Thread: auto-reconnect: temp schemas, sequences, transactions
Hi, If I understand correctly, Tom's reply in: http://archives.postgresql.org/pgsql-general/2007-06/msg01668.php suggests that temp schemas are kept when a session gets disconnected because connections get automatically re-established with the same backend id, and if this succeeds the old temp tables get picked up by the new connection as if there was no disconnection at all. However, it seems that the same does not happen for currval of sequences? This is quite inconvenient, I must say (in some situations our re-established connection is basically useless... and it even does not "know" about it...). For my information: what happens if the disconnect (due to another client process dying) happened during a transaction? After reconnect are we again in the middle of the previous transaction? (Or does something else happen, e.g. the transaction continues until "commit" and only then the session actually disconnects?) I'm anxiously assuming that it's not like the next queries after reconnection will happily be executed outside of a transaction, but I haven't found much (recent) info on the subject. Best, ~Marek =# select version(); version --------------------------------------------------------------------------------------- PostgreSQL 8.4.4 on x86_64-unknown-linux-gnu, compiled by GCC gcc (GCC) 4.4.4, 64-bit (1 row
Marek =?utf-8?q?Wi=C4=99ckowski?= <wieckom@foxi.nl> writes: > If I understand correctly, Tom's reply in: > http://archives.postgresql.org/pgsql-general/2007-06/msg01668.php suggests > that temp schemas are kept when a session gets disconnected because > connections get automatically re-established with the same backend id, and if > this succeeds the old temp tables get picked up by the new connection as if > there was no disconnection at all. Uh, no, surely not. The schema itself is re-used if it exists, but all the contained tables get flushed by the new session (if for some reason the old session failed to do that, as it would in case of a crash). Re-use of the schema object is just a minor implementation optimization --- there's no expectation that temp tables would ever survive into another session. regards, tom lane
Hi, On Monday 02 May 2011 16:43:54 Tom Lane wrote: > Marek Wieckowski <wieckom@foxi.nl> writes: > > If I understand correctly, Tom's reply in: > > http://archives.postgresql.org/pgsql-general/2007-06/msg01668.php > > suggests that temp schemas are kept when a session gets disconnected > > because connections get automatically re-established with the same > > backend id, and if this succeeds the old temp tables get picked up by the > > new connection as if there was no disconnection at all. > > Uh, no, surely not. The schema itself is re-used if it exists, but all > the contained tables get flushed by the new session (if for some reason > the old session failed to do that, as it would in case of a crash). Clear. Thanks for your answer. But what happens with a db transaction upon disconnect? If I have (say, in c++ code or a script): begin; query1; query2; query3; query4; query5; commit; (with possibly some extra c++ or script code in between queries), and somewhere at the time when query2 is being executed some other backend crashes; session gets disconnected and automatically connected: what would happen to next queries which would be executed by the external code (query3, 4 and so on)? They would not be executed outside of db transaction, wouldn't they? I would hope that they all keep failing up until next commit/rollback or something similar... Best, ~Marek
Marek =?utf-8?q?Wi=C4=99ckowski?= <wieckom@foxi.nl> writes: > But what happens with a db transaction upon disconnect? If I have (say, in c++ > code or a script): > begin; > query1; > query2; > query3; > query4; > query5; > commit; > (with possibly some extra c++ or script code in between queries), and > somewhere at the time when query2 is being executed some other backend > crashes; session gets disconnected and automatically connected: what would > happen to next queries which would be executed by the external code (query3, 4 > and so on)? They would not be executed outside of db transaction, wouldn't > they? I would hope that they all keep failing up until next commit/rollback or > something similar... Well, there will be no memory on the server side of any uncompleted queries. If the client-side logic tries to re-issue these queries after re-connecting, it would be up to that logic to be careful about what to reissue or not. Possibly this is a question for the author of your client library. regards, tom lane
On Monday 02 May 2011 17:32:26 Tom Lane wrote: > If the client-side logic tries to re-issue these queries > after re-connecting, it would be up to that logic to be careful about > what to reissue or not. Possibly this is a question for the author > of your client library. I see. So I have two use cases: 1) "my" client library; 2) psql :p Let's look briefly at psql, shall we? (I would look at what needs changing in "my" client library when I understand what is according to you a proper solution to psql.) If there is a script executed in psql there is no easy way to catch that psql has reconnected in the middle of it... The simplest example that could do a lot of damage would be a simple script executed in psql (by e.g. \i file_name or "psql -f"): begin; update test1 set value = value+1; update test1 set value = value+10; update test1 set value = value+100; commit; Obviously the intention is that all three queries succeed (values would be increased by 111) or all three fail (values not changed). See attached "orig" output: if backend dies just after the first query, then the next query triggers reconnect and psql does not execute it, but ... the third update query gets happily executed outside of transaction. So the result is that in this case value was increased by 100 - a really not expected (and possibly - very, very bad) result. I think it should be considered a problem which should be solved in psql. What follows is my rough solution => it does solve the problem, although there is probably a much easier way to solve it. Now, the problem is that psql (as well as any other client program/library) * would have hard time keeping track of whether its session is in a transaction; * libpq already does this for us, in conn->xactStatus; * but (because of check that conn->status == CONNECTION_OK in PQtransactionStatus() ) there is no way to get to the value of conn- >xactStatus once the connection is dead (i.e. to the last trans status of a now-disconnected connection).... You will probably have a much better idea, but what I did (see attached patch) is I removed the part of PQtransactionStatus(const PGconn *conn) which says that "if conn->status != CONNECTION_OK then returned value is PQTRANS_UNKNOWN". Thus the meaning of the function PQtransactionStatus() changes slightly (instead of "trans status of an active connection" it would mean now "trans status of an active connection or last trans status of a disconnected connection"), but the API and binary compatibility of libpq is preserved. Anyway, after this change I am able to get pre-disconnect trans status in psql just before reconnecting. And if we were in a transaction then after reconnecting I create immediately a trans-in-error (again, see a psql part of the attached patch; BTW: how to trigger an error in a way nicer than "select 1/0", preferably with a message? i.e., is there some libpq equivalent of "raise exception"?). See the "new" output in the attachment: the result is that, in the example I gave at the beginning of this mail, if there is a disconnect after the first update, then the second query triggers a reconnect, but we are in trans-in- error, so also all subsequent queries fail => it is as if a proper db transaction was rolled back. I think this is a much, much better behaviour of psql, is it? PS: It would be more straightforward to change PQreset() in a similar way instead of changing psql (PQreset has direct access to conn->xactStatus), but ofc PQreset() it's a part of public API of libpq; client code could in principle execute PQreset() when within a db transaction, and the expectation would be that after the call you get a "clean" new session. Still, maybe a not bad idea for the future would be to keep PQreset() as it is and add e.g. a PQreconnect() which would do basically the same but in the case the old connection was in transaction it would right away create a new trans-in-error in the new session? Well, just an idea => it would lead to even less handling in the client programs (like psql => it would just call PQreconnect() and not have to issue "begin + create and error"). Best, ~Marek
Attachment
Marek =?utf-8?q?Wi=C4=99ckowski?= <wieckom@foxi.nl> writes: > If there is a script executed in psql there is no easy way to catch that psql > has reconnected in the middle of it... As far as psql goes, it should certainly abandon executing any script file if it loses the connection. I rather thought it did already. See the bit just above where you propose patching: if (!pset.cur_cmd_interactive) { psql_error("connection to server was lost\n"); exit(EXIT_BADCONN); } regards, tom lane
On Wednesday 04 May 2011 18:04:16 Tom Lane wrote: > Marek Wieckowski <wieckom@foxi.nl> writes: > > If there is a script executed in psql there is no easy way to catch that > > psql has reconnected in the middle of it... > > As far as psql goes, it should certainly abandon executing any script > file if it loses the connection. I rather thought it did already. > See the bit just above where you propose patching: > > if (!pset.cur_cmd_interactive) > { > psql_error("connection to server was lost\n"); > exit(EXIT_BADCONN); > } Hmm, indeed, I've missed it. Clear for psql. And yes, I agree that for psql it is better to exit. Thanks for the answer. But for the library which I'm using, simply exiting/aborting is not an option (and this is why I was looking into this in the first place). There is a danger that client programs will continue issuing queries while believing that they are in a transaction... They do expect db errors and rolled back transactions, but not that their begin-commit section would be executed only partially. Solving this on the level of "my" library would solve it once for good (and the alternative sounds more complex: it would require exposing extra info to the programs using this library, and add handling of reconnect situation in each of these programs etc.). In my head, it wraps up to a following structure: In the library (which gives access to libpq functionality): 1. anytime we use db connection we would check if connection is OK; 2. if yes, we would ask for PQtransactionStatus() and keep a copy of returned status; 3. if not, we would try to reconnect, BUT based on (2.) we would know if before the connection was lost we were in a trans; 4. if we were in a trans before disconnect, then immediately after reconnecting we would create a trans-in-error. Does the above make sense to you? Any points of attention? Also, would you have any suggestion for how to create a trans-in-error in a way nicer than begin; select 1/0; preferably with a message? In other words, is there some libpq equivalent of "raise exception"? Best, ~Marek
Marek =?utf-8?q?Wi=C4=99ckowski?= <wieckom@foxi.nl> writes: > But for the library which I'm using, simply exiting/aborting is not an option > (and this is why I was looking into this in the first place). There is a > danger that client programs will continue issuing queries while believing that > they are in a transaction... They do expect db errors and rolled back > transactions, but not that their begin-commit section would be executed only > partially. Solving this on the level of "my" library would solve it once for > good (and the alternative sounds more complex: it would require exposing extra > info to the programs using this library, and add handling of reconnect > situation in each of these programs etc.). Well, I think it's foolish to imagine that a client library should try to do transparent reconnection: it's somewhere between difficult and impossible to keep track of all the server-side state that the application might be relying on, above and beyond the immediate problem of an unfinished transaction. It's almost always better to punt the problem back to the application, and let it decide whether to try again or just curl up and die. If you have server restarts occurring often enough that this seems useful to work on, then I submit that you have problems you ought to be fixing on the server side instead. regards, tom lane
On Wed, May 04, 2011 at 07:03:31PM +0200, Marek Więckowski wrote: > (and this is why I was looking into this in the first place). There is a > danger that client programs will continue issuing queries while believing that > they are in a transaction... They do expect db errors and rolled back > transactions, but not that their begin-commit section would be executed only > partially. I don't understand. If they are prepared for errors, then if they have any error they have to roll back to the beginning of the savepoint or the transaction if there's no savepoint. What is this "partial execution" of which you speak? Nothing is partially executed: if the transaction rolls back, everything is lost. > good (and the alternative sounds more complex: it would require exposing extra > info to the programs using this library, and add handling of reconnect > situation in each of these programs etc.). [. . .] > 4. if we were in a trans before disconnect, then immediately after > reconnecting we would create a trans-in-error. You're going to have to expose trans-in-error to the client anyway. What's the difference between that and exposing the program to needing to fix its connection? A -- Andrew Sullivan ajs@crankycanuck.ca
Hi, Just to sum things up: On Wednesday 04 May 2011 19:21:42 Tom Lane wrote: > Well, I think it's foolish to imagine that a client library should try > to do transparent reconnection: it's somewhere between difficult and > impossible to keep track of all the server-side state that the > application might be relying on, above and beyond the immediate problem > of an unfinished transaction. After sleeping on it - I now agree 100%. (A simple example would be savepoints... The idea to try to create "trans in error" was silly, I must say.) > It's almost always better to punt the problem back to the application, > and let it decide whether to try again or just curl up and die. Yes. I dug into it a bit more and I have found the magic place where the library which I'm using did a silent reconnection in the background. Now I think this is the place which is wrong - if connection is not re-established applications have a chance to notice that something went wrong and react appropriately (do a proper clean-up, or reconnect, or abort etc.). > If you have server restarts occurring often enough that this seems > useful to work on, then I submit that you have problems you ought to be > fixing on the server side instead. Agreed. For your information, it does not happen that often, but when it did (once in two years...) was scary enough to trigger an investigation. Tom, thank you very much for your help! Best, ~Marek