Ubuntu
postgresql-common package

pg_ctlcluster uses stop immediate on it's own

Bug #154012 reported by Decibel
4
Affects Status Importance Assigned to Milestone
postgresql-common (Ubuntu)
Fix Released
Medium
Martin Pitt

Bug Description

Binary package hint: postgresql-8.1

When issued a restart command, pg_ctlcluster will perform a stop immediate without being told to do so. An immediate stop should only be used if an administrator specifically requests it.

Revision history for this message
Martin Pitt (pitti) wrote :

What do you propose instead? "smart" is not appropriate, since it needs an interminate waiting time. It uses "fast" by default to get a graceful shutdown. Only if that does not work, "immediate" is used as a fallback.

Changed in postgresql-8.1:
importance: Undecided → Medium
status: New → Incomplete
Revision history for this message
Decibel (decibel) wrote :

If fast fails to shut the database down that means that something is seriously wrong, and pg_ctlcluster should exit with an error.

Perhaps it would be best to allow the shutdown mode as an option to the stop command.

I also disagree with changing the default PostgreSQL behavior without a very good reason. It would be better if the default stop behavior was the same as it is in PostgreSQL, though I guess that would mean having a different command for system shutdown to use, which probably won't happen...

Revision history for this message
Martin Pitt (pitti) wrote :

So I'll have pg_ctlcluster use the default mode (smart) by default, and add a --force option which the init script will use to ensure a best-effort shutdown.

Changed in postgresql-common:
assignee: nobody → pitti
status: Incomplete → Triaged
Revision history for this message
Decibel (decibel) wrote :

So --force would do an immediate shutdown then?

Revision history for this message
Martin Pitt (pitti) wrote : Re: [Bug 154012] Re: pg_ctlcluster uses stop immediate on it's own

Hi,

Decibel [2007-11-11 17:51 -0000]:
> So --force would do an immediate shutdown then?

No, in the current implementation it uses 'fast', and only if that
fails, uses 'immediate'.

Revision history for this message
Decibel (decibel) wrote :

On Nov 12, 2007, at 2:58 AM, Martin Pitt wrote:
> Decibel [2007-11-11 17:51 -0000]:
>> So --force would do an immediate shutdown then?
>
> No, in the current implementation it uses 'fast', and only if that
> fails, uses 'immediate'.

I don't see what that buys us. If a fast shutdown fails, that means
there's something seriously wrong, and the administrator should be
given the chance to investigate. They can then issue a kill -9.

What if the script printed out an appropriate sudo kill -9 $PID if
fast shutdown failed?
--
Decibel!, aka Jim C. Nasby, Database Architect <email address hidden>
Give your computer some brain candy! www.distributed.net Team #1828

Revision history for this message
Martin Pitt (pitti) wrote :

Hi,

Decibel [2007-11-12 15:29 -0000]:
> >> So --force would do an immediate shutdown then?
> >
> > No, in the current implementation it uses 'fast', and only if that
> > fails, uses 'immediate'.
>
> I don't see what that buys us.

Maybe there is a misunderstanding: pg_ctlcluster uses "smart" by
default now, so if you call it directly, or call the init script with
'restart', then "smart" is used. fast/immediate is only used in the
init script, thus usually when you shutdown the machine. In that case
it is preferable *not* to wait for clients, otherwise you stall the
reboot/shutdown.

Revision history for this message
Decibel (decibel) wrote :

On Mon, Nov 12, 2007 at 04:03:48PM -0000, Martin Pitt wrote:
> Hi,
>
> Decibel [2007-11-12 15:29 -0000]:
> > >> So --force would do an immediate shutdown then?
> > >
> > > No, in the current implementation it uses 'fast', and only if that
> > > fails, uses 'immediate'.
> >
> > I don't see what that buys us.
>
> Maybe there is a misunderstanding: pg_ctlcluster uses "smart" by
> default now, so if you call it directly, or call the init script with
> 'restart', then "smart" is used. fast/immediate is only used in the
> init script, thus usually when you shutdown the machine. In that case
> it is preferable *not* to wait for clients, otherwise you stall the
> reboot/shutdown.

No, I understand. But unless the init scripts will absolutely hang a
shutdown if they don't exit then there's no reason to fall through to
immediate. immediate == kill -9, which is what init will do anyway as it
dies.

The problem is that using fast is a completely valid use-case outside of
init, and in that case it's a really bad idea to automatically fall
through to immediate. If fast doesn't work we should leave things as-is
so the admin can investigate. If you want to be admin-friendly, have the
script print out an appropriate sudo command that can be cut and pasted.
--
Decibel!, aka Jim C. Nasby, Database Architect <email address hidden>
Give your computer some brain candy! www.distributed.net Team #1828

Revision history for this message
Martin Pitt (pitti) wrote :

Fixed in Hardy in this version:

postgresql-common (82) unstable; urgency=low

  * debian/control: Fix 'commmon' typo. (Closes: #449532)
  * t/030_errors.t: Check that an /etc/postgresql/postgresql.conf leftover is
    not regarded as a cluster directory. This reproduces #450565.
  * PgCommon.pm, get_versions()/get_version_clusters(): Filter out '.' and
    '..' from readdir() output. (Closes: #450565)
  * pg_ctlcluster: Use "smart" mode shutdown by default, and add option
    -f/--force to use "fast" -> "immediate" -> kill -9 approach. (LP: #154012)
  * debian/init.d-functions: Use --force when stopping all clusters, since
    default smart mode can potentially block forever and thus fail to shut
    down a machine.
  * debian/README.Devel: Update for current bzr versions and hosting on
    code.launchpad.net.
  * Update Japanese debconf translations (Closes: #450902)

 -- Martin Pitt <email address hidden> Sun, 30 Dec 2007 22:27:08 +0100

Changed in postgresql-common:
status: Triaged → Fix Released
Revision history for this message
Decibel (decibel) wrote :

Cool, thanks!

On Sun, Feb 03, 2008 at 11:49:33AM -0000, Martin Pitt wrote:
> Fixed in Hardy in this version:
>
> postgresql-common (82) unstable; urgency=low
>
> * debian/control: Fix 'commmon' typo. (Closes: #449532)
> * t/030_errors.t: Check that an /etc/postgresql/postgresql.conf leftover is
> not regarded as a cluster directory. This reproduces #450565.
> * PgCommon.pm, get_versions()/get_version_clusters(): Filter out '.' and
> '..' from readdir() output. (Closes: #450565)
> * pg_ctlcluster: Use "smart" mode shutdown by default, and add option
> -f/--force to use "fast" -> "immediate" -> kill -9 approach. (LP: #154012)
> * debian/init.d-functions: Use --force when stopping all clusters, since
> default smart mode can potentially block forever and thus fail to shut
> down a machine.
> * debian/README.Devel: Update for current bzr versions and hosting on
> code.launchpad.net.
> * Update Japanese debconf translations (Closes: #450902)
>
> -- Martin Pitt <email address hidden> Sun, 30 Dec 2007 22:27:08 +0100
>
>
> ** Changed in: postgresql-common (Ubuntu)
> Status: Triaged => Fix Released
>
> --
> pg_ctlcluster uses stop immediate on it's own
> https://bugs.launchpad.net/bugs/154012
> You received this bug notification because you are a direct subscriber
> of the bug.
>

--
Decibel!, aka Jim C. Nasby, Database Architect <email address hidden>
Give your computer some brain candy! www.distributed.net Team #1828

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.