> Attached is the updated version of the patch. I refactored the code, fixed
> some bugs, added lots of source code comments, improved the document,
> but didn't change the basic design. Please check this patch, and let's use
> this patch as the base if you agree with that.
Thanks for update patch.
Yes. I agree.
> In the current patch, there is no safeguard for preventing users from
> taking backup during recovery when FPW is disabled. This is unsafe.
> Are you planning to implement such a safeguard?
Yes.
I want to reference the following Fujii's comments.
-------------------------------------------------------------------------
> Right. Let me explain again what I'm thinking.
>
> When FPW is changed, the master always writes the WAL record
> which contains the current value of FPW. This means that the standby
> can track all changes of FPW by reading WAL records.
>
> The standby has two flags: One indicates whether FPW has always
> been TRUE since last restartpoint. Another indicates whether FPW
> has always been TRUE since last pg_start_backup(). The standby
> can maintain those flags by reading WAL records streamed from
> the master.
>
> If the former flag indicates FALSE (i.e., the WAL records which
> the standby has replayed since last restartpoint might not contain
> required FPW), pg_start_backup() fails. If the latter flag indicates
> FALSE (i.e., the WAL records which the standby has replayed
> during the backup might not contain required FPW),
> pg_stop_backup() fails.
>
> If I'm not missing something, this approach can address the problem
> which you're concerned about.
-------------------------------------------------------------------------
Regards.
--------------------------------------------
Jun Ishizuka
NTT Software Corporation
TEL:045-317-7018
E-Mail: ishizuka.jun@po.ntts.co.jp
--------------------------------------------