Tom Lane wrote:
> Bruce Momjian <pgman@candle.pha.pa.us> writes:
> >> Think harder: we are only safe if the first write to a given page after
> >> it's mis-copied by the archiver is a full page write. The requirement
> >> therefore continues after pg_stop_backup. Unless you want to add
> >> infrastructure to keep track for *every page* in the DB of whether it's
> >> been fully written since the last backup?
>
> > I am confused. Since we checkpoint during pg_start_backup(), isn't any
> > write to a file while the tar backup is going on going to be a full page
> > write? And once we pg_stop_backup(), do we need full page writes?
>
> Hm. The case I was concerned about was where a page is never written
> to while the backup occurs (thus not triggering any full-page WAL
> entry), and then the first post-backup write is partial. However, if
> the backup is guaranteed to have captured a non-torn copy of such a page
> then there shouldn't be any problem. So if we consider the initial
> checkpoint to be a *required part* of pg_start_backup (right now it is
> not) then maybe we can get away with this. It needs more eyeballs on it
> though ... after having been burnt once by full_page_writes, I'm pretty
> shy ...
Right. The comment in pg_start_backup() has to be updated:
/* * Force a CHECKPOINT. This is not strictly necessary, but it seems like * a good idea to minimize the
amountof past WAL needed to use the * backup. Also, this guarantees that two successive backup runs will * have
differentcheckpoint positions and hence different history file * names, even if nothing happened in between. */
RequestCheckpoint(true,false);
This is a much simpler fix than people talking about writing their own
backup programs.
-- Bruce Momjian http://candle.pha.pa.us EnterpriseDB http://www.enterprisedb.com
+ If your life is a hard drive, Christ can be your backup. +