database/postgres
database/postgres
1
0
Fork 0
mirror of https://github.com/postgres/postgres.git synced 2025-05-21 15:54:08 +03:00
Code

Fix assertion when decoding XLOG_PARAMETER_CHANGE on promoted primary.

Browse Source 
When a standby replays an XLOG_PARAMETER_CHANGE record that lowers
wal_level below logical, we invalidate all logical slots in hot
standby mode. However, if this record was replayed while not in hot
standby mode, logical slots could remain valid even after promotion,
potentially causing an assertion failure during WAL record decoding.

To fix this issue, this commit adds a check for hot_standby status
when restoring a logical replication slot on standbys. This check
ensures that logical slots are invalidated when they become
incompatible due to insufficient wal_level during recovery.

Backpatch to v16 where logical decoding on standby was introduced.

Reviewed-by: Amit Kapila <amit.kapila16@gmail.com>
Reviewed-by: Bertrand Drouvot <bertranddrouvot.pg@gmail.com>
Discussion: https://postgr.es/m/CAD21AoABoFwGY_Rh2aeE6tEq3HkJxf0c6UeOXn4VV9v6BAQPSw%40mail.gmail.com
Backpatch-through: 16
This commit is contained in:
Masahiko Sawada 2025-02-24 14:03:07 -08:00
parent fde7c0164e
commit 174952ece1
2 changed files with 61 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
src/backend/replication/slot.c
View File

@ -2327,12 +2327,29 @@ RestoreSlotFromDisk(const char *name)
* NB: Changing the requirements here also requires adapting * NB: Changing the requirements here also requires adapting
* CheckSlotRequirements() and CheckLogicalDecodingRequirements(). * CheckSlotRequirements() and CheckLogicalDecodingRequirements().
*/ */
if (cp.slotdata.database != InvalidOid && wal_level < WAL_LEVEL_LOGICAL) if (cp.slotdata.database != InvalidOid)
ereport(FATAL, {
(errcode(ERRCODE_OBJECT_NOT_IN_PREREQUISITE_STATE), if (wal_level < WAL_LEVEL_LOGICAL)
errmsg("logical replication slot \"%s\" exists, but \"wal_level\" < \"logical\"", ereport(FATAL,
NameStr(cp.slotdata.name)), (errcode(ERRCODE_OBJECT_NOT_IN_PREREQUISITE_STATE),
errhint("Change \"wal_level\" to be \"logical\" or higher."))); errmsg("logical replication slot \"%s\" exists, but \"wal_level\" < \"logical\"",
NameStr(cp.slotdata.name)),
errhint("Change \"wal_level\" to be \"logical\" or higher.")));
/*
* In standby mode, the hot standby must be enabled. This check is
* necessary to ensure logical slots are invalidated when they become
* incompatible due to insufficient wal_level. Otherwise, if the
* primary reduces wal_level < logical while hot standby is disabled,
* logical slots would remain valid even after promotion.
*/
if (StandbyMode && !EnableHotStandby)
ereport(FATAL,
(errcode(ERRCODE_OBJECT_NOT_IN_PREREQUISITE_STATE),
errmsg("logical replication slot \"%s\" exists on the standby, but \"hot_standby\" = \"off\"",
NameStr(cp.slotdata.name)),
errhint("Change \"hot_standby\" to be \"on\".")));
}
else if (wal_level < WAL_LEVEL_REPLICA) else if (wal_level < WAL_LEVEL_REPLICA)
ereport(FATAL, ereport(FATAL,
(errcode(ERRCODE_OBJECT_NOT_IN_PREREQUISITE_STATE), (errcode(ERRCODE_OBJECT_NOT_IN_PREREQUISITE_STATE),

38
src/test/recovery/t/035_standby_logical_decoding.pl
View File

@ -345,6 +345,44 @@ $psql_subscriber{run} = IPC::Run::start(
\$psql_subscriber{subscriber_stderr}, \$psql_subscriber{subscriber_stderr},
IPC::Run::timeout($default_timeout)); IPC::Run::timeout($default_timeout));
##################################################
# Test that the standby requires hot_standby to be
# enabled for pre-existing logical slots.
##################################################
# create the logical slots
$node_standby->create_logical_slot_on_standby($node_primary, 'restart_test');
$node_standby->stop;
$node_standby->append_conf('postgresql.conf', qq[hot_standby = off]);
# Use run_log instead of $node_standby->start because this test expects
# that the server ends with an error during startup.
run_log(
[
'pg_ctl',
'--pgdata' => $node_standby->data_dir,
'--log' => $node_standby->logfile,
'start',
]);
# wait for postgres to terminate
foreach my $i (0 .. 10 * $PostgreSQL::Test::Utils::timeout_default)
{
last if !-f $node_standby->data_dir . '/postmaster.pid';
usleep(100_000);
}
# Confirm that the server startup fails with an expected error
my $logfile = slurp_file($node_standby->logfile());
ok( $logfile =~
qr/FATAL: .* logical replication slot ".*" exists on the standby, but "hot_standby" = "off"/,
"the standby ends with an error during startup because hot_standby was disabled"
);
$node_standby->adjust_conf('postgresql.conf', 'hot_standby', 'on');
$node_standby->start;
$node_standby->safe_psql('postgres',
qq[SELECT pg_drop_replication_slot('restart_test')]);
################################################## ##################################################
# Test that logical decoding on the standby # Test that logical decoding on the standby
# behaves correctly. # behaves correctly.