From 402b586d0a9caae9412d25fcf1b91dae45375833 Mon Sep 17 00:00:00 2001 From: Robert Haas Date: Thu, 18 Jul 2024 12:09:48 -0400 Subject: Do not summarize WAL if generated with wal_level=minimal. To do this, we must include the wal_level in the first WAL record covered by each summary file; so add wal_level to struct Checkpoint and the payload of XLOG_CHECKPOINT_REDO and XLOG_END_OF_RECOVERY. This, in turn, requires bumping XLOG_PAGE_MAGIC and, since the Checkpoint is also stored in the control file, also PG_CONTROL_VERSION. It's not great to do that so late in the release cycle, but the alternative seems to ship v17 without robust protections against this scenario, which could result in corrupted incremental backups. A side effect of this patch is that, when a server with wal_level=replica is started with summarize_wal=on for the first time, summarization will no longer begin with the oldest WAL that still exists in pg_wal, but rather from the first checkpoint after that. This change should be harmless, because a WAL summary for a partial checkpoint cycle can never make an incremental backup possible when it would otherwise not have been. Report by Fujii Masao. Patch by me. Review and/or testing by Jakub Wartak and Fujii Masao. Discussion: http://postgr.es/m/6e30082e-041b-4e31-9633-95a66de76f5d@oss.nttdata.com --- doc/src/sgml/config.sgml | 16 +++++++++++----- doc/src/sgml/func.sgml | 11 +++++++++++ 2 files changed, 22 insertions(+), 5 deletions(-) (limited to 'doc/src') diff --git a/doc/src/sgml/config.sgml b/doc/src/sgml/config.sgml index b14c5d81a15..3dec0b7cfeb 100644 --- a/doc/src/sgml/config.sgml +++ b/doc/src/sgml/config.sgml @@ -4318,11 +4318,17 @@ restore_command = 'copy "C:\\server\\archivedir\\%f" "%p"' # Windows Enables the WAL summarizer process. Note that WAL summarization can - be enabled either on a primary or on a standby. WAL summarization - cannot be enabled when wal_level is set to - minimal. This parameter can only be set in the - postgresql.conf file or on the server command line. - The default is off. + be enabled either on a primary or on a standby. This parameter can only + be set in the postgresql.conf file or on the server + command line. The default is off. + + + The server cannot be started with summarize_wal=on + if wal_level is set to minimal. If + summarize_wal=on is configured after server startup + while wal_level=minimal, the summarizer will run + but refuse to generate summary files for any WAL generated with + wal_level=minimal. diff --git a/doc/src/sgml/func.sgml b/doc/src/sgml/func.sgml index 3f93c61aa3c..fd5699f4d85 100644 --- a/doc/src/sgml/func.sgml +++ b/doc/src/sgml/func.sgml @@ -28001,6 +28001,17 @@ acl | {postgres=arwdDxtm/postgres,foo=r/postgres} not running, it will be equal to summarized_lsn. summarizer_pid is the PID of the WAL summarizer process, if it is running, and otherwise NULL. + + + As a special exception, the WAL summarizer will refuse to generate + WAL summary files if run on WAL generated under + wal_level=minimal, since such summaries would be + unsafe to use as the basis for an incremental backup. In this case, + the fields above will continue to advance as if summaries were being + generated, but nothing will be written to disk. Once the summarizer + reaches WAL generated while wal_level was set + to replica or higher, it will resume writing + summaries to disk. -- cgit v1.2.3