Re: Upgrading rant.
Greg Copeland <greg@copelandconsulting.net>
From: Greg Copeland <greg@CopelandConsulting.Net>
To: Tom Lane <tgl@sss.pgh.pa.us>
Cc: Oliver Elphick <olly@lfix.co.uk>, Bruce Momjian <pgman@candle.pha.pa.us>, Hannu Krosing <hannu@tm.ee>, mlw <pgsql@mohawksoft.com>, Lamar Owen <lamar.owen@wgcr.org>, PostgresSQL Hackers Mailing List <pgsql-hackers@postgresql.org>
Date: 2003-01-04T18:23:46Z
Lists: pgsql-hackers
On Sat, 2003-01-04 at 09:53, Tom Lane wrote: > Oliver Elphick <olly@lfix.co.uk> writes: > > On Sat, 2003-01-04 at 02:17, Tom Lane wrote: > >> There isn't any simple way to lock *everyone* out of the DB and still > >> allow pg_upgrade to connect via the postmaster, and even if there were, > >> the DBA could too easily forget to do it. > > > I tackled this issue in the Debian upgrade scripts. > > > I close the running postmaster and open a new postmaster using a > > different port, so that normal connection attempts will fail because > > there is no postmaster running on the normal port. > > That's a good kluge, but still a kluge: it doesn't completely guarantee > that no one else connects while pg_upgrade is trying to do its thing. > > I am also concerned about the consequences of automatic background > activities. Even the periodic auto-CHECKPOINT done by current code > is not obviously safe to run behind pg_upgrade's back (it does make > WAL entries). And the auto-VACUUM that we are currently thinking of > is even less obviously safe. I think that someday, running pg_upgrade > standalone will become *necessary*, not just a good safety feature. > > regards, tom lane I thought there was talk of adding a "single user"/admin only mode. That is, where only the administrator can connect to the database. -- Greg Copeland <greg@copelandconsulting.net> Copeland Computer Consulting