On Mon, Aug 12, 2013 at 10:08:07PM +0200, Pavel Raiskup wrote: > > The patch moves the atexit setting up, as you suggested, but only does > > that when pg_ctl succeeds (we know we started the server), > > Yes, of course! > > > PG 9.1+ will allow pg_ctl -w start to succeed even if there are > > permissions problems; earlier versions will not and will keep the > > server running --- the user will have to stop the server after > > pg_upgrade says it is running. > > This makes it a complex, really.. We may not easily make the > stop_postmaster resistant to non-running server. Thus your solution must > be good enough.
Well, stop_postmaster can run just fine with a stopped server, as we allow the atexit() shutdown to ignore errors. The larger question is whether we should ever stop a server we are not sure we started. The existing pg_upgrade logic checks if the servers are running first with start_postmaster(throw_error = false), so in our existing code, we could probably unconditionally shutdown the server even with a pg_ctl error when using throw_error = true, but pg_upgrade is complex so I am hesitant to make such a bold change. Does anyone else have an opinion? > > I am not going to backpatch this beyond 9.3 as it is risky code. I have > > improved the comments in this area. > > Agree, it is OK for me — thanks for your work. Sure. You gave me something to study today, and highlighted an area of the code that was very unclear. -- Bruce Momjian <br...@momjian.us> http://momjian.us EnterpriseDB http://enterprisedb.com + It's impossible for everything to be true. + -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers