I privately pointed Martin Pitt (Debian maintainer) to this
discussion, his response below.
Martin, I believe what happened is:
the original complainer did /etc/init.d/postgresql restart
this called pg_ctlcluster --force restart
this effectively did: pg_ctlcluster --force stop (which removed the
pidfile); pg_ctlcluster start;
boom.
On Wed, Jul 25, 2012 at 6:38 AM, Martin Pitt <mpitt@debian.org> wrote:
> Thanks for pointing this out!
> This mode (--force) is not on by default for command line operation,
> i. e. if you use pg_ctlcluster stop manually it will use the default
> "smart" mode and nothing else. --force is just used in the init
> script's "stop" mode, i. e. when the machine is shutting down. I tried
> to come up with something that guarantees that psql is down after that
> (we are restarting the machine -- it WILL be killed, the question is
> just how to make that as graceful as possible).
> I am happy about any improvements there. I saw Tom's mail about
> removing the .pid file; as the "start" mode checks for a stale pid
> file and cleans it up if the pid does not exist any more, or bails out
> if it still does, it is redundant. With the pointed out race condition
> I do agree that this is a dangerous thing to do, so I removed it in
> the development branch:
> http://anonscm.debian.org/loggerhead/pkg-postgresql/postgresql-common/trunk/revision/1181
> I'll see to getting that into Debian Wheezy as well (which is
> currently frozen).
> Please feel free to forward this to the thread, as I don't have the
> original mail to reply to.