From d7518bf1032afda761fb679fbd132542f7e02533 Mon Sep 17 00:00:00 2001 From: Amul Sul Date: Fri, 19 Jun 2020 06:29:36 -0400 Subject: [PATCH v30 3/5] Implement wal prohibit state using global barrier. Implementation: 1. A user tries to change server state to WAL-Prohibited by calling pg_prohibit_wal(true) sql function, the current state generation to inprogress in shared memory marked and signaled checkpointer process. Checkpointer process by noticing that the current state transition, emits the barrier request, and then acknowledges back to the backend who requested the state change once the transition has been completed. Final state will be updated in control file to make it persistent across the system restarts. 2. When a backend receives the WAL-Prohibited barrier, at that moment if it is already in a transaction and the transaction already assigned XID, then the backend will be killed by throwing FATAL(XXX: need more discussion on this) 3. Otherwise, if that backend running transaction without valid XID then, we don't need to do anything special right now, simply call ResetLocalXLogInsertAllowed() so that any future WAL insert in will check XLogInsertAllowed() first which set WAL prohibited state appropriately. 4. A new transaction (in an existing or in a new backend) starts as a read-only transaction. 5. Autovacuum launcher as well as checkpointer will not do anything in WAL-Prohibited server state until someone wakes us up. E.g. a backend might later on request us to put the system back where WAL is no longer prohibited. 6. At shutdown in WAL-Prohibited mode, we'll skip shutdown checkpoint and xlog rotation. Starting up again will perform crash recovery but the end-of-recovery checkpoint, necessary WAL write to start a server normally will be skipped and it will be performed when the system changed to WAL is no longer prohibited. 7. Altering WAL-Prohibited mode is restricted on standby server. 8. The presence of recovery.signal and/or recovery.signal file will implicitly pull out the server from the WAL prohibited state permanently. 9. Add wal_prohibited GUC show the system state -- will be "on" when system is WAL prohibited. --- src/backend/access/transam/Makefile | 1 + src/backend/access/transam/walprohibit.c | 482 +++++++++++++++++++++++ src/backend/access/transam/xact.c | 36 +- src/backend/access/transam/xlog.c | 167 ++++++-- src/backend/catalog/system_functions.sql | 2 + src/backend/commands/variable.c | 7 + src/backend/postmaster/autovacuum.c | 9 +- src/backend/postmaster/bgwriter.c | 2 +- src/backend/postmaster/checkpointer.c | 20 + src/backend/storage/ipc/ipci.c | 6 + src/backend/storage/ipc/procsignal.c | 24 +- src/backend/storage/lmgr/lock.c | 6 +- src/backend/storage/sync/sync.c | 30 +- src/backend/tcop/utility.c | 1 + src/backend/utils/activity/wait_event.c | 6 + src/backend/utils/misc/guc.c | 27 ++ src/bin/pg_controldata/pg_controldata.c | 2 + src/include/access/walprohibit.h | 59 +++ src/include/access/xlog.h | 14 + src/include/catalog/pg_control.h | 3 + src/include/catalog/pg_proc.dat | 4 + src/include/postmaster/bgwriter.h | 2 + src/include/storage/procsignal.h | 7 +- src/include/utils/wait_event.h | 4 +- src/tools/pgindent/typedefs.list | 1 + 25 files changed, 843 insertions(+), 79 deletions(-) create mode 100644 src/backend/access/transam/walprohibit.c create mode 100644 src/include/access/walprohibit.h diff --git a/src/backend/access/transam/Makefile b/src/backend/access/transam/Makefile index 595e02de722..b5322a69954 100644 --- a/src/backend/access/transam/Makefile +++ b/src/backend/access/transam/Makefile @@ -26,6 +26,7 @@ OBJS = \ twophase.o \ twophase_rmgr.o \ varsup.o \ + walprohibit.o \ xact.o \ xlog.o \ xlogarchive.o \ diff --git a/src/backend/access/transam/walprohibit.c b/src/backend/access/transam/walprohibit.c new file mode 100644 index 00000000000..eb0e51301d9 --- /dev/null +++ b/src/backend/access/transam/walprohibit.c @@ -0,0 +1,482 @@ +/*------------------------------------------------------------------------- + * + * walprohibit.c + * PostgreSQL write-ahead log prohibit states + * + * + * Portions Copyright (c) 2021, PostgreSQL Global Development Group + * + * src/backend/access/transam/walprohibit.c + * + *------------------------------------------------------------------------- + */ + +#include "postgres.h" + +#include "access/walprohibit.h" +#include "fmgr.h" +#include "pgstat.h" +#include "port/atomics.h" +#include "postmaster/bgwriter.h" +#include "postmaster/interrupt.h" +#include "storage/condition_variable.h" +#include "storage/procsignal.h" +#include "storage/shmem.h" +#include "storage/latch.h" +#include "utils/acl.h" +#include "utils/fmgroids.h" +#include "utils/fmgrprotos.h" + +/* + * Private state. + */ +static bool HoldWALProhibitStateTransition = false; + +/* + * Shared-memory WAL prohibit state structure + */ +typedef struct WALProhibitData +{ + /* + * Indicates current WAL prohibit state counter and the last two bits of + * this counter indicates current wal prohibit state. + */ + pg_atomic_uint32 wal_prohibit_counter; + + /* Signaled when requested WAL prohibit state changes */ + ConditionVariable wal_prohibit_cv; +} WALProhibitData; + +static WALProhibitData *WALProhibit = NULL; + +static void CompleteWALProhibitChange(void); +static inline uint32 GetWALProhibitCounter(void); +static inline uint32 AdvanceWALProhibitStateCounter(void); + +/* + * ProcessBarrierWALProhibit() + * + * Force a backend to take an appropriate action when system wide WAL prohibit + * state is changing. + */ +bool +ProcessBarrierWALProhibit(void) +{ + /* + * Kill off any transactions that have an XID *before* allowing the system + * to go WAL prohibit state. + */ + if (FullTransactionIdIsValid(GetTopFullTransactionIdIfAny())) + { + /* + * Should be here only while transiting towards the WAL prohibit + * state. + */ + Assert(GetWALProhibitState(GetWALProhibitCounter()) == + WALPROHIBIT_STATE_GOING_READ_ONLY); + + /* + * XXX: Kill off the whole session by throwing FATAL instead of + * killing transaction by throwing ERROR due to following reasons that + * need be thought: + * + * 1. Due to some presents challenges with the wire protocol, we could + * not simply kill of idle transaction. + * + * 2. If we are here in subtransaction then the ERROR will kill the + * current subtransaction only. In the case of invalidations, that + * might be good enough, but for XID assignment it's not, because + * assigning an XID to a subtransaction also causes higher + * sub-transaction levels and the parent transaction to get XIDs. + */ + ereport(FATAL, + (errcode(ERRCODE_ACTIVE_SQL_TRANSACTION), + errmsg("WAL is now prohibited"), + errhint("Sessions with open write transactions must be terminated."))); + } + + /* Return to "check" state */ + ResetLocalXLogInsertAllowed(); + + return true; +} + +/* + * pg_prohibit_wal() + * + * SQL callable function to toggle WAL prohibit state. + */ +Datum +pg_prohibit_wal(PG_FUNCTION_ARGS) +{ + bool walprohibit = PG_GETARG_BOOL(0); + uint32 wal_prohibit_counter; + uint32 target_counter_value; + bool increment; + + /* WAL prohibit state changes not allowed during recovery. */ + PreventCommandDuringRecovery("pg_prohibit_wal()"); + + wal_prohibit_counter = GetWALProhibitCounter(); + + /* For more detail on state transition, see comment for WALProhibitState */ + switch (GetWALProhibitState(wal_prohibit_counter)) + { + case WALPROHIBIT_STATE_READ_WRITE: + if (!walprohibit) + PG_RETURN_VOID(); /* already in the requested state */ + increment = true; + break; + + case WALPROHIBIT_STATE_GOING_READ_WRITE: + if (walprohibit) + ereport(ERROR, + (errcode(ERRCODE_OBJECT_NOT_IN_PREREQUISITE_STATE), + errmsg("system state transition to WAL permission is already in progress"), + errhint("Try again after sometime."))); + increment = false; + break; + + case WALPROHIBIT_STATE_READ_ONLY: + if (walprohibit) + PG_RETURN_VOID(); /* already in the requested state */ + increment = true; + break; + + case WALPROHIBIT_STATE_GOING_READ_ONLY: + if (!walprohibit) + ereport(ERROR, + (errcode(ERRCODE_OBJECT_NOT_IN_PREREQUISITE_STATE), + errmsg("system state transition to WAL prohibition is already in progress"), + errhint("Try again after sometime."))); + increment = false; + break; + } + + if (increment) + wal_prohibit_counter = AdvanceWALProhibitStateCounter(); + target_counter_value = wal_prohibit_counter + 1; + +#ifdef USE_ASSERT_CHECKING + { + /* Target state must be the requested one. */ + WALProhibitState target_state = GetWALProhibitState(target_counter_value); + + Assert((walprohibit && target_state == WALPROHIBIT_STATE_READ_ONLY) || + (!walprohibit && target_state == WALPROHIBIT_STATE_READ_WRITE)); + } +#endif + + /* + * If in a standalone backend, just do it ourselves. + */ + if (!IsPostmasterEnvironment) + { + CompleteWALProhibitChange(); + PG_RETURN_VOID(); + } + + /* + * It is not a final state since we yet to convey this WAL prohibit state + * to all backend. Checkpointer will do that and update the shared memory + * wal prohibit state counter and control file. + */ + if (!SendSignalToCheckpointer(SIGUSR1)) + { + ereport(WARNING, + (errmsg("could not change system state now"), + errdetail("Checkpointer might not be running."), + errhint("The relaunched checkpointer process will automatically complete the system state change."))); + PG_RETURN_VOID(); /* no wait */ + } + + /* Wait for the state counter in shared memory to change. */ + ConditionVariablePrepareToSleep(&WALProhibit->wal_prohibit_cv); + + /* + * We'll be done once the wal prohibit state counter reaches to target + * value. + */ + while (GetWALProhibitCounter() < target_counter_value) + ConditionVariableSleep(&WALProhibit->wal_prohibit_cv, + WAIT_EVENT_WALPROHIBIT_STATE_CHANGE); + ConditionVariableCancelSleep(); + + PG_RETURN_VOID(); +} + +/* + * IsWALProhibited() + * + * Is the system still in WAL prohibited state? + */ +bool +IsWALProhibited(void) +{ + /* Other than read-write state will be considered as read-only */ + return (GetWALProhibitState(GetWALProhibitCounter()) != + WALPROHIBIT_STATE_READ_WRITE); +} + +/* + * CompleteWALProhibitChange() + * + * Complete WAL prohibit state transition. + * + * Based on the final WAL prohibited state to be transit, the in-memory state + * update decided to do before or after emitting global barrier. + * + * The idea behind this is that when we say the system is WAL prohibited, then + * WAL writes in all the backend should be prohibited, but when the system is + * no longer WAL prohibited, then it is not necessary to take out all backend + * from WAL prohibited state. No harm if we let those backend run as read-only + * for some more time until we emit the barrier since those might have + * connected when the system was in WAL prohibited state and might doing a + * read-only operation. Those who might connect now onward can immediately + * start read-write operations. + * + * Therefore, while moving the system to WAL is no longer prohibited, then set + * update system state immediately and emit barrier later. But, while moving + * the system to WAL prohibited then we emit the global barrier first to ensure + * that no backend do the WAL writes before we set system state to WAL + * prohibited. + */ +static void +CompleteWALProhibitChange(void) +{ + uint64 barrier_gen; + bool wal_prohibited; + + /* Fetch shared wal prohibit state counter */ + uint32 wal_prohibit_counter = GetWALProhibitCounter(); + WALProhibitState cur_state = GetWALProhibitState(wal_prohibit_counter); + + /* + * Must be called by Checkpointer. Otherwise, it must be single-user + * backend. + */ + Assert(AmCheckpointerProcess() || !IsPostmasterEnvironment); + + /* Should be here only in transition state */ + Assert(cur_state == WALPROHIBIT_STATE_GOING_READ_ONLY || + cur_state == WALPROHIBIT_STATE_GOING_READ_WRITE); + + wal_prohibited = (cur_state == WALPROHIBIT_STATE_GOING_READ_ONLY); + + /* + * Update control file to make the state persistent. + * + * Once wal prohibit state transition set then that needs to be completed. + * If the server crashes before the state completion, then the control file + * information will be used to set the final wal prohibit state on restart. + */ + SetControlFileWALProhibitFlag(wal_prohibited); + + /* Going out of WAL prohibited state then update state right away. */ + if (!wal_prohibited) + { + /* The operation to allow wal writes should be done by now */ + Assert(GetXLogWriteAllowedState() == XLOG_ACCEPT_WRITES_DONE); + + wal_prohibit_counter = AdvanceWALProhibitStateCounter(); + + /* + * Should have set counter for the final state where wal is no longer + * prohibited. + */ + Assert(GetWALProhibitState(wal_prohibit_counter) == + WALPROHIBIT_STATE_READ_WRITE); + } + + /* + * WAL prohibit state change is initiated. We need to complete the state + * transition by setting requested WAL prohibit state in all backends. + */ + elog(DEBUG1, "waiting for backends to adopt requested WAL prohibit state change"); + + /* Emit global barrier */ + barrier_gen = EmitProcSignalBarrier(PROCSIGNAL_BARRIER_WALPROHIBIT); + WaitForProcSignalBarrier(barrier_gen); + + /* + * Don't need to be too aggressive to flush XLOG data right away since + * XLogFlush is not restricted in the wal prohibited state as well. + */ + XLogFlush(GetXLogWriteRecPtr()); + + /* + * Increment wal prohibit state counter in share memory once the barrier has + * been processed by all the backend that ensures that all backends are in + * wal prohibited state. + */ + if (wal_prohibited) + { + /* + * There won't be any other process for the final state transition so that + * the shared wal prohibit state counter shouldn't have been changed by + * now. + */ + Assert(GetWALProhibitCounter() == wal_prohibit_counter); + + wal_prohibit_counter = AdvanceWALProhibitStateCounter(); + + /* Should have set counter for the final wal prohibited state */ + Assert(GetWALProhibitState(wal_prohibit_counter) == + WALPROHIBIT_STATE_READ_ONLY); + } + + if (wal_prohibited) + ereport(LOG, (errmsg("WAL is now prohibited"))); + else + ereport(LOG, (errmsg("WAL is no longer prohibited"))); + + /* Wake up all backends waiting on this. */ + ConditionVariableBroadcast(&WALProhibit->wal_prohibit_cv); +} + +/* + * AdvanceWALProhibitStateCounter() + * + * Increment wal prohibit counter by 1. + */ +static inline uint32 +AdvanceWALProhibitStateCounter(void) +{ + return pg_atomic_add_fetch_u32(&WALProhibit->wal_prohibit_counter, 1); +} + +/* + * ProcessWALProhibitStateChangeRequest() + */ +void +ProcessWALProhibitStateChangeRequest(void) +{ + /* Quick exit if the state transition is on hold */ + if (HoldWALProhibitStateTransition) + return; + + /* + * Must be called by the checkpointer process. Checkpointer has to be + * sure it has processed all pending wal prohibit state change requests as + * soon as possible. Since CreateCheckPoint and ProcessSyncRequests + * sometimes runs in non-checkpointer processes, do nothing if not + * checkpointer. + */ + if (!AmCheckpointerProcess()) + return; + + while (1) + { + WALProhibitState cur_state; + + /* Get the latest state */ + cur_state = GetWALProhibitState(GetWALProhibitCounter()); + + switch (cur_state) + { + case WALPROHIBIT_STATE_GOING_READ_WRITE: + + /* + * If the server is started in wal prohibited state then the + * required wal write operation in the startup process to + * start the server normally has been skipped, if it is, then + * does that right away. While doing that, hold off state + * transition to avoid a recursive call to process wal + * prohibit state transition from the end-of-recovery + * checkpoint. + */ + ResetLocalXLogInsertAllowed(); + HoldWALProhibitStateTransition = true; + XLogAcceptWrites(true, NULL, InvalidXLogRecPtr, 0); + + /* + * We need to update DBState explicitly like the startup process + * because end-of-recovery checkpoint would set db state to + * shutdown. + */ + SetControlFileDBState(DB_IN_PRODUCTION); + HoldWALProhibitStateTransition = false; + + /* fall through */ + + case WALPROHIBIT_STATE_GOING_READ_ONLY: + CompleteWALProhibitChange(); + break; + + case WALPROHIBIT_STATE_READ_ONLY: + { + int rc; + + /* + * Don't let Checkpointer process do anything until + * someone wakes it up. For example a backend might later + * on request us to put the system back to read-write + * state. + */ + rc = WaitLatch(MyLatch, WL_LATCH_SET | WL_POSTMASTER_DEATH, + -1, WAIT_EVENT_WALPROHIBIT_STATE); + + /* + * If the postmaster dies or a shutdown request is + * received, just bail out. + */ + if (rc & WL_POSTMASTER_DEATH || ShutdownRequestPending) + return; + } + break; + + case WALPROHIBIT_STATE_READ_WRITE: + return; /* Done */ + } + } +} + +/* + * GetWALProhibitCounter() + */ +static inline uint32 +GetWALProhibitCounter(void) +{ + return pg_atomic_read_u32(&WALProhibit->wal_prohibit_counter); +} + +/* + * WALProhibitStateCounterInit() + * + * Initialization of shared wal prohibit state counter. + */ +void +WALProhibitStateCounterInit(bool wal_prohibited) +{ + WALProhibitState new_state; + + Assert(AmStartupProcess() || !IsPostmasterEnvironment); + + new_state = wal_prohibited ? + WALPROHIBIT_STATE_READ_ONLY : WALPROHIBIT_STATE_READ_WRITE; + + pg_atomic_init_u32(&WALProhibit->wal_prohibit_counter, (uint32) new_state); +} + +/* + * WALProhibitStateShmemInit() + * + * Initialization of shared memory for WAL prohibit state. + */ +void +WALProhibitStateShmemInit(void) +{ + bool found; + + WALProhibit = (WALProhibitData *) + ShmemInitStruct("WAL Prohibit State", + sizeof(WALProhibitData), + &found); + + if (!found) + { + /* First time through ... */ + memset(WALProhibit, 0, sizeof(WALProhibitData)); + ConditionVariableInit(&WALProhibit->wal_prohibit_cv); + } +} diff --git a/src/backend/access/transam/xact.c b/src/backend/access/transam/xact.c index 441445927e8..6c609e0e4b4 100644 --- a/src/backend/access/transam/xact.c +++ b/src/backend/access/transam/xact.c @@ -1962,23 +1962,27 @@ StartTransaction(void) Assert(s->prevSecContext == 0); /* - * Make sure we've reset xact state variables + * Reset xact state variables. * - * If recovery is still in progress, mark this transaction as read-only. - * We have lower level defences in XLogInsert and elsewhere to stop us - * from modifying data during recovery, but this gives the normal - * indication to the user that the transaction is read-only. - */ - if (RecoveryInProgress()) - { - s->startedInRecovery = true; - XactReadOnly = true; - } - else - { - s->startedInRecovery = false; - XactReadOnly = DefaultXactReadOnly; - } + * If it is not currently possible to insert write-ahead log records, either + * because we are still in recovery or because pg_prohibit_wal() function + * has been executed, force this to be a read-only transaction. We have + * lower level defences in XLogBeginInsert() and elsewhere to stop us from + * modifying data during recovery when !XLogInsertAllowed(), but this gives + * the normal indication to the user that the transaction is read-only. + * + * On the other hand, we only need to set the startedInRecovery flag when + * the transaction started during recovery, and not when WAL is otherwise + * prohibited. This information is used by RelationGetIndexScan() to decide + * whether to permit (1) relying on existing killed-tuple markings and (2) + * further killing of index tuples. Even when WAL is prohibited on the + * master, it's still the master, so the former is OK; and since killing + * index tuples doesn't generate WAL, the latter is also OK. See comments + * in RelationGetIndexScan() and MarkBufferDirtyHint(). + */ + XactReadOnly = DefaultXactReadOnly || !XLogInsertAllowed(); + s->startedInRecovery = RecoveryInProgress(); + XactDeferrable = DefaultXactDeferrable; XactIsoLevel = DefaultXactIsoLevel; forceSyncCommit = false; diff --git a/src/backend/access/transam/xlog.c b/src/backend/access/transam/xlog.c index ac50d567be9..91cbb54b206 100644 --- a/src/backend/access/transam/xlog.c +++ b/src/backend/access/transam/xlog.c @@ -31,6 +31,7 @@ #include "access/timeline.h" #include "access/transam.h" #include "access/twophase.h" +#include "access/walprohibit.h" #include "access/xact.h" #include "access/xlog_internal.h" #include "access/xlogarchive.h" @@ -247,9 +248,10 @@ static bool LocalPromoteIsTriggered = false; * 0: unconditionally not allowed to insert XLOG * -1: must check RecoveryInProgress(); disallow until it is false * Most processes start with -1 and transition to 1 after seeing that recovery - * is not in progress. But we can also force the value for special cases. - * The coding in XLogInsertAllowed() depends on the first two of these states - * being numerically the same as bool true and false. + * is not in progress or the server state is not a WAL prohibited state. But + * we can also force the value for special cases. The coding in + * XLogInsertAllowed() depends on the first two of these states being + * numerically the same as bool true and false. */ static int LocalXLogInsertAllowed = -1; @@ -731,6 +733,12 @@ typedef struct XLogCtlData */ XLogRecPtr lastFpwDisableRecPtr; + /* + * xlogAllowWritesState indicates the state of the last recovery checkpoint + * and required wal write to start the normal server. + */ + XLogAcceptWritesState SharedXLogAllowWritesState; + slock_t info_lck; /* locks shared variables shown above */ } XLogCtlData; @@ -980,9 +988,6 @@ static void WALInsertLockAcquireExclusive(void); static void WALInsertLockRelease(void); static void WALInsertLockUpdateInsertingAt(XLogRecPtr insertingAt); -static bool XLogAcceptWrites(XLogReaderState *xlogreader, XLogRecPtr EndOfLog, - TimeLineID EndOfLogTLI); - /* * Insert an XLOG record represented by an already-constructed chain of data * chunks. This is a low-level routine; to construct the WAL record header @@ -5226,6 +5231,7 @@ XLOGShmemInit(void) XLogCtl->SharedHotStandbyActive = false; XLogCtl->SharedPromoteIsTriggered = false; XLogCtl->WalWriterSleeping = false; + XLogCtl->SharedXLogAllowWritesState = XLOG_ACCEPT_WRITES_PENDING; SpinLockInit(&XLogCtl->Insert.insertpos_lck); SpinLockInit(&XLogCtl->info_lck); @@ -6249,6 +6255,15 @@ SetLatestXTime(TimestampTz xtime) SpinLockRelease(&XLogCtl->info_lck); } +/* + * Fetch latest state of allow WAL writes. + */ +XLogAcceptWritesState +GetXLogWriteAllowedState(void) +{ + return ((volatile XLogCtlData *) XLogCtl)->SharedXLogAllowWritesState; +} + /* * Fetch timestamp of latest processed commit/abort record. */ @@ -6614,13 +6629,30 @@ StartupXLOG(void) (errmsg("starting archive recovery"))); } - /* - * Take ownership of the wakeup latch if we're going to sleep during - * recovery. - */ if (ArchiveRecoveryRequested) + { + /* + * Take ownership of the wakeup latch if we're going to sleep during + * recovery. + */ OwnLatch(&XLogCtl->recoveryWakeupLatch); + /* + * Since archive recovery is requested, we cannot be in a wal prohibited + * state. + */ + if (ControlFile->wal_prohibited) + { + /* No need to hold ControlFileLock yet, we aren't up far enough */ + ControlFile->wal_prohibited = false; + ControlFile->time = (pg_time_t) time(NULL); + UpdateControlFile(); + + ereport(LOG, + (errmsg("clearing WAL prohibition because the system is in archive recovery"))); + } + } + /* Set up XLOG reader facility */ MemSet(&private, 0, sizeof(XLogPageReadPrivate)); xlogreader = @@ -7897,7 +7929,31 @@ StartupXLOG(void) if (standbyState != STANDBY_DISABLED) ShutdownRecoveryTransactionEnvironment(); - promoted = XLogAcceptWrites(xlogreader, EndOfLog, EndOfLogTLI); + /* + * Before enabling WAL insertion, initialize WAL prohibit state in shared + * memory that will decide the further WAL insert should be allowed or + * not. + */ + WALProhibitStateCounterInit(ControlFile->wal_prohibited); + + /* + * Skip wal writes and end of recovery checkpoint if the system is in WAL + * prohibited state. + */ + if (IsWALProhibited()) + { + /* + * We do start in recovery since at shutdown in wal prohibit state we + * skip shutdown checkpoint, that forces recovery on restart. + */ + Assert(InRecovery); + XLogCtl->SharedXLogAllowWritesState = XLOG_ACCEPT_WRITES_SKIPPED; + + ereport(LOG, + (errmsg("skipping startup checkpoint because the WAL is now prohibited"))); + } + else + promoted = XLogAcceptWrites(InRecovery, xlogreader, EndOfLog, EndOfLogTLI); /* * Okay, we're officially UP. @@ -7958,14 +8014,29 @@ StartupXLOG(void) * Performs necessary WAL writes that must be done before any other backends are * allowed to write a WAL records when the server starts. */ -static bool -XLogAcceptWrites(XLogReaderState *xlogreader, XLogRecPtr EndOfLog, - TimeLineID EndOfLogTLI) +bool +XLogAcceptWrites(bool needChkpt, XLogReaderState *xlogreader, + XLogRecPtr EndOfLog, TimeLineID EndOfLogTLI) { bool promoted = false; - /* Only Startup or standalone backend allowed to be here. */ - Assert(AmStartupProcess() || !IsPostmasterEnvironment); + /* Only Startup or checkpointer or standalone backend allowed to be here. */ + Assert(AmStartupProcess() || AmCheckpointerProcess() || + !IsPostmasterEnvironment); + + /* + * If required wal writes to start server normally are performed already + * then we are done. + */ + if (GetXLogWriteAllowedState() == XLOG_ACCEPT_WRITES_DONE) + return promoted; + + /* + * If the system in wal prohibited state, then only the checkpointer process + * should be here to complete this operation which might have skipped + * previously while booting the system in WAL prohibited state. + */ + Assert(!IsWALProhibited() || AmCheckpointerProcess()); /* * Write an XLOG_FPW_CHANGE record before resource manager writes cleanup @@ -7975,7 +8046,7 @@ XLogAcceptWrites(XLogReaderState *xlogreader, XLogRecPtr EndOfLog, UpdateFullPageWrites(); LocalXLogInsertAllowed = -1; - if (InRecovery) + if (needChkpt) { /* * Perform a checkpoint to update all our recovery activity to disk. @@ -8131,6 +8202,12 @@ XLogAcceptWrites(XLogReaderState *xlogreader, XLogRecPtr EndOfLog, */ CompleteCommitTsInitialization(); + /* + * Spinlock protection isn't needed since only one process will be updating + * this value at a time. + */ + XLogCtl->SharedXLogAllowWritesState = XLOG_ACCEPT_WRITES_DONE; + return promoted; } @@ -8145,6 +8222,17 @@ SetControlFileDBState(DBState state) LWLockRelease(ControlFileLock); } +/* Set ControlFile's WAL prohibit flag */ +void +SetControlFileWALProhibitFlag(bool walProhibited) +{ + LWLockAcquire(ControlFileLock, LW_EXCLUSIVE); + ControlFile->wal_prohibited = walProhibited; + ControlFile->time = (pg_time_t) time(NULL); + UpdateControlFile(); + LWLockRelease(ControlFileLock); +} + /* * Checks if recovery has reached a consistent state. When consistency is * reached and we have a valid starting standby snapshot, tell postmaster @@ -8359,9 +8447,9 @@ HotStandbyActiveInReplay(void) /* * Is this process allowed to insert new WAL records? * - * Ordinarily this is essentially equivalent to !RecoveryInProgress(). - * But we also have provisions for forcing the result "true" or "false" - * within specific processes regardless of the global state. + * Ordinarily this is essentially equivalent to !RecoveryInProgress() and + * !IsWALProhibited(). But we also have provisions for forcing the result + * "true" or "false" within specific processes regardless of the global state. */ bool XLogInsertAllowed(void) @@ -8380,9 +8468,20 @@ XLogInsertAllowed(void) if (RecoveryInProgress()) return false; + /* Or, in WAL prohibited state */ + if (IsWALProhibited()) + { + /* + * Set it to "unconditionally false" to avoid checking until it gets + * reset. + */ + LocalXLogInsertAllowed = 0; + return false; + } + /* - * On exit from recovery, reset to "unconditionally true", since there is - * no need to keep checking. + * On exit from recovery or WAL prohibited state, reset to + * "unconditionally true", since there is no need to keep checking. */ LocalXLogInsertAllowed = 1; return true; @@ -8404,6 +8503,12 @@ LocalSetXLogInsertAllowed(void) InitXLOGAccess(); } +void +ResetLocalXLogInsertAllowed(void) +{ + LocalXLogInsertAllowed = -1; +} + /* * Subroutine to try to fetch and validate a prior checkpoint record. * @@ -8693,9 +8798,13 @@ ShutdownXLOG(int code, Datum arg) */ WalSndWaitStopping(); + /* + * The restartpoint, checkpoint, or xlog rotation will be performed if the + * WAL writing is permitted. + */ if (RecoveryInProgress()) CreateRestartPoint(CHECKPOINT_IS_SHUTDOWN | CHECKPOINT_IMMEDIATE); - else + else if (XLogInsertAllowed()) { /* * If archiving is enabled, rotate the last XLOG file so that all the @@ -8708,6 +8817,9 @@ ShutdownXLOG(int code, Datum arg) CreateCheckPoint(CHECKPOINT_IS_SHUTDOWN | CHECKPOINT_IMMEDIATE); } + else + ereport(LOG, + (errmsg("skipping shutdown checkpoint because the WAL is now prohibited"))); } /* @@ -8957,8 +9069,13 @@ CreateCheckPoint(int flags) shutdown = false; /* sanity check */ - if (RecoveryInProgress() && (flags & CHECKPOINT_END_OF_RECOVERY) == 0) - elog(ERROR, "can't create a checkpoint during recovery"); + if ((flags & CHECKPOINT_END_OF_RECOVERY) == 0) + { + if (RecoveryInProgress()) + elog(ERROR, "can't create a checkpoint during recovery"); + else if (!XLogInsertAllowed()) + elog(ERROR, "can't create a checkpoint while WAL is prohibited"); + } /* * Initialize InitXLogInsert working areas before entering the critical diff --git a/src/backend/catalog/system_functions.sql b/src/backend/catalog/system_functions.sql index a416e94d371..0934478188e 100644 --- a/src/backend/catalog/system_functions.sql +++ b/src/backend/catalog/system_functions.sql @@ -699,6 +699,8 @@ REVOKE EXECUTE ON FUNCTION pg_ls_dir(text) FROM public; REVOKE EXECUTE ON FUNCTION pg_ls_dir(text,boolean,boolean) FROM public; +REVOKE EXECUTE ON FUNCTION pg_prohibit_wal(bool) FROM public; + -- -- We also set up some things as accessible to standard roles. -- diff --git a/src/backend/commands/variable.c b/src/backend/commands/variable.c index 0c85679420c..833c7f5139b 100644 --- a/src/backend/commands/variable.c +++ b/src/backend/commands/variable.c @@ -508,6 +508,13 @@ check_transaction_read_only(bool *newval, void **extra, GucSource source) GUC_check_errmsg("cannot set transaction read-write mode during recovery"); return false; } + /* Can't go to r/w mode while WAL is prohibited */ + if (!XLogInsertAllowed()) + { + GUC_check_errcode(ERRCODE_FEATURE_NOT_SUPPORTED); + GUC_check_errmsg("cannot set transaction read-write mode while WAL is prohibited"); + return false; + } } return true; diff --git a/src/backend/postmaster/autovacuum.c b/src/backend/postmaster/autovacuum.c index d516df0ac5c..ec64394e81b 100644 --- a/src/backend/postmaster/autovacuum.c +++ b/src/backend/postmaster/autovacuum.c @@ -701,10 +701,13 @@ AutoVacLauncherMain(int argc, char *argv[]) /* * There are some conditions that we need to check before trying to - * start a worker. First, we need to make sure that there is a worker - * slot available. Second, we need to make sure that no other worker - * failed while starting up. + * start a worker. First, the system is not read only i.e. wal writes + * permitted. Second, we need to make sure that there is a worker slot + * available. Third, we need to make sure that no other worker failed + * while starting up. */ + if (!XLogInsertAllowed()) + continue; current_time = GetCurrentTimestamp(); LWLockAcquire(AutovacuumLock, LW_SHARED); diff --git a/src/backend/postmaster/bgwriter.c b/src/backend/postmaster/bgwriter.c index 715d5195bb6..5157237731c 100644 --- a/src/backend/postmaster/bgwriter.c +++ b/src/backend/postmaster/bgwriter.c @@ -278,7 +278,7 @@ BackgroundWriterMain(void) * Checkpointer, when active, is barely ever in its mainloop and thus * makes it hard to log regularly. */ - if (XLogStandbyInfoActive() && !RecoveryInProgress()) + if (XLogStandbyInfoActive() && XLogInsertAllowed()) { TimestampTz timeout = 0; TimestampTz now = GetCurrentTimestamp(); diff --git a/src/backend/postmaster/checkpointer.c b/src/backend/postmaster/checkpointer.c index 75a95f3de7a..84f6f694977 100644 --- a/src/backend/postmaster/checkpointer.c +++ b/src/backend/postmaster/checkpointer.c @@ -39,6 +39,7 @@ #include #include +#include "access/walprohibit.h" #include "access/xlog.h" #include "access/xlog_internal.h" #include "libpq/pqsignal.h" @@ -351,6 +352,7 @@ CheckpointerMain(void) */ AbsorbSyncRequests(); HandleCheckpointerInterrupts(); + ProcessWALProhibitStateChangeRequest(); /* * Detect a pending checkpoint request by checking whether the flags @@ -699,6 +701,9 @@ CheckpointWriteDelay(int flags, double progress) if (!AmCheckpointerProcess()) return; + /* Check for wal prohibit state change request */ + ProcessWALProhibitStateChangeRequest(); + /* * Perform the usual duties and take a nap, unless we're behind schedule, * in which case we just try to catch up as quickly as possible. @@ -1346,3 +1351,18 @@ FirstCallSinceLastCheckpoint(void) return FirstCall; } + +/* + * SendSignalToCheckpointer allows a process to send a signal to the checkpoint + * process. + */ +bool +SendSignalToCheckpointer(int signum) +{ + if (CheckpointerShmem->checkpointer_pid == 0) + return false; + + if (kill(CheckpointerShmem->checkpointer_pid, signum) != 0) + return false; + return true; /* Signaled checkpointer successfully */ +} diff --git a/src/backend/storage/ipc/ipci.c b/src/backend/storage/ipc/ipci.c index 3e4ec53a97e..fd3ffc80557 100644 --- a/src/backend/storage/ipc/ipci.c +++ b/src/backend/storage/ipc/ipci.c @@ -22,6 +22,7 @@ #include "access/subtrans.h" #include "access/syncscan.h" #include "access/twophase.h" +#include "access/walprohibit.h" #include "commands/async.h" #include "miscadmin.h" #include "pgstat.h" @@ -223,6 +224,11 @@ CreateSharedMemoryAndSemaphores(void) MultiXactShmemInit(); InitBufferPool(); + /* + * Set up wal probibit shared state + */ + WALProhibitStateShmemInit(); + /* * Set up lock manager */ diff --git a/src/backend/storage/ipc/procsignal.c b/src/backend/storage/ipc/procsignal.c index defb75aa26a..166f9fccabe 100644 --- a/src/backend/storage/ipc/procsignal.c +++ b/src/backend/storage/ipc/procsignal.c @@ -18,6 +18,7 @@ #include #include "access/parallel.h" +#include "access/walprohibit.h" #include "port/pg_bitutils.h" #include "commands/async.h" #include "miscadmin.h" @@ -101,7 +102,6 @@ static ProcSignalSlot *MyProcSignalSlot = NULL; static bool CheckProcSignal(ProcSignalReason reason); static void CleanupProcSignalState(int status, Datum arg); static void ResetProcSignalBarrierBits(uint32 flags); -static bool ProcessBarrierPlaceholder(void); /* * ProcSignalShmemSize @@ -527,8 +527,8 @@ ProcessProcSignalBarrier(void) type = (ProcSignalBarrierType) pg_rightmost_one_pos32(flags); switch (type) { - case PROCSIGNAL_BARRIER_PLACEHOLDER: - processed = ProcessBarrierPlaceholder(); + case PROCSIGNAL_BARRIER_WALPROHIBIT: + processed = ProcessBarrierWALProhibit(); break; } @@ -594,24 +594,6 @@ ResetProcSignalBarrierBits(uint32 flags) InterruptPending = true; } -static bool -ProcessBarrierPlaceholder(void) -{ - /* - * XXX. This is just a placeholder until the first real user of this - * machinery gets committed. Rename PROCSIGNAL_BARRIER_PLACEHOLDER to - * PROCSIGNAL_BARRIER_SOMETHING_ELSE where SOMETHING_ELSE is something - * appropriately descriptive. Get rid of this function and instead have - * ProcessBarrierSomethingElse. Most likely, that function should live in - * the file pertaining to that subsystem, rather than here. - * - * The return value should be 'true' if the barrier was successfully - * absorbed and 'false' if not. Note that returning 'false' can lead to - * very frequent retries, so try hard to make that an uncommon case. - */ - return true; -} - /* * CheckProcSignal - check to see if a particular reason has been * signaled, and clear the signal flag. Should be called after receiving diff --git a/src/backend/storage/lmgr/lock.c b/src/backend/storage/lmgr/lock.c index 108b4d90238..01a40d805ff 100644 --- a/src/backend/storage/lmgr/lock.c +++ b/src/backend/storage/lmgr/lock.c @@ -793,15 +793,15 @@ LockAcquireExtended(const LOCKTAG *locktag, if (lockmode <= 0 || lockmode > lockMethodTable->numLockModes) elog(ERROR, "unrecognized lock mode: %d", lockmode); - if (RecoveryInProgress() && !InRecovery && + if (!XLogInsertAllowed() && !InRecovery && (locktag->locktag_type == LOCKTAG_OBJECT || locktag->locktag_type == LOCKTAG_RELATION) && lockmode > RowExclusiveLock) ereport(ERROR, (errcode(ERRCODE_OBJECT_NOT_IN_PREREQUISITE_STATE), - errmsg("cannot acquire lock mode %s on database objects while recovery is in progress", + errmsg("cannot acquire lock mode %s on database objects while recovery is in progress or when WAL is prohibited", lockMethodTable->lockModeNames[lockmode]), - errhint("Only RowExclusiveLock or less can be acquired on database objects during recovery."))); + errhint("Only RowExclusiveLock or less can be acquired on database objects during recovery or when WAL is prohibited"))); #ifdef LOCK_DEBUG if (LOCK_DEBUG_ENABLED(locktag)) diff --git a/src/backend/storage/sync/sync.c b/src/backend/storage/sync/sync.c index bc3ceb27125..417662d28a1 100644 --- a/src/backend/storage/sync/sync.c +++ b/src/backend/storage/sync/sync.c @@ -21,6 +21,7 @@ #include "access/commit_ts.h" #include "access/clog.h" #include "access/multixact.h" +#include "access/walprohibit.h" #include "access/xlog.h" #include "access/xlogutils.h" #include "commands/tablespace.h" @@ -236,10 +237,17 @@ SyncPostCheckpoint(void) pfree(entry); /* - * As in ProcessSyncRequests, we don't want to stop absorbing fsync + * As in ProcessSyncRequests, we don't want to stop wal prohibit change * requests for a long time when there are many deletions to be done. - * We can safely call AbsorbSyncRequests() at this point in the loop - * (note it might try to delete list entries). + * It needs to be check and processed by checkpointer as soon as + * possible. + */ + ProcessWALProhibitStateChangeRequest(); + + /* + * Similarly, we don't want to stop absorbing fsync requests for the + * long time. We can safely call AbsorbSyncRequests() at this point in + * the loop (note it might try to delete list entries). */ if (--absorb_counter <= 0) { @@ -278,6 +286,9 @@ ProcessSyncRequests(void) if (!pendingOps) elog(ERROR, "cannot sync without a pendingOps table"); + /* Check for wal prohibit state change request for checkpointer */ + ProcessWALProhibitStateChangeRequest(); + /* * If we are in the checkpointer, the sync had better include all fsync * requests that were queued by backends up to this point. The tightest @@ -336,6 +347,13 @@ ProcessSyncRequests(void) { int failures; + /* + * Don't want to stop wal prohibit change requests for a long time when + * there are many fsync requests to be processed. It needs to be check + * and processed by checkpointer as soon as possible. + */ + ProcessWALProhibitStateChangeRequest(); + /* * If the entry is new then don't process it this time; it is new. * Note "continue" bypasses the hash-remove call at the bottom of the @@ -422,6 +440,12 @@ ProcessSyncRequests(void) errmsg_internal("could not fsync file \"%s\" but retrying: %m", path))); + /* + * For the same reason mentioned previously for the wal prohibit + * state change request check. + */ + ProcessWALProhibitStateChangeRequest(); + /* * Absorb incoming requests and check to see if a cancel * arrived for this relation fork. diff --git a/src/backend/tcop/utility.c b/src/backend/tcop/utility.c index 1a8fc167733..6996dac317a 100644 --- a/src/backend/tcop/utility.c +++ b/src/backend/tcop/utility.c @@ -19,6 +19,7 @@ #include "access/htup_details.h" #include "access/reloptions.h" #include "access/twophase.h" +#include "access/walprohibit.h" #include "access/xact.h" #include "access/xlog.h" #include "catalog/catalog.h" diff --git a/src/backend/utils/activity/wait_event.c b/src/backend/utils/activity/wait_event.c index 6baf67740c7..5a21fbbbbfa 100644 --- a/src/backend/utils/activity/wait_event.c +++ b/src/backend/utils/activity/wait_event.c @@ -726,6 +726,12 @@ pgstat_get_wait_io(WaitEventIO w) case WAIT_EVENT_LOGICAL_SUBXACT_WRITE: event_name = "LogicalSubxactWrite"; break; + case WAIT_EVENT_WALPROHIBIT_STATE: + event_name = "SystemWALProhibitState"; + break; + case WAIT_EVENT_WALPROHIBIT_STATE_CHANGE: + event_name = "SystemWALProhibitStateChange"; + break; /* no default case, so that compiler will warn */ } diff --git a/src/backend/utils/misc/guc.c b/src/backend/utils/misc/guc.c index 68b62d523dc..a9cd7adec2c 100644 --- a/src/backend/utils/misc/guc.c +++ b/src/backend/utils/misc/guc.c @@ -39,6 +39,7 @@ #include "access/toast_compression.h" #include "access/transam.h" #include "access/twophase.h" +#include "access/walprohibit.h" #include "access/xact.h" #include "access/xlog_internal.h" #include "catalog/namespace.h" @@ -234,6 +235,7 @@ static bool check_recovery_target_lsn(char **newval, void **extra, GucSource sou static void assign_recovery_target_lsn(const char *newval, void *extra); static bool check_primary_slot_name(char **newval, void **extra, GucSource source); static bool check_default_with_oids(bool *newval, void **extra, GucSource source); +static const char *show_wal_prohibited(void); /* Private functions in guc-file.l that need to be called from guc.c */ static ConfigVariable *ProcessConfigFileInternal(GucContext context, @@ -658,6 +660,7 @@ static char *recovery_target_string; static char *recovery_target_xid_string; static char *recovery_target_name_string; static char *recovery_target_lsn_string; +static bool wal_prohibited; /* should be static, but commands/variable.c needs to get at this */ @@ -2109,6 +2112,18 @@ static struct config_bool ConfigureNamesBool[] = NULL, NULL, NULL }, + { + /* Not for general use */ + {"wal_prohibited", PGC_INTERNAL, WAL_SETTINGS, + gettext_noop("Shows whether the WAL is prohibited."), + NULL, + GUC_NO_RESET_ALL | GUC_NOT_IN_SAMPLE | GUC_DISALLOW_IN_FILE + }, + &wal_prohibited, + false, + NULL, NULL, show_wal_prohibited + }, + /* End-of-list marker */ { {NULL, 0, 0, NULL, NULL}, NULL, false, NULL, NULL, NULL @@ -12519,4 +12534,16 @@ check_default_with_oids(bool *newval, void **extra, GucSource source) return true; } +/* + * NB: The return string should be the same as the _ShowOption() for boolean + * type. + */ +static const char * +show_wal_prohibited(void) +{ + if (IsWALProhibited()) + return "on"; + return "off"; +} + #include "guc-file.c" diff --git a/src/bin/pg_controldata/pg_controldata.c b/src/bin/pg_controldata/pg_controldata.c index f911f98d946..e4d99a50c06 100644 --- a/src/bin/pg_controldata/pg_controldata.c +++ b/src/bin/pg_controldata/pg_controldata.c @@ -284,6 +284,8 @@ main(int argc, char *argv[]) LSN_FORMAT_ARGS(ControlFile->backupEndPoint)); printf(_("End-of-backup record required: %s\n"), ControlFile->backupEndRequired ? _("yes") : _("no")); + printf(_("WAL write prohibited: %s\n"), + ControlFile->wal_prohibited ? _("yes") : _("no")); printf(_("wal_level setting: %s\n"), wal_level_str(ControlFile->wal_level)); printf(_("wal_log_hints setting: %s\n"), diff --git a/src/include/access/walprohibit.h b/src/include/access/walprohibit.h new file mode 100644 index 00000000000..ff77a68552c --- /dev/null +++ b/src/include/access/walprohibit.h @@ -0,0 +1,59 @@ +/* + * walprohibit.h + * + * PostgreSQL write-ahead log prohibit states + * + * Portions Copyright (c) 2021, PostgreSQL Global Development Group + * + * src/include/access/walprohibit.h + */ + +#ifndef WALPROHIBIT_H +#define WALPROHIBIT_H + +#include "access/xact.h" +#include "access/xlog.h" +#include "miscadmin.h" +#include "nodes/parsenodes.h" + +extern bool ProcessBarrierWALProhibit(void); +extern void MarkCheckPointSkippedInWalProhibitState(void); +extern void WALProhibitStateCounterInit(bool wal_prohibited); +extern void WALProhibitStateShmemInit(void); +extern bool IsWALProhibited(void); +extern void ProcessWALProhibitStateChangeRequest(void); + +/* + * WAL Prohibit States. + * + * There are four possible WAL states. A brand new database cluster is always + * initially WALPROHIBIT_STATE_READ_WRITE. If the user tries to make it read + * only, then we enter the state WALPROHIBIT_STATE_GOING_READ_ONLY. When the + * transition is complete, we enter the state WALPROHIBIT_STATE_READ_ONLY. If + * the user subsequently tries to make it read write, we will enter the state + * WALPROHIBIT_STATE_GOING_READ_WRITE. When that transition is complete, we + * will enter the state WALPROHIBIT_STATE_READ_WRITE. These four state + * transitions are the only ones possible; for example, if we're currently in + * state WALPROHIBIT_STATE_GOING_READ_ONLY, an attempt to go read-write will + * produce an error, and a second attempt to go read-only will not cause a state + * change. Thus, we can represent the state as a shared-memory counter whose + * value only ever changes by adding 1. The initial value at postmaster startup + * is either 0 or 2, depending on whether the control file specifies the system + * is starting read-write or read-only. + */ +typedef enum +{ + WALPROHIBIT_STATE_READ_WRITE = 0, /* WAL permitted */ + WALPROHIBIT_STATE_GOING_READ_ONLY = 1, + WALPROHIBIT_STATE_READ_ONLY = 2, /* WAL prohibited */ + WALPROHIBIT_STATE_GOING_READ_WRITE = 3 +} WALProhibitState; + +static inline WALProhibitState +GetWALProhibitState(uint32 wal_prohibit_counter) +{ + /* Extract last two bits */ + return (WALProhibitState) (wal_prohibit_counter & 3); +} + +#endif /* WALPROHIBIT_H */ diff --git a/src/include/access/xlog.h b/src/include/access/xlog.h index e730572b168..936d143eaed 100644 --- a/src/include/access/xlog.h +++ b/src/include/access/xlog.h @@ -168,6 +168,14 @@ typedef enum WalLevel WAL_LEVEL_LOGICAL } WalLevel; +/* State of work that enables wal writes */ +typedef enum XLogAcceptWritesState +{ + XLOG_ACCEPT_WRITES_PENDING = 0, /* initial state, not started */ + XLOG_ACCEPT_WRITES_SKIPPED, /* skipped wal writes */ + XLOG_ACCEPT_WRITES_DONE /* wal writes are enabled */ +} XLogAcceptWritesState; + /* Recovery states */ typedef enum RecoveryState { @@ -316,6 +324,7 @@ extern RecoveryState GetRecoveryState(void); extern bool HotStandbyActive(void); extern bool HotStandbyActiveInReplay(void); extern bool XLogInsertAllowed(void); +extern void ResetLocalXLogInsertAllowed(void); extern void GetXLogReceiptTime(TimestampTz *rtime, bool *fromStream); extern XLogRecPtr GetXLogReplayRecPtr(TimeLineID *replayTLI); extern XLogRecPtr GetXLogInsertRecPtr(void); @@ -324,6 +333,7 @@ extern RecoveryPauseState GetRecoveryPauseState(void); extern void SetRecoveryPause(bool recoveryPause); extern TimestampTz GetLatestXTime(void); extern TimestampTz GetCurrentChunkReplayStartTime(void); +extern XLogAcceptWritesState GetXLogWriteAllowedState(void); extern void UpdateControlFile(void); extern uint64 GetSystemIdentifier(void); @@ -335,7 +345,11 @@ extern void XLOGShmemInit(void); extern void BootStrapXLOG(void); extern void LocalProcessControlFile(bool reset); extern void StartupXLOG(void); +extern void PerformPendingStartupOperations(void); +extern bool XLogAcceptWrites(bool needChkpt, XLogReaderState *xlogreader, + XLogRecPtr EndOfLog, TimeLineID EndOfLogTLI); extern void SetControlFileDBState(DBState state); +extern void SetControlFileWALProhibitFlag(bool wal_prohibited); extern void ShutdownXLOG(int code, Datum arg); extern void InitXLOGAccess(void); extern void CreateCheckPoint(int flags); diff --git a/src/include/catalog/pg_control.h b/src/include/catalog/pg_control.h index e3f48158ce7..f6a1f3b9826 100644 --- a/src/include/catalog/pg_control.h +++ b/src/include/catalog/pg_control.h @@ -182,6 +182,9 @@ typedef struct ControlFileData int max_locks_per_xact; bool track_commit_timestamp; + /* WAL prohibited determines if the WAL insert is allowed or not. */ + bool wal_prohibited; + /* * This data is used to check for hardware-architecture compatibility of * the database and the backend executable. We need not check endianness diff --git a/src/include/catalog/pg_proc.dat b/src/include/catalog/pg_proc.dat index fde251fa4f3..098a22e81f2 100644 --- a/src/include/catalog/pg_proc.dat +++ b/src/include/catalog/pg_proc.dat @@ -11573,6 +11573,10 @@ proname => 'pg_partition_root', prorettype => 'regclass', proargtypes => 'regclass', prosrc => 'pg_partition_root' }, +{ oid => '4544', descr => 'permit or prohibit wal writes', + proname => 'pg_prohibit_wal', prorettype => 'void', + proargtypes => 'bool', prosrc => 'pg_prohibit_wal' }, + { oid => '4350', descr => 'Unicode normalization', proname => 'normalize', prorettype => 'text', proargtypes => 'text text', prosrc => 'unicode_normalize_func' }, diff --git a/src/include/postmaster/bgwriter.h b/src/include/postmaster/bgwriter.h index c430b1b2366..bee495f05da 100644 --- a/src/include/postmaster/bgwriter.h +++ b/src/include/postmaster/bgwriter.h @@ -42,4 +42,6 @@ extern void CheckpointerShmemInit(void); extern bool FirstCallSinceLastCheckpoint(void); +extern bool SendSignalToCheckpointer(int signum); + #endif /* _BGWRITER_H */ diff --git a/src/include/storage/procsignal.h b/src/include/storage/procsignal.h index eec186be2ee..227adf8eeeb 100644 --- a/src/include/storage/procsignal.h +++ b/src/include/storage/procsignal.h @@ -49,12 +49,7 @@ typedef enum typedef enum { - /* - * XXX. PROCSIGNAL_BARRIER_PLACEHOLDER should be replaced when the first - * real user of the ProcSignalBarrier mechanism is added. It's just here - * for now because we can't have an empty enum. - */ - PROCSIGNAL_BARRIER_PLACEHOLDER = 0 + PROCSIGNAL_BARRIER_WALPROHIBIT = 0 } ProcSignalBarrierType; /* diff --git a/src/include/utils/wait_event.h b/src/include/utils/wait_event.h index 6c6ec2e7118..e95b3197cc5 100644 --- a/src/include/utils/wait_event.h +++ b/src/include/utils/wait_event.h @@ -224,7 +224,9 @@ typedef enum WAIT_EVENT_LOGICAL_CHANGES_READ, WAIT_EVENT_LOGICAL_CHANGES_WRITE, WAIT_EVENT_LOGICAL_SUBXACT_READ, - WAIT_EVENT_LOGICAL_SUBXACT_WRITE + WAIT_EVENT_LOGICAL_SUBXACT_WRITE, + WAIT_EVENT_WALPROHIBIT_STATE, + WAIT_EVENT_WALPROHIBIT_STATE_CHANGE } WaitEventIO; diff --git a/src/tools/pgindent/typedefs.list b/src/tools/pgindent/typedefs.list index abdb08319ca..b8f2e22d7e6 100644 --- a/src/tools/pgindent/typedefs.list +++ b/src/tools/pgindent/typedefs.list @@ -2816,6 +2816,7 @@ WALAvailability WALInsertLock WALInsertLockPadded WALOpenSegment +WALProhibitData WALReadError WALSegmentCloseCB WALSegmentContext -- 2.18.0