On Thu, Aug 28, 2008 at 8:11 PM, Scott Marlowe
<scott.marlowe@gmail.com> wrote:
> wait a min here, postgres is supposed to be able to survive a complete box
> failure without corrupting the database, if killing a process can corrupt
> the database it sounds like a major problem.
Yes it is a major problem, but not with postgresql. It's a major
problem with the linux OOM killer killing processes that should not be
killed.
Would it be postgresql's fault if it corrupted data because my machine
had bad memory? Or a bad hard drive? This is the same kind of
failure. The postmaster should never be killed. It's the one thing
holding it all together.
I fail to see the difference between the OOM killing it and the power going out. And yes, if the power went out and PG came up with a corrupted DB (assuming I didn't turn off fsync, etc) I *would* blame PG. I understand that killing the postmaster could stop all useful PG work, that it could cause it to stop responding to clients, that it could even "crash" PG, et ceterabut if a particular process dying causes corrupted DBs, that sounds borked to me.