"Baker, Keith [OCDUS Non-J&J]" <kbak...@its.jnj.com> writes:
> If there are existing tests I can run to ensure the QNX port meets your 
> criteria for robust failure handling in this area I would be happy to run 
> them.
> If not, perhaps someone can provide a quick list of failure modes to consider.
> As-is:
> - starting of a second postmaster fails with message 'FATAL: lock file 
> "postmaster.pid" already exists'
> - Kill -9 of postmaster followed by a pg_ctl start seems to go through 
> recovery, although the original shared memory segments hang out in /dev/shmem 
> until reboot (that could be better).

Unfortunately, that probably proves it's broken rather than that it works.
The behavior we need is that after kill -9'ing the postmaster, subsequent
postmaster start attempts *fail* until all the original postmaster's child
processes are gone.  Otherwise you end up with two independent sets of
processes scribbling on the same files (and not sharing shmem either).
Kiss consistency goodbye ...

It's possible that all the children automatically exited, especially if
you had only background processes active; but if you had a live regular
session it would not exit just because the parent process died.

                        regards, tom lane


-- 
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers

Reply via email to