On 06.05.2016 0:42, Greg Stark wrote:
On 5 May 2016 12:32 am, "Tom Lane" <t...@sss.pgh.pa.us
<mailto:t...@sss.pgh.pa.us>> wrote:
>
> To repeat, I'm pretty hesitant to change this logic. While this is not
> the first report we've ever heard of loss of pg_control, I believe I
could
> count those reports without running out of fingers on one hand --- and
> that's counting since the last century. It will take quite a lot of
> evidence to convince me that some other implementation will be more
> reliable. If you just come and present a patch to use direct write, or
> rename, or anything else for that matter, I'm going to reject it out of
> hand unless you provide very strong evidence that it's going to be more
> reliable than the current code across all the systems we support.
One thing we could do without much worry of being less reliable would be
to keep two copies of pg_control. Write one, fsync, then write to the
other and fsync that one.
Oracle keeps a copy of the old control file so that you can always go
back to an older version if a hardware or software bug currupts it. But
they keep a lot more data in their control file and they can be quite large.
Oracle can create more then one copy of control file. They are the same,
not old copy and current. And their advise is just to store this copies
on separate storage to be more fault tolerant.
PS By the way on my initial post about "is pg_control safe" i wrote in p
3. some thoughts about multiple copies of pg_control file. Glad to see
identity of views on this issue
--
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers
