On Thu, Dec 9, 2021 at 11:28 AM John Naylor <john.nay...@enterprisedb.com> wrote: > Now that we have a concept of a fail-safe vacuum, maybe it would be > beneficial to skip a vacuum in single-user mode if the fail-safe > criteria were not met at the beginning of vacuuming a relation.
Obviously the main goal of the failsafe is to not get into this situation in the first place. But it's still very reasonable to ask "what happens when the failsafe even fails at that?". This was something that we considered directly when working on the feature. There is a precheck that takes place before any other work, which ensures that we won't even start off any of the nonessential tasks the failsafe skips (e.g., index vacuuming). The precheck works like any other check -- it checks if relfrozenxid is dangerously old. (We won't even bother trying to launch parallel workers when this precheck triggers, which is another reason to have it that Mashahiko pointed out during development.) Presumably there is no need to specifically check if we're running in single user mode when considering if we need to trigger the failsafe -- which, as you say, we won't do. It shouldn't matter, because anybody running single-user mode just to VACUUM must already be unable to allocate new XIDs outside of single user mode. That condition alone will trigger the failsafe. That said, it would be very easy to add a check for single user mode. It didn't happen because we weren't aware of any specific need for it. Perhaps there is an argument for it. -- Peter Geoghegan