diff options
| author | Alvaro Herrera <alvherre@alvh.no-ip.org> | 2013-06-28 17:20:53 -0400 |
|---|---|---|
| committer | Alvaro Herrera <alvherre@alvh.no-ip.org> | 2013-06-28 17:49:46 -0400 |
| commit | 82233ce7ea42d6ba519aaec63008aff49da6c7af (patch) | |
| tree | ccc35e8eec335f908d75b3b181a339548ea64bb2 /doc/src | |
| parent | 457d6cf049c57cabe9b46ea13f26138040a214ec (diff) | |
| download | postgresql-82233ce7ea42d6ba519aaec63008aff49da6c7af.tar.gz postgresql-82233ce7ea42d6ba519aaec63008aff49da6c7af.zip | |
Send SIGKILL to children if they don't die quickly in immediate shutdown
On immediate shutdown, or during a restart-after-crash sequence,
postmaster used to send SIGQUIT (and then abandon ship if shutdown); but
this is not a good strategy if backends don't die because of that
signal. (This might happen, for example, if a backend gets tangled
trying to malloc() due to gettext(), as in an example illustrated by
MauMau.) This causes problems when later trying to restart the server,
because some processes are still attached to the shared memory segment.
Instead of just abandoning such backends to their fates, we now have
postmaster hang around for a little while longer, send a SIGKILL after
some reasonable waiting period, and then exit. This makes immediate
shutdown more reliable.
There is disagreement on whether it's best for postmaster to exit after
sending SIGKILL, or to stick around until all children have reported
death. If this controversy is resolved differently than what this patch
implements, it's an easy change to make.
Bug reported by MauMau in message 20DAEA8949EC4E2289C6E8E58560DEC0@maumau
MauMau and Álvaro Herrera
Diffstat (limited to 'doc/src')
| -rw-r--r-- | doc/src/sgml/runtime.sgml | 10 |
1 files changed, 5 insertions, 5 deletions
diff --git a/doc/src/sgml/runtime.sgml b/doc/src/sgml/runtime.sgml index 7dada6b67f9..47059d303cf 100644 --- a/doc/src/sgml/runtime.sgml +++ b/doc/src/sgml/runtime.sgml @@ -1362,11 +1362,11 @@ echo -1000 > /proc/self/oom_score_adj <listitem> <para> This is the <firstterm>Immediate Shutdown</firstterm> mode. - The master <command>postgres</command> process will send a - <systemitem>SIGQUIT</systemitem> to all child processes and exit - immediately, without properly shutting itself down. The child processes - likewise exit immediately upon receiving - <systemitem>SIGQUIT</systemitem>. This will lead to recovery (by + The server will send <systemitem>SIGQUIT</systemitem> to all child + processes and wait for them to terminate. Those that don't terminate + within 5 seconds, will be sent <systemitem>SIGKILL</systemitem> by the + master <command>postgres</command> process, which will then terminate + without further waiting. This will lead to recovery (by replaying the WAL log) upon next start-up. This is recommended only in emergencies. </para> |