On Thu, Jan 13, 2011 at 3:01 PM, Tom Lane <[email protected]> wrote: > Robert Haas <[email protected]> writes: >> On Thu, Jan 13, 2011 at 2:45 PM, Tom Lane <[email protected]> wrote: >>> I wonder whether we could have some sort of latch-like counter that >>> would count the number of active backends and deliver signals when the >>> count went to zero. However, if the goal is to defend against random >>> applications of SIGKILL, there's probably no way to make this reliable >>> in userspace. > >> I don't think you can get there 100%. We could, however, make a rule >> that when a background process fails a PostmasterIsAlive() check, it >> sends SIGQUIT to everyone it can find in the ProcArray, which would at >> least ensure a timely exit in most real-world cases. > > You're going in the wrong direction there: we're trying to have the > system remain sane when the postmaster crashes, not see how quickly > it can screw up every remaining session.
I strongly believe you're in the minority on that one, for the same reasons that I don't think most people would agree with your notion of what should be the default shutdown mode. A database that can't accept new connections is a liability, not an asset. -- Robert Haas EnterpriseDB: http://www.enterprisedb.com The Enterprise PostgreSQL Company -- Sent via pgsql-hackers mailing list ([email protected]) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
