Postgres-XL / Tickets / #32 PAUSE CLUSTER and pgxc

#32 PAUSE CLUSTER and pgxc_clean

Milestone: Undecided

Status: open

Owner: mason_s

Labels: None

Priority (1-5): 3

Est. Days: None

Assigned To: nobody

Updated: 2014-10-07

Created: 2014-10-07

Creator: mason_s

Private: No

Add a parameter to PAUSE CLUSTER for how long to wait to acquire the lock, then timeout and fail if not acquired
We want the ability to pause the cluster and run pgxc_ctl. We should add an option to allow pgxc_ctl to pause the cluster before cleaning up. The problem is if we just pause on one connection, we cannot issue pgxc_clean on a new connection, since the cluster is already paused. We may need to either

1) Allow database superusers to connect anyway, even if the database is paused. A danger there is if the DBA gave users superuser privileges, or this user is used in application connection strings.

2) Have some type of security token used in the connection, such that if paused, if this token is passed when connecting, we allow the connection to take actions, (so we can clean up 2PC with pgxc_clean).

Actually, a more practical short term idea is for pgxc_clean to first collect a list of open transactions, sleep a set period of time (10 seconds), then pause the cluster, then begin to examine 2PC transactions, but only try to clean up the original list. If new 2PC transactions are in flight, they are not of the long running type that would necessarily need clean up.

Discussion

Description has changed:

Diff:

--- old
+++ new
@@ -1,8 +1,10 @@
-
 - Add a parameter to PAUSE CLUSTER for how long to wait to acquire the lock, then timeout and fail if not acquired

 - We want the ability to pause the cluster and run pgxc_ctl. We should add an option to allow pgxc_ctl to pause the cluster before cleaning up. The problem is if we just pause on one connection, we cannot issue pgxc_clean on a new connection, since the cluster is already paused. We may need to either

-  - Allow database superusers to connect anyway, even if the database is paused. A danger there is if the DBA gave users superuser privileges, or this user is used in application connection strings.
+  1) Allow database superusers to connect anyway, even if the database is paused. A danger there is if the DBA gave users superuser privileges, or this user is used in application connection strings.

-  - Have some type of security token used in the connection, such that if paused, if this token is passed when connecting, we allow the connection to take actions, (so we can clean up 2PC with pgxc_clean).
+  2) Have some type of security token used in the connection, such that if paused, if this token is passed when connecting, we allow the connection to take actions, (so we can clean up 2PC with pgxc_clean).
+
+Actually, a more practical short term idea is for pgxc_clean to first collect a list of open transactions, sleep a set period of time (10 seconds), then pause the cluster, then begin to examine 2PC transactions, but only try to clean up the original list. If new 2PC transactions are in flight, they are not of the long running type that would necessarily need clean up.  
+

PAUSE CLUSTER and pgxc_clean

Milestone

Searches

Help

#32 PAUSE CLUSTER and pgxc_clean

Discussion