[pgpool-general: 4151] Re: pgpool_status write errors ignored??

[Chris Pacejo]

Yes, suicide is by far the preferable option.  Else failover of pgpool
itself to another host with shared disks will lead to database
corruption.

Preserving pgpool's backend status is of utmost importance.  Which
backend(s) are up-to-date is the only important thing pgpool has to
remember.  Any time this information is lost the database is subject
to corruption.



On Fri, Oct 23, 2015 at 9:43 PM, Tatsuo Ishii <ishii at postgresql.org> wrote:
>> It seems from the source code that write errors to pgpool_status (i.e.
>> the return codes from write_status_file()) are simply explicitly
>> ignored.  This is very dangerous as it can silently lose HA state.
>> Pgpool should exit if it cannot write the status file.  Is there a
>> reason this is not done?
>
> If we fail in fsync(), there will be nothing we can do to recover from
> it because it suggests that there's a permanent failure with the disk
> drive. Thus pgpool-II just logs the fact and proceeds the
> operation. Other option would be letting pgpool-II suicide. Do we want
> this?
>
> Best regards,
> --
> Tatsuo Ishii
> SRA OSS, Inc. Japan
> English: http://www.sraoss.co.jp/index_en.php
> Japanese:http://www.sraoss.co.jp