On Thu, Aug 16, 2018 at 05:09:43AM -0700, Andres Freund wrote:
> How would this address OP's concern? You'd still not learn meaningfully
> earlier that your attempted promotion failed (instead of learning of the
> problem before you ever promote).
The problem that the previous commit fixes is to make sure that even if
recovery.conf renaming fails, then the cluster does not get into a weird
state, making it reusable later on, and the OP would not see the later
problems reported after the failed promotion. I am not sure that using
a warning at an early stage would be actually useful as I doubt that any
user would remark it, but there could be indeed an argument to make sure
that recovery.conf has a correct permission set, and fail hard before
entering recovery if that's not the case. I am not sure how much we
want to restrict things though, lately has been for example introduced
read grouping access in data folders...
--
Michael