Fix postmaster to attempt restart after a hot-standby crash.
The postmaster was coded to treat any unexpected exit of the startup process (i.e., the WAL replay process) as a catastrophic crash, and not try to restart it. This was OK so long as the startup process could not have any sibling postmaster children. However, if a hot-standby backend crashes, we SIGQUIT the startup process along with everything else, and the resulting exit is hardly "unexpected". Treating it as such meant we failed to restart a standby server after any child crash at all, not only a crash of the WAL replay process as intended. Adjust that. Back-patch to 9.0 where hot standby was introduced.
This commit is contained in:
parent
0ee23b53be
commit
442231d7f7
|
@ -2311,12 +2311,17 @@ reaper(SIGNAL_ARGS)
|
|||
}
|
||||
|
||||
/*
|
||||
* Any unexpected exit (including FATAL exit) of the startup
|
||||
* process is treated as a crash, except that we don't want to
|
||||
* reinitialize.
|
||||
* After PM_STARTUP, any unexpected exit (including FATAL exit) of
|
||||
* the startup process is catastrophic, so kill other children,
|
||||
* and set RecoveryError so we don't try to reinitialize after
|
||||
* they're gone. Exception: if FatalError is already set, that
|
||||
* implies we previously sent the startup process a SIGQUIT, so
|
||||
* that's probably the reason it died, and we do want to try to
|
||||
* restart in that case.
|
||||
*/
|
||||
if (!EXIT_STATUS_0(exitstatus))
|
||||
{
|
||||
if (!FatalError)
|
||||
RecoveryError = true;
|
||||
HandleChildCrash(pid, exitstatus,
|
||||
_("startup process"));
|
||||
|
|
Loading…
Reference in New Issue