably
a reasonable thing to do.  (Putting "rm postmaster.pid" into the startup
script for the postmaster itself would not be reasonable, since you
might well use that script to restart the postmaster --- with the rm in
place, you've just fried the interlock against starting two postmasters.)

Whether the benefits outweigh the risks is up to you to decide.
****

My situation is a bit unique. My machine is a dedicated machine that will run
only one /usr/bin/postmaster. It runs a single application depending upon the
database being up. It will have only one set of Postgresql databases. My goal
is to keep Postgresql and the application that depends upon it always up.

My idea is to use DJ bernstein's "daemontools", to monitor the postmaster,  as
well as to monitor, separately, my application that depends upon it. If they
go down, for some reason, I want daemontools to  restart them.

I am putting myself in the situation where the following shell script will run
to initialize the postmaster process,
however it may possibly be rerun!!! an unlimited number of times !!!!if the
process!!!! /usr/bin/postmaster goes down
namely

[this file is called the ./run file in daemontools. it is "supervised" to make
sure it is always running by the supervise program]

_______________________
#!/usr/bin/sh
pid = $(pidof -s /usr/bin/postmaster)
if [ pid]
    then echo $" Postmaster is already running."
else
rm -f /tmp/.s.PSQL.* > /dev/null
rm -f /var/lib/pgsql/data/postmaster.pid > /dev/null
exec 2>&1
exec setuidgid postgres /usr/bin/postmaster -D /var/lib/pgsql/data
fi
______________________

I copied the clause

pid = $(pidof -s /usr/bin/postmaster)
if [ pid]
    then echo $" Postmaster is already running."
else

from Lamar Owen's postgresql service script on RedHat linux.
(Q. why does he put echo  $" Postmaster is already running " instead of just
echo "Postmaster is already running" ?)

I need your expert opinion. I am a complete ignoramous about this. In your
wide experience,
In this very restricted circumstance, even though I am violating Tom's rule of
running the
rm -f /var/lib/pgsql/data/postmaster.pid beyond boot time, will I possibly
start 2 postmasters at once?
Am I shooting myself in the foot?

Kapow!

Mitchell


Re: Multiple Postmasters - Automatic Shutdown -Tom Lane

From
Bruno Wolff III
Date:
On Fri, May 09, 2003 at 09:47:26 -0400,
  mlaks <mlaks@bellatlantic.net> wrote:
>
> I copied the clause
>
> pid = $(pidof -s /usr/bin/postmaster)
> if [ pid]
>     then echo $" Postmaster is already running."
> else
>
> from Lamar Owen's postgresql service script on RedHat linux.
> (Q. why does he put echo  $" Postmaster is already running " instead of just
> echo "Postmaster is already running" ?)

I am not sure what the $ does there.

> I need your expert opinion. I am a complete ignoramous about this. In your
> wide experience,
> In this very restricted circumstance, even though I am violating Tom's rule of
> running the
> rm -f /var/lib/pgsql/data/postmaster.pid beyond boot time, will I possibly
> start 2 postmasters at once?
> Am I shooting myself in the foot?

Doing this at boot time before running svscan is reasonable. You know
postmaster shouldn't be running at that point. This is also a case when
you are likely to get a spurious conflict as the process id given to
postmaster in the last reboot is likely to be low and if there is some
varience in the boot process some other process might get it this time
and prevent postmaster from coming up.
I wouldn't remove the lockfile in the run file as that isn't likely to
benefit you and might cause serious problems for you.