pg_createcluster silently deletes existing cluster

Bug #661061 reported by Thomas Jacob on 2010-10-15
16
This bug affects 2 people
Affects Status Importance Assigned to Milestone
postgresql-common (Ubuntu)
Undecided
Unassigned
Hardy
High
Martin Pitt
Lucid
High
Martin Pitt

Bug Description

Binary package hint: postgresql-common

# Linux <DELETED> 2.6.32-25-server #44-Ubuntu SMP Fri Sep 17 21:13:39 UTC 2010 x86_64 GNU/Linux
# ii postgresql-common 106 PostgreSQL database-cluster manager

When running pg_createcluster on an already existing cluster, the END handler completely deletes the existing cluster
without any warnings or notices, if the existing cluster is not running. This is highly dangerous and IMO a major bug.

To reproduce:

l# pg_lsclusters
Version Cluster Port Status Owner Data directory Log file
8.4 main 5432 down postgres /var/lib/postgresql/8.4/main /var/log/postgresql/postgresql-8.4-main.log

# pg_createcluster 8.4 main
Error: cluster configuration already exists

# pg_lsclusters
Version Cluster Port Status Owner Data directory Log file

# pg_createcluster 8.4 main
Creating new cluster (configuration: /etc/postgresql/8.4/main, data: /var/lib/postgresql/8.4/main)...
Moving configuration file /var/lib/postgresql/8.4/main/postgresql.conf to /etc/postgresql/8.4/main...
Moving configuration file /var/lib/postgresql/8.4/main/pg_hba.conf to /etc/postgresql/8.4/main...
Moving configuration file /var/lib/postgresql/8.4/main/pg_ident.conf to /etc/postgresql/8.4/main...

The culprit:

nl /usr/bin/pg_createcluster

   378 END {
   379 # clean up cruft if something went wrong
   380 if (!$createsuccess && defined $version && defined $cluster) {
   381 system "pg_dropcluster $version $cluster 2>/dev/null";
   382 exit 1;
   383 }
   384 }

Possible solution:
   See attached patch

tags: added: patch
Martin Pitt (pitti) wrote :

Thanks! This has already been fixed in version 111, which is in maverick and natty:

postgresql-common (111) unstable; urgency=high

  * Urgency high since this fixes two RC bugs.
  * t/030_errors.t: Check that pg_createcluster leaves the original one intact
    if the cluster already exists, also when the original one is not running.
    This reproduces #597097.
  * pg_createcluster: Be more careful with cleaning up the created cluster if
    an error occurs: Do not start the cleanup until we actually passed our
    sanity checks and created files for the new cluster. Before, it would
    erroneously remove an already existing cluster on a sanity check fail, if
    that cluster happened to not be running at the time. (Closes: #597097)
  * debian/supported-versions: Be more robust against lsb_release failing, e.
    g. in the case where it is not fully configured yet. (Closes: #597561)
  * debian/supported-versions: Drop check for /etc/debian_version if
    lsb_release is not working/existing. Derivatives have debian_version as
    well, and we don't actually evaluate it, so just print a meaningful error
    message and go with the default versions.
  * debian/rules: Put init script priority back to S19/K21 to match the
    previous postgresql-8.4 init script. Fix the priorities on upgrade in
    debian/postgresql-common.preinst. (Closes: #597654)

 -- Martin Pitt <email address hidden> Wed, 22 Sep 2010 12:04:00 +0200

For lucid I propose to SRU the patch; it contains a test case and is pretty straightforward:

  http://bazaar.launchpad.net/~pitti/postgresql/common/revision/1024

Changed in postgresql-common (Ubuntu):
status: New → Fix Released
Changed in postgresql-common (Ubuntu Hardy):
status: New → In Progress
importance: Undecided → High
assignee: nobody → Martin Pitt (pitti)
Changed in postgresql-common (Ubuntu Lucid):
status: New → In Progress
importance: Undecided → High
assignee: nobody → Martin Pitt (pitti)
milestone: none → ubuntu-10.04.3
description: updated
Martin Pitt (pitti) wrote :

I backported the fix to lucid and uploaded to lucid-proposed, this now needs review/ack from the ubuntu-sru team.

The new test case reproduces the erroneous removal of preexisting cluster, and with the fixed pg_createcluster it now runs fine. I also confirm that with a locally built 106ubuntu1 the entire test suite still succeeds.

Martin Pitt (pitti) wrote :

I backported the fix to hardy and uploaded to hardy-proposed, this now needs review/ack from the ubuntu-sru team.

Changed in postgresql-common (Ubuntu Hardy):
status: In Progress → Fix Committed
Changed in postgresql-common (Ubuntu Lucid):
status: In Progress → Fix Committed

Accepted into lucid-proposed, the package will build now and be available in a few hours. Please test and give feedback here. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you in advance!

tags: added: verification-needed
Steve Langasek (vorlon) wrote :

Accepted into hardy-proposed, the package will build now and be available in a few hours. Please test and give feedback here. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you in advance!

Thomas Jacob (jacob-internet24) wrote :

Tested on Lucid x86_64 desktop. pg_createcluster now does not delete an existing cluster, regardless of whether it is online or down, pg_lscluster, pg_dropcluster, pg_ctlcluster still seem.

Thomas Jacob (jacob-internet24) wrote :

 ... correction of #7:

Otherwise, pg_createcluster, pg_lsclusters, pg_dropcluster, pg_ctlcluster seem to work as before.

Martin Pitt (pitti) wrote :

Thanks Thomas! I also tested the same on maverick with the package in -proposed, and it doesn't kill the cluster now. Test suites still run fine.

tags: added: verification-done
removed: verification-needed
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package postgresql-common - 106ubuntu1

---------------
postgresql-common (106ubuntu1) lucid-proposed; urgency=low

  * t/030_errors.t: Check that pg_createcluster leaves the original one
    intact if the cluster already exists, also when the original one is not
    running. This reproduces LP #661061/Debian #597097.
  * pg_createcluster: Be more careful with cleaning up the created cluster if
    an error occurs: Do not start the cleanup until we actually passed our
    sanity checks and created files for the new cluster. Before, it would
    erroneously remove an already existing cluster on a sanity check fail, if
    that cluster happened to not be running at the time. (LP: #661061)
    Patches cherrypicked from trunk r1024.
  * debian/control: Set Vcs-Bzr to lucid branch.
 -- Martin Pitt <email address hidden> Mon, 18 Oct 2010 11:04:24 +0200

Changed in postgresql-common (Ubuntu Lucid):
status: Fix Committed → Fix Released
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package postgresql-common - 87ubuntu3

---------------
postgresql-common (87ubuntu3) hardy-proposed; urgency=low

  * t/030_errors.t: Check that pg_createcluster leaves the original one
    intact if the cluster already exists, also when the original one is not
    running. This reproduces LP #661061/Debian #597097.
  * pg_createcluster: Be more careful with cleaning up the created cluster if
    an error occurs: Do not start the cleanup until we actually passed our
    sanity checks and created files for the new cluster. Before, it would
    erroneously remove an already existing cluster on a sanity check fail, if
    that cluster happened to not be running at the time. (LP: #661061)
    Patches cherrypicked from trunk r1024.
 -- Martin Pitt <email address hidden> Mon, 18 Oct 2010 11:09:35 +0200

Changed in postgresql-common (Ubuntu Hardy):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers