Minor adjustments to make failures in startup/shutdown behave more cleanly.

StartupXLOG and ShutdownXLOG no longer need to be critical sections, because in all contexts where they are invoked, elog(ERROR) would be translated to elog(FATAL) anyway. (One change in bgwriter.c is needed to make this true: set ExitOnAnyError before trying to exit. This is a good fix anyway since the existing code would have gone into an infinite loop on elog(ERROR) during shutdown.) That avoids a misleading report of PANIC during semi-orderly failures. Modify the postmaster to include the startup process in the set of processes that get SIGTERM when a fast shutdown is requested, and also fix it to not try to restart the bgwriter if the bgwriter fails while trying to write the shutdown checkpoint. Net result is that "pg_ctl stop -m fast" does something reasonable for a system in warm standby mode, and so should Unix system shutdown (ie, universal SIGTERM). Per gripe from Stephen Harris and some corner-case testing of my own.
2025-07-14 08:21:07 +03:00 · 2006-11-30 18:29:12 +00:00
parent ef148d6b85
commit 5f60086e10
3 changed files with 32 additions and 14 deletions
--- a/src/backend/postmaster/postmaster.c
+++ b/src/backend/postmaster/postmaster.c
@ -37,7 +37,7 @@
 *
 *
 * IDENTIFICATION
- *	  $PostgreSQL: pgsql/src/backend/postmaster/postmaster.c,v 1.504 2006/11/28 12:54:41 petere Exp $
+ *	  $PostgreSQL: pgsql/src/backend/postmaster/postmaster.c,v 1.505 2006/11/30 18:29:12 tgl Exp $
 *
 * NOTES
 *
@ -1934,8 +1934,13 @@ pmdie(SIGNAL_ARGS)
 			 * Note: if we previously got SIGTERM then we may send SIGUSR2 to
 			 * the bgwriter a second time here.  This should be harmless.
 			 */
-			if (StartupPID != 0 || FatalError)
-				break;			/* let reaper() handle this */
+			if (StartupPID != 0)
+			{
+				signal_child(StartupPID, SIGTERM);
+				break;			/* let reaper() do the rest */
+			}
+			if (FatalError)
+				break;			/* let reaper() handle this case */
 			/* Start the bgwriter if not running */
 			if (BgWriterPID == 0)
 				BgWriterPID = StartBackgroundWriter();
@ -2108,6 +2113,21 @@ reaper(SIGNAL_ARGS)
 			 */
 			HandleChildCrash(pid, exitstatus,
 							 _("background writer process"));
+
+			/*
+			 * If the bgwriter crashed while trying to write the shutdown
+			 * checkpoint, we may as well just stop here; any recovery
+			 * required will happen on next postmaster start.
+			 */
+			if (Shutdown > NoShutdown &&
+				!DLGetHead(BackendList) && AutoVacPID == 0)
+			{
+				ereport(LOG,
+						(errmsg("abnormal database system shutdown")));
+				ExitPostmaster(1);
+			}
+
+			/* Else, proceed as in normal crash recovery */
 			continue;
 		}