* Robert Haas (robertmh...@gmail.com) wrote: > On Thu, Oct 20, 2016 at 12:12 PM, Stephen Frost <sfr...@snowman.net> wrote: > > That said, I'd also like to see a --force or similar option or mechanism > > put in place to reduce the risk of users trashing their system because > > they think pg_resetwal is "safe." ("It's just gonna reset things to make > > the database start again, should be fine."). > > You know we already have that, right?
Yes, but I was meaning an option which would be required to make pg_resetxlog actually *do* anything. In other words, I'd rather have it report some info back to the user, if it's run without the '--really-force' or what-have-you option, and only proceed with clearing the WAL or rewriting pg_control when '--really-force' is used. > > pg_destroydb almost seems like a better choice, though I suppose > > 'pg_clearwal' would be more acceptable. Doesn't have quite the same > > impact though. > > > > Not sure on the best answer here, but it's definitely foot-gun that some > > users have ended up using on themselves with depressing regularity. > > Just to provide some perspective from the other side of this, I [...] I wasn't suggesting that we remove the capability. There are certainly use-cases for it, but, unfortunately, I've seen a number of cases where users simply google'd an error that they got back when trying to start PG and found someone saying "well, I got this error, but then I ran pg_resetxlog, and now the database starts up again." It likely doesn't help that the top links tend to be to mailing list archives where pg_resetxlog was brought up. Thanks! Stephen
Description: Digital signature