NotificationsYou must be signed in to change notification settings
Fork6
Star31

Commit48913db

committed

In immediate shutdown, postmaster should not exit till children are gone.

This adjusts commit82233ce so that thepostmaster does not exit until all its child processes have exited, evenif the 5-second timeout elapses and we have to send SIGKILL. There is nogreat value in having the postmaster process quit sooner, and doing so canmislead onlookers into thinking that the cluster is fully terminated whenactually some child processes still survive.This effect might explain recent test failures on buildfarm member hamster,wherein we failed to restart a cluster just after shutting it down with"pg_ctl stop -m immediate".I also did a bit of code review/beautification, including fixing a faultyuse of the Max() macro on a volatile expression.Back-patch to 9.4. In older branches, the postmaster never waited forchildren to exit during immediate shutdowns, and changing that would betoo much of a behavioral change.

1 parentda1a9d0 commit48913dbCopy full SHA for 48913db

File tree

2 files changed

+17

-19

lines changed

doc/src/sgml
- runtime.sgml
src/backend/postmaster
- postmaster.c

2 files changed

+17

-19

lines changed

`‎doc/src/sgml/runtime.sgml`

Lines changed: 5 additions & 4 deletions

Original file line number	Diff line number	Diff line change
`@@ -1441,10 +1441,11 @@ $ <userinput>sysctl -w vm.nr_hugepages=3170</userinput>`
`1441`	`1441`	`<para>`
`1442`	`1442`	`This is the <firstterm>Immediate Shutdown</firstterm> mode.`
`1443`	`1443`	`The server will send <systemitem>SIGQUIT</systemitem> to all child`
`1444`		`- processes and wait for them to terminate. Those that don't terminate`
`1445`		`- within 5 seconds, will be sent <systemitem>SIGKILL</systemitem> by the`
`1446`		`- master <command>postgres</command> process, which will then terminate`
`1447`		`- without further waiting. This will lead to recovery (by`
	`1444`	`+ processes and wait for them to terminate. If any do not terminate`
	`1445`	`+ within 5 seconds, they will be sent <systemitem>SIGKILL</systemitem>.`
	`1446`	`+ The master server process exits as soon as all child processes have`
	`1447`	`+ exited, without doing normal database shutdown processing.`
	`1448`	`+ This will lead to recovery (by`
`1448`	`1449`	`replaying the WAL log) upon next start-up. This is recommended`
`1449`	`1450`	`only in emergencies.`
`1450`	`1451`	`</para>`

`‎src/backend/postmaster/postmaster.c`

Lines changed: 12 additions & 15 deletions

Original file line number	Diff line number	Diff line change
`@@ -324,8 +324,10 @@ typedef enum`
`324`	`324`
`325`	`325`	`staticPMStatepmState=PM_INIT;`
`326`	`326`
`327`		`-/* Start time of abort processing at immediate shutdown or child crash */`
`328`		`-statictime_tAbortStartTime;`
	`327`	`+/* Start time of SIGKILL timeout during immediate shutdown or child crash */`
	`328`	`+/* Zero means timeout is not running */`
	`329`	`+statictime_tAbortStartTime=0;`
	`330`	`+/* Length of said timeout */`
`329`	`331`	`#defineSIGKILL_CHILDREN_AFTER_SECS5`
`330`	`332`
`331`	`333`	`staticboolReachedNormalRunning= false;/* T if we've reached PM_RUN */`
`@@ -1419,7 +1421,8 @@ checkDataDir(void)`
`1419`	`1421`	`* In normal conditions we wait at most one minute, to ensure that the other`
`1420`	`1422`	`* background tasks handled by ServerLoop get done even when no requests are`
`1421`	`1423`	`* arriving. However, if there are background workers waiting to be started,`
`1422`		`- * we don't actually sleep so that they are quickly serviced.`
	`1424`	`+ * we don't actually sleep so that they are quickly serviced. Other exception`
	`1425`	`+ * cases are as shown in the code.`
`1423`	`1426`	`*/`
`1424`	`1427`	`staticvoid`
`1425`	`1428`	`DetermineSleepTime(structtimeval*timeout)`
`@@ -1433,11 +1436,12 @@ DetermineSleepTime(struct timeval * timeout)`
`1433`	`1436`	`if (Shutdown>NoShutdown\|\|`
`1434`	`1437`	`(!StartWorkerNeeded&& !HaveCrashedWorker))`
`1435`	`1438`	`{`
`1436`		`-if (AbortStartTime>0)`
	`1439`	`+if (AbortStartTime!=0)`
`1437`	`1440`	`{`
`1438`	`1441`	`/* time left to abort; clamp to 0 in case it already expired */`
`1439`		`-timeout->tv_sec=Max(SIGKILL_CHILDREN_AFTER_SECS-`
`1440`		`- (time(NULL)-AbortStartTime),0);`
	`1442`	`+timeout->tv_sec=SIGKILL_CHILDREN_AFTER_SECS-`
	`1443`	`+(time(NULL)-AbortStartTime);`
	`1444`	`+timeout->tv_sec=Max(timeout->tv_sec,0);`
`1441`	`1445`	`timeout->tv_usec=0;`
`1442`	`1446`	`}`
`1443`	`1447`	`else`
`@@ -1707,20 +1711,13 @@ ServerLoop(void)`
`1707`	`1711`	`* Note we also do this during recovery from a process crash.`
`1708`	`1712`	`*/`
`1709`	`1713`	`if ((Shutdown >=ImmediateShutdown\|\| (FatalError&& !SendStop))&&`
`1710`		`-AbortStartTime>0&&`
`1711`		`-now-AbortStartTime >=SIGKILL_CHILDREN_AFTER_SECS)`
	`1714`	`+AbortStartTime!=0&&`
	`1715`	`+(now-AbortStartTime) >=SIGKILL_CHILDREN_AFTER_SECS)`
`1712`	`1716`	`{`
`1713`	`1717`	`/* We were gentle with them before. Not anymore */`
`1714`	`1718`	`TerminateChildren(SIGKILL);`
`1715`	`1719`	`/* reset flag so we don't SIGKILL again */`
`1716`	`1720`	`AbortStartTime=0;`
`1717`		`-`
`1718`		`-/*`
`1719`		`- * Additionally, unless we're recovering from a process crash,`
`1720`		`- * it's now the time for postmaster to abandon ship.`
`1721`		`- */`
`1722`		`-if (!FatalError)`
`1723`		`-ExitPostmaster(1);`
`1724`	`1721`	`}`
`1725`	`1722`	`}`
`1726`	`1723`	`}`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commit48913db

File tree

2 files changed

2 files changed

`‎doc/src/sgml/runtime.sgml`

`‎src/backend/postmaster/postmaster.c`

0 commit comments