> then on restore once all the files are restored move the
> pg_control.backup to its original name. That gives us the checkpoint
> wal/offset but how do we get the start/stop information. Is that not
> required?
The checkpoint wal/offset is in pg_control, that is sufficient start
information. The stop info is only necessary as a safeguard.
> Do we need a checkpoint after the archiving
> starts but before the backup begins?
No.
> Also, when you are in recovery mode, how do you get out of recovery
> mode, meaning if you have a power failure, how do you prevent the system
> from doing another recovery? Do you remove the recovery.conf file?
pg_control could be updated during rollforward (only if that actually
does a checkpoint). So if pg_control is also the recovery start info, then
we can continue from there if we have a power failure.
For the first release it would imho also be ok to simply start over if
you loose power.
I think the filename 'recovery.conf' is misleading, since it is not a
static configuration file, but a command file for one recovery.
How about 'recovery.command' then 'recovery.inprogress', and on recovery
completion it should be renamed to 'recovery.done'
Andreas