On 2/24/19 11:36 PM, Stephen Frost wrote:
> Greetings,
>
> * Laurenz Albe (laurenz.albe@cybertec.at) wrote:
>> Stephen Frost wrote:
>>> Yes, it *is* impossible to do safe backups with the existing API. There
>>> is an unquestionable race condition where a system restart will cause
>>> your system to not come back up without you going in and removing the
>>> backup_label file- and the only way you make that race window small is
>>> to remove the backup_label file right after you run pg_start_backup and
>>> copy it, and then PUT IT BACK at the end before you call pg_stop_backup,
>>> which is insane, but otherwise the 'race window' is the ENTIRE length of
>>> the backup.
>>
>> I just have an idea:
>>
>> What about an option to keep WAL around for the duration of an exclusive backup?
>>
>> That way PostgreSQL can still restart after a crash. It will take longer than
>> expected, but it will work. But then, perhaps the long recovery time is only
>> marginally better than having to manually delete the backup_label file...
>
> I'm afraid that we'd end up with many, many complaints about people
> running out of disk space on WAL when they are trying to take a backup..
This would also require replaying all that WAL during crash recovery
which could mean a much longer startup time.
--
-David
david@pgmasters.net