database/postgres
1
0
Fork 0
mirror of https://github.com/postgres/postgres.git synced 2025-07-30 11:03:19 +03:00
Code Activity

Send SIGKILL to children if they don't die quickly in immediate shutdown

Browse Source 
On immediate shutdown, or during a restart-after-crash sequence,
postmaster used to send SIGQUIT (and then abandon ship if shutdown); but
this is not a good strategy if backends don't die because of that
signal.  (This might happen, for example, if a backend gets tangled
trying to malloc() due to gettext(), as in an example illustrated by
MauMau.)  This causes problems when later trying to restart the server,
because some processes are still attached to the shared memory segment.

Instead of just abandoning such backends to their fates, we now have
postmaster hang around for a little while longer, send a SIGKILL after
some reasonable waiting period, and then exit.  This makes immediate
shutdown more reliable.

There is disagreement on whether it's best for postmaster to exit after
sending SIGKILL, or to stick around until all children have reported
death.  If this controversy is resolved differently than what this patch
implements, it's an easy change to make.

Bug reported by MauMau in message 20DAEA8949EC4E2289C6E8E58560DEC0@maumau

MauMau and Álvaro Herrera
This commit is contained in:
Alvaro Herrera
2013-06-28 17:20:53 -04:00
parent 457d6cf049
commit 82233ce7ea
3 changed files with 142 additions and 44 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
doc/src/sgml/runtime.sgml
View File

@ -1362,11 +1362,11 @@ echo -1000 > /proc/self/oom_score_adj
<listitem>
<para>
This is the <firstterm>Immediate Shutdown</firstterm> mode.
The master <command>postgres</command> process will send a
<systemitem>SIGQUIT</systemitem> to all child processes and exit
immediately, without properly shutting itself down. The child processes
likewise exit immediately upon receiving
<systemitem>SIGQUIT</systemitem>. This will lead to recovery (by
The server will send <systemitem>SIGQUIT</systemitem> to all child
processes and wait for them to terminate. Those that don't terminate
within 5 seconds, will be sent <systemitem>SIGKILL</systemitem> by the
master <command>postgres</command> process, which will then terminate
without further waiting. This will lead to recovery (by
replaying the WAL log) upon next start-up. This is recommended
only in emergencies.
</para>