Streaming replication, and walsender during recovery
Hi,
When I configured a cascaded standby (i.e, made the additional
standby server connect to the standby), I got the following
errors, and a cascaded standby didn't start replication.
ERROR: timeline 0 of the primary does not match recovery target timeline 1
I didn't care about that case so far. To avoid a confusing error
message, we should forbid a startup of walsender during recovery,
and emit a suitable message? Or support such cascade-configuration?
Though I don't think that the latter is difficult to be implemented,
ISTM it's not the time to do that now.
Thought?
Regards,
--
Fujii Masao
NIPPON TELEGRAPH AND TELEPHONE CORPORATION
NTT Open Source Software Center
Fujii Masao <masao.fujii@gmail.com> writes:
When I configured a cascaded standby (i.e, made the additional
standby server connect to the standby), I got the following
errors, and a cascaded standby didn't start replication.
ERROR: timeline 0 of the primary does not match recovery target timeline 1
I didn't care about that case so far. To avoid a confusing error
message, we should forbid a startup of walsender during recovery,
and emit a suitable message? Or support such cascade-configuration?
Though I don't think that the latter is difficult to be implemented,
ISTM it's not the time to do that now.
It would be kind of silly to add code to forbid it if making it work
would be about the same amount of effort. I think it'd be worth looking
closer to find out what the problem is.
regards, tom lane
On Mon, 2010-01-18 at 09:31 -0500, Tom Lane wrote:
Fujii Masao <masao.fujii@gmail.com> writes:
When I configured a cascaded standby (i.e, made the additional
standby server connect to the standby), I got the following
errors, and a cascaded standby didn't start replication.ERROR: timeline 0 of the primary does not match recovery target timeline 1
I didn't care about that case so far. To avoid a confusing error
message, we should forbid a startup of walsender during recovery,
and emit a suitable message? Or support such cascade-configuration?
Though I don't think that the latter is difficult to be implemented,
ISTM it's not the time to do that now.It would be kind of silly to add code to forbid it if making it work
would be about the same amount of effort. I think it'd be worth looking
closer to find out what the problem is.
There is an ERROR, but no problem AFAICS. The tli isn't set until end of
recovery because it doesn't need to have been set yet. That shouldn't
prevent retrieving WAL data.
--
Simon Riggs www.2ndQuadrant.com
On Mon, Jan 18, 2010 at 11:42 PM, Simon Riggs <simon@2ndquadrant.com> wrote:
On Mon, 2010-01-18 at 09:31 -0500, Tom Lane wrote:
Fujii Masao <masao.fujii@gmail.com> writes:
When I configured a cascaded standby (i.e, made the additional
standby server connect to the standby), I got the following
errors, and a cascaded standby didn't start replication.ERROR: timeline 0 of the primary does not match recovery target timeline 1
I didn't care about that case so far. To avoid a confusing error
message, we should forbid a startup of walsender during recovery,
and emit a suitable message? Or support such cascade-configuration?
Though I don't think that the latter is difficult to be implemented,
ISTM it's not the time to do that now.It would be kind of silly to add code to forbid it if making it work
would be about the same amount of effort. I think it'd be worth looking
closer to find out what the problem is.There is an ERROR, but no problem AFAICS. The tli isn't set until end of
recovery because it doesn't need to have been set yet. That shouldn't
prevent retrieving WAL data.
OK. Here is the patch which supports a walsender process during recovery;
* Change walsender so as to send the WAL written by the walreceiver
if it has been started during recovery.
* Kill the walsenders started during recovery at the end of recovery
because replication cannot survive the change of timeline ID.
Regards,
--
Fujii Masao
NIPPON TELEGRAPH AND TELEPHONE CORPORATION
NTT Open Source Software Center
Attachments:
walsender_during_recovery_0119.patchtext/x-patch; charset=US-ASCII; name=walsender_during_recovery_0119.patchDownload+43-0
On Tue, 2010-01-19 at 15:04 +0900, Fujii Masao wrote:
There is an ERROR, but no problem AFAICS. The tli isn't set until end of
recovery because it doesn't need to have been set yet. That shouldn't
prevent retrieving WAL data.OK. Here is the patch which supports a walsender process during recovery;
* Change walsender so as to send the WAL written by the walreceiver
if it has been started during recovery.
* Kill the walsenders started during recovery at the end of recovery
because replication cannot survive the change of timeline ID.
Good patch.
I think we need to add a longer comment explaining the tli issues. I
agree with your handling of them.
It would be useful to have the ps display differentiate between multiple
walsenders, and in this case have it indicate cascading also.
--
Simon Riggs www.2ndQuadrant.com
On Tue, Jan 19, 2010 at 4:41 PM, Simon Riggs <simon@2ndquadrant.com> wrote:
It would be useful to have the ps display differentiate between multiple
walsenders, and in this case have it indicate cascading also.
Since a normal walsender and a "cascading" one will not be running
at the same time, I don't think that it's worth adding that label
into the PS display. Am I missing something?
Regards,
--
Fujii Masao
NIPPON TELEGRAPH AND TELEPHONE CORPORATION
NTT Open Source Software Center
Fujii Masao wrote:
OK. Here is the patch which supports a walsender process during recovery;
* Change walsender so as to send the WAL written by the walreceiver
if it has been started during recovery.
* Kill the walsenders started during recovery at the end of recovery
because replication cannot survive the change of timeline ID.
I think there's a race condition at the end of recovery. When the
shutdown checkpoint is written, with new TLI, doesn't a cascading
walsender try to send that to the standby as soon as it's flushed to
disk? But it won't find it in the WAL segment with the old TLI that it's
reading.
Also, when segments are restored from the archive, using
restore_command, the cascading walsender won't find them because they're
not written in pg_xlog like normal WAL segments.
--
Heikki Linnakangas
EnterpriseDB http://www.enterprisedb.com
On Thu, Jan 28, 2010 at 4:47 PM, Heikki Linnakangas
<heikki.linnakangas@enterprisedb.com> wrote:
I think there's a race condition at the end of recovery. When the
shutdown checkpoint is written, with new TLI, doesn't a cascading
walsender try to send that to the standby as soon as it's flushed to
disk? But it won't find it in the WAL segment with the old TLI that it's
reading.
Right. But I don't think that such a shutdown checkpoint record is worth
being sent by a cascading walsender. I think that such a walsender has
only to exit without regard to the WAL segment with the new TLI.
Also, when segments are restored from the archive, using
restore_command, the cascading walsender won't find them because they're
not written in pg_xlog like normal WAL segments.
Yeah, I need to adjust my approach to the recent 'xlog-refactor' change.
The archived file needs to be restored without a name change, and remain
in pg_xlog until the bgwriter will have recycled it.
But that change would make the xlog.c even more complicated. Should we
postpone the 'cascading walsender' feature into v9.1, and, in v9.0, just
forbid walsender to be started during recovery?
Regards,
--
Fujii Masao
NIPPON TELEGRAPH AND TELEPHONE CORPORATION
NTT Open Source Software Center
Fujii Masao wrote:
On Thu, Jan 28, 2010 at 4:47 PM, Heikki Linnakangas
<heikki.linnakangas@enterprisedb.com> wrote:I think there's a race condition at the end of recovery. When the
shutdown checkpoint is written, with new TLI, doesn't a cascading
walsender try to send that to the standby as soon as it's flushed to
disk? But it won't find it in the WAL segment with the old TLI that it's
reading.Right. But I don't think that such a shutdown checkpoint record is worth
being sent by a cascading walsender. I think that such a walsender has
only to exit without regard to the WAL segment with the new TLI.Also, when segments are restored from the archive, using
restore_command, the cascading walsender won't find them because they're
not written in pg_xlog like normal WAL segments.Yeah, I need to adjust my approach to the recent 'xlog-refactor' change.
The archived file needs to be restored without a name change, and remain
in pg_xlog until the bgwriter will have recycled it.
I guess you could just say that it's working as designed, and WAL files
restored from archive can't be streamed. Presumably the cascaded slave
can find them in the archive too. But it is pretty weird, doesn't feel
right.
This reminds me of something I've been pondering anyway. Currently,
restore_command copies the restored WAL segment as pg_xlog/RECOVERYXLOG
instead of the usual 00000... filename. That avoids overwriting any
pre-existing WAL segments in pg_xlog, which may still contain useful
data. Using the same filename over and over also means that we don't
need to worry about deleting old log files during archive recovery.
The downside in standby mode is that once standby has restored segment X
from archive, and it's restarted, it must find X in the archive again or
it won't be able to start up. The archive better be a directory on the
same host.
Streaming Replication, however, took another approach. It does overwrite
any existing files in pg_xlog, we do need to worry about deleting old
files, and if the master goes down, we can always find files we've
already streamed in pg_xlog, so the standby can recover even if the
master can't be contacted anymore.
That's a bit inconsistent, and causes the problem that a cascading
walsender won't find the files restored from archive.
How about restoring/streaming files to a new directory, say
pg_xlog/restored/, with the real filenames? At least in standby_mode,
probably best to keep the current behavior in PITR. That would feel more
clean, you could easily tell apart files originating from the server
itself and those copied from the master.
But that change would make the xlog.c even more complicated. Should we
postpone the 'cascading walsender' feature into v9.1, and, in v9.0, just
forbid walsender to be started during recovery?
That's certainly the simplest solution...
--
Heikki Linnakangas
EnterpriseDB http://www.enterprisedb.com
On Thu, Jan 28, 2010 at 7:43 PM, Heikki Linnakangas
<heikki.linnakangas@enterprisedb.com> wrote:
How about restoring/streaming files to a new directory, say
pg_xlog/restored/, with the real filenames? At least in standby_mode,
probably best to keep the current behavior in PITR. That would feel more
clean, you could easily tell apart files originating from the server
itself and those copied from the master.
When the WAL file with the same name exists in the archive, pg_xlog
and pg_xlog/restore/ which directory should we recover it from?
I'm not sure that we can always make a right decision about that.
How about just making a restore_command copy the WAL files as the
normal one (e.g., 0000...) instead of a pg_xlog/RECOVERYXLOG?
Though we need to worry about deleting them, we can easily leave
the task to the bgwriter.
Regards,
--
Fujii Masao
NIPPON TELEGRAPH AND TELEPHONE CORPORATION
NTT Open Source Software Center
Fujii Masao <masao.fujii@gmail.com> writes:
How about just making a restore_command copy the WAL files as the
normal one (e.g., 0000...) instead of a pg_xlog/RECOVERYXLOG?
Though we need to worry about deleting them, we can easily leave
the task to the bgwriter.
The reason for doing it that way was to limit disk space usage during
a long restore. I'm not convinced we can leave the task to the bgwriter
--- it shouldn't be deleting anything at that point.regards, tom lane
On Thu, 2010-01-28 at 10:48 -0500, Tom Lane wrote:
Fujii Masao <masao.fujii@gmail.com> writes:
How about just making a restore_command copy the WAL files as the
normal one (e.g., 0000...) instead of a pg_xlog/RECOVERYXLOG?
Though we need to worry about deleting them, we can easily leave
the task to the bgwriter.The reason for doing it that way was to limit disk space usage during a long restore. I'm not convinced we can leave the task to the bgwriter --- it shouldn't be deleting anything at that point.
I think "bgwriter" means RemoveOldXlogFiles(), which would normally
clear down files at checkpoint. If that was added to the end of
RecoveryRestartPoint() to do roughly the same job then it could
potentially work.
However, since not every checkpoint is a restartpoint we might easily
end up with significantly more WAL files on the standby than would
normally be there when it would be a primary. Not sure if that is an
issue in this case, but we can't just assume we can store all files
needed to restart the standby on the standby itself, in all cases. That
might be an argument to add a restartpoint_segments parameter, so we can
trigger restartpoints on WAL volume as well as time. But even that would
not put an absolute limit on the number of WAL files.
I'm keen to allow cascading in 9.0. If you pull both synch rep and
cascading you're not offering much that isn't already there.
--
Simon Riggs www.2ndQuadrant.com
Simon Riggs <simon@2ndQuadrant.com> writes:
I'm keen to allow cascading in 9.0. If you pull both synch rep and
cascading you're not offering much that isn't already there.
FWIW, I don't agree with that prioritization in the least. Cascading
is something we could leave till 9.1, or even later, and hardly anyone
would care. We have much more important problems to be spending our
effort on right now.
regards, tom lane
On Thu, Jan 28, 2010 at 11:41 AM, Tom Lane <tgl@sss.pgh.pa.us> wrote:
Simon Riggs <simon@2ndQuadrant.com> writes:
I'm keen to allow cascading in 9.0. If you pull both synch rep and
cascading you're not offering much that isn't already there.FWIW, I don't agree with that prioritization in the least. Cascading
is something we could leave till 9.1, or even later, and hardly anyone
would care. We have much more important problems to be spending our
effort on right now.
I agree. According to
http://wiki.postgresql.org/wiki/Hot_Standby_TODO , the only must-fix
issues that remain prior to beta are (1) implementing the new VACUUM
FULL for system relations, and (2) some documentation improvements.
It's a little early to be worrying about docs, but shouldn't we be
trying to get the VACUUM FULL problems cleaned up first, and then look
at what else we have time to address?
As regards the remaining items for streaming replication at:
http://wiki.postgresql.org/wiki/Streaming_Replication#v9.0
...ISTM the most important issues are (1) fixing win32 and (2) adding
a message type header, followed by (3) fixing pg_xlogfile_name() and
(4) redefining smart shutdown in standby mode.
If we fix the must-fix issues first, we can still decide to delay the
release to fix the would-like-to-fix issues, or not. The other way
around doesn't work.
...Robert
On Thu, 2010-01-28 at 12:09 -0500, Robert Haas wrote:
I agree. According to
http://wiki.postgresql.org/wiki/Hot_Standby_TODO , the only must-fix
issues that remain prior to beta are (1) implementing the new VACUUM
FULL for system relations, and (2) some documentation improvements.
It's a little early to be worrying about docs, but shouldn't we be
trying to get the VACUUM FULL problems cleaned up first, and then look
at what else we have time to address?
Please don't confuse different issues. The fact that I have work to do
still is irrelevant to what other people should do on other features.
--
Simon Riggs www.2ndQuadrant.com
On Thu, 2010-01-28 at 11:41 -0500, Tom Lane wrote:
Simon Riggs <simon@2ndQuadrant.com> writes:
I'm keen to allow cascading in 9.0. If you pull both synch rep and
cascading you're not offering much that isn't already there.FWIW, I don't agree with that prioritization in the least. Cascading
is something we could leave till 9.1, or even later, and
Not what you said just a few days ago.
hardly anyone would care.
Unfortunately, I think you're very wrong on that specific point.
We have much more important problems to be spending our
effort on right now.
I'm a little worried the feature set of streaming rep isn't any better
than what we have already. If we're going to destabilise the code, we
really should be adding some features as well.
--
Simon Riggs www.2ndQuadrant.com
Simon Riggs <simon@2ndQuadrant.com> writes:
On Thu, 2010-01-28 at 11:41 -0500, Tom Lane wrote:
FWIW, I don't agree with that prioritization in the least. Cascading
is something we could leave till 9.1, or even later, and
Not what you said just a few days ago.
Me? I don't recall having said a word about cascading before.
I'm a little worried the feature set of streaming rep isn't any better
than what we have already.
Nonsense. Getting rid of the WAL-segment-based shipping delays is a
quantum improvement --- it means we actually have something approaching
real-time replication, which was really impractical before. Whether you
can feed slaves indirectly is just a minor administration detail. Yeah,
I know in some situations it could be helpful for performance, but
it's not even in the same ballpark of must-have-ness.
(Anyway, the argument that it's important for performance is pure
speculation AFAIK, untainted by any actual measurements. Given the lack
of optimization of WAL replay, it seems entirely possible that the last
thing you want to burden a slave with is sourcing data to more slaves.)
regards, tom lane
On Thu, 2010-01-28 at 13:05 -0500, Tom Lane wrote:
Simon Riggs <simon@2ndQuadrant.com> writes:
On Thu, 2010-01-28 at 11:41 -0500, Tom Lane wrote:
FWIW, I don't agree with that prioritization in the least. Cascading
is something we could leave till 9.1, or even later, andNot what you said just a few days ago.
Me? I don't recall having said a word about cascading before.
Top of this thread.
I'm a little worried the feature set of streaming rep isn't any better
than what we have already.Nonsense. Getting rid of the WAL-segment-based shipping delays is a
quantum improvement --- it means we actually have something approaching
real-time replication, which was really impractical before. Whether you
can feed slaves indirectly is just a minor administration detail. Yeah,
I know in some situations it could be helpful for performance, but
it's not even in the same ballpark of must-have-ness.
FWIW, streaming has been possible and actively used since 8.2.
(Anyway, the argument that it's important for performance is pure
speculation AFAIK, untainted by any actual measurements. Given the lack
of optimization of WAL replay, it seems entirely possible that the last
thing you want to burden a slave with is sourcing data to more slaves.)
Separate processes, separate CPUs, no problem. If WAL replay used more
CPUs you might be right, but it doesn't yet, so same argument opposite
conclusion.
--
Simon Riggs www.2ndQuadrant.com
Tom Lane wrote:
(Anyway, the argument that it's important for performance is pure
speculation AFAIK, untainted by any actual measurements. Given the lack
of optimization of WAL replay, it seems entirely possible that the last
thing you want to burden a slave with is sourcing data to more slaves.)
On any typical production hardware, the work of WAL replay is going to
leave at least one (and probably more) CPUs idle, and have plenty of
network resources to spare too because it's just shuffling WAL in/out
rather than dealing with so many complicated client conversations. And
the thing you want to redistribute--the WAL file--is practically
guaranteed to be sitting in the OS cache at the point where you'd be
doing it, so no disk use either. You'll disrupt a little bit of
memory/CPU cache, sure, but that's about it as far as leeching resources
from the main replay in order to support the secondary slave. I'll
measure it fully the next time I have one setup to give some hard
numbers, I've never seen it rise to the point where it was worth
worrying about before to bother.
Anyway, I think what Simon was trying to suggest was that it's possible
right now to ship partial WAL files over as they advance, if you monitor
pg_xlogfile_name_offset and are willing to coordinate copying chunks
over. That basic idea is even built already--the Skytools walmgr deals
with partial WALs for example. Having all that built-into the server
with a nicer UI is awesome, but it's been possible to build something
with the same basic feature set since 8.2. Getting that going with a
chain of downstreams slaves is not so easy though, so there's something
that I think would be unique to the 9.0 implementation.
--
Greg Smith 2ndQuadrant Baltimore, MD
PostgreSQL Training, Services and Support
greg@2ndQuadrant.com www.2ndQuadrant.com
Tom Lane wrote:
Fujii Masao <masao.fujii@gmail.com> writes:
How about just making a restore_command copy the WAL files as the
normal one (e.g., 0000...) instead of a pg_xlog/RECOVERYXLOG?
Though we need to worry about deleting them, we can easily leave
the task to the bgwriter.The reason for doing it that way was to limit disk space usage during a long restore. I'm not convinced we can leave the task to the bgwriter --- it shouldn't be deleting anything at that point.
That has been changed already. In standby mode, bgwriter does delete old
WAL files when it performs a restartpoint. Otherwise the streamed WAL
files will keep accumulating and eventually fill the disk.
It works as it is, but having a sandbox dedicated for restored/streamed
files in pg_xlog/restored, instead of messing with pg_xlog directly,
would make me feel a bit easier about it. There's less potential for
damage in case of bugs if they're separate.
--
Heikki Linnakangas
EnterpriseDB http://www.enterprisedb.com
