Fix postmaster to attempt restart after a hot-standby crash.
The postmaster was coded to treat any unexpected exit of the startup process (i.e., the WAL replay process) as a catastrophic crash, and not try to restart it. This was OK so long as the startup process could not have any sibling postmaster children. However, if a hot-standby backend crashes, we SIGQUIT the startup process along with everything else, and the resulting exit is hardly "unexpected". Treating it as such meant we failed to restart a standby server after any child crash at all, not only a crash of the WAL replay process as intended. Adjust that. Back-patch to 9.0 where hot standby was introduced.
This commit is contained in:
parent
0ee23b53be
commit
442231d7f7
|
@ -2311,13 +2311,18 @@ reaper(SIGNAL_ARGS)
|
||||||
}
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Any unexpected exit (including FATAL exit) of the startup
|
* After PM_STARTUP, any unexpected exit (including FATAL exit) of
|
||||||
* process is treated as a crash, except that we don't want to
|
* the startup process is catastrophic, so kill other children,
|
||||||
* reinitialize.
|
* and set RecoveryError so we don't try to reinitialize after
|
||||||
|
* they're gone. Exception: if FatalError is already set, that
|
||||||
|
* implies we previously sent the startup process a SIGQUIT, so
|
||||||
|
* that's probably the reason it died, and we do want to try to
|
||||||
|
* restart in that case.
|
||||||
*/
|
*/
|
||||||
if (!EXIT_STATUS_0(exitstatus))
|
if (!EXIT_STATUS_0(exitstatus))
|
||||||
{
|
{
|
||||||
RecoveryError = true;
|
if (!FatalError)
|
||||||
|
RecoveryError = true;
|
||||||
HandleChildCrash(pid, exitstatus,
|
HandleChildCrash(pid, exitstatus,
|
||||||
_("startup process"));
|
_("startup process"));
|
||||||
continue;
|
continue;
|
||||||
|
|
Loading…
Reference in New Issue