1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
|
/*-------------------------------------------------------------------------
*
* startup.c
*
* The Startup process initialises the server and performs any recovery
* actions that have been specified. Notice that there is no "main loop"
* since the Startup process ends as soon as initialisation is complete.
* (in standby mode, one can think of the replay loop as a main loop,
* though.)
*
*
* Portions Copyright (c) 1996-2023, PostgreSQL Global Development Group
*
*
* IDENTIFICATION
* src/backend/postmaster/startup.c
*
*-------------------------------------------------------------------------
*/
#include "postgres.h"
#include <unistd.h>
#include "access/xlog.h"
#include "access/xlogrecovery.h"
#include "access/xlogutils.h"
#include "libpq/pqsignal.h"
#include "miscadmin.h"
#include "pgstat.h"
#include "postmaster/interrupt.h"
#include "postmaster/startup.h"
#include "storage/ipc.h"
#include "storage/latch.h"
#include "storage/pmsignal.h"
#include "storage/procsignal.h"
#include "storage/standby.h"
#include "utils/guc.h"
#include "utils/memutils.h"
#include "utils/timeout.h"
#ifndef USE_POSTMASTER_DEATH_SIGNAL
/*
* On systems that need to make a system call to find out if the postmaster has
* gone away, we'll do so only every Nth call to HandleStartupProcInterrupts().
* This only affects how long it takes us to detect the condition while we're
* busy replaying WAL. Latch waits and similar which should react immediately
* through the usual techniques.
*/
#define POSTMASTER_POLL_RATE_LIMIT 1024
#endif
/*
* Flags set by interrupt handlers for later service in the redo loop.
*/
static volatile sig_atomic_t got_SIGHUP = false;
static volatile sig_atomic_t shutdown_requested = false;
static volatile sig_atomic_t promote_signaled = false;
/*
* Flag set when executing a restore command, to tell SIGTERM signal handler
* that it's safe to just proc_exit.
*/
static volatile sig_atomic_t in_restore_command = false;
/*
* Time at which the most recent startup operation started.
*/
static TimestampTz startup_progress_phase_start_time;
/*
* Indicates whether the startup progress interval mentioned by the user is
* elapsed or not. TRUE if timeout occurred, FALSE otherwise.
*/
static volatile sig_atomic_t startup_progress_timer_expired = false;
/*
* Time between progress updates for long-running startup operations.
*/
int log_startup_progress_interval = 10000; /* 10 sec */
/* Signal handlers */
static void StartupProcTriggerHandler(SIGNAL_ARGS);
static void StartupProcSigHupHandler(SIGNAL_ARGS);
/* Callbacks */
static void StartupProcExit(int code, Datum arg);
/* --------------------------------
* signal handler routines
* --------------------------------
*/
/* SIGUSR2: set flag to finish recovery */
static void
StartupProcTriggerHandler(SIGNAL_ARGS)
{
int save_errno = errno;
promote_signaled = true;
WakeupRecovery();
errno = save_errno;
}
/* SIGHUP: set flag to re-read config file at next convenient time */
static void
StartupProcSigHupHandler(SIGNAL_ARGS)
{
int save_errno = errno;
got_SIGHUP = true;
WakeupRecovery();
errno = save_errno;
}
/* SIGTERM: set flag to abort redo and exit */
static void
StartupProcShutdownHandler(SIGNAL_ARGS)
{
int save_errno = errno;
if (in_restore_command)
{
/*
* If we are in a child process (e.g., forked by system() in
* RestoreArchivedFile()), we don't want to call any exit callbacks.
* The parent will take care of that.
*/
if (MyProcPid == (int) getpid())
proc_exit(1);
else
{
write_stderr_signal_safe("StartupProcShutdownHandler() called in child process\n");
_exit(1);
}
}
else
shutdown_requested = true;
WakeupRecovery();
errno = save_errno;
}
/*
* Re-read the config file.
*
* If one of the critical walreceiver options has changed, flag xlog.c
* to restart it.
*/
static void
StartupRereadConfig(void)
{
char *conninfo = pstrdup(PrimaryConnInfo);
char *slotname = pstrdup(PrimarySlotName);
bool tempSlot = wal_receiver_create_temp_slot;
bool conninfoChanged;
bool slotnameChanged;
bool tempSlotChanged = false;
ProcessConfigFile(PGC_SIGHUP);
conninfoChanged = strcmp(conninfo, PrimaryConnInfo) != 0;
slotnameChanged = strcmp(slotname, PrimarySlotName) != 0;
/*
* wal_receiver_create_temp_slot is used only when we have no slot
* configured. We do not need to track this change if it has no effect.
*/
if (!slotnameChanged && strcmp(PrimarySlotName, "") == 0)
tempSlotChanged = tempSlot != wal_receiver_create_temp_slot;
pfree(conninfo);
pfree(slotname);
if (conninfoChanged || slotnameChanged || tempSlotChanged)
StartupRequestWalReceiverRestart();
}
/* Handle various signals that might be sent to the startup process */
void
HandleStartupProcInterrupts(void)
{
#ifdef POSTMASTER_POLL_RATE_LIMIT
static uint32 postmaster_poll_count = 0;
#endif
/*
* Process any requests or signals received recently.
*/
if (got_SIGHUP)
{
got_SIGHUP = false;
StartupRereadConfig();
}
/*
* Check if we were requested to exit without finishing recovery.
*/
if (shutdown_requested)
proc_exit(1);
/*
* Emergency bailout if postmaster has died. This is to avoid the
* necessity for manual cleanup of all postmaster children. Do this less
* frequently on systems for which we don't have signals to make that
* cheap.
*/
if (IsUnderPostmaster &&
#ifdef POSTMASTER_POLL_RATE_LIMIT
postmaster_poll_count++ % POSTMASTER_POLL_RATE_LIMIT == 0 &&
#endif
!PostmasterIsAlive())
exit(1);
/* Process barrier events */
if (ProcSignalBarrierPending)
ProcessProcSignalBarrier();
/* Perform logging of memory contexts of this process */
if (LogMemoryContextPending)
ProcessLogMemoryContextInterrupt();
}
/* --------------------------------
* signal handler routines
* --------------------------------
*/
static void
StartupProcExit(int code, Datum arg)
{
/* Shutdown the recovery environment */
if (standbyState != STANDBY_DISABLED)
ShutdownRecoveryTransactionEnvironment();
}
/* ----------------------------------
* Startup Process main entry point
* ----------------------------------
*/
void
StartupProcessMain(void)
{
/* Arrange to clean up at startup process exit */
on_shmem_exit(StartupProcExit, 0);
/*
* Properly accept or ignore signals the postmaster might send us.
*/
pqsignal(SIGHUP, StartupProcSigHupHandler); /* reload config file */
pqsignal(SIGINT, SIG_IGN); /* ignore query cancel */
pqsignal(SIGTERM, StartupProcShutdownHandler); /* request shutdown */
/* SIGQUIT handler was already set up by InitPostmasterChild */
InitializeTimeouts(); /* establishes SIGALRM handler */
pqsignal(SIGPIPE, SIG_IGN);
pqsignal(SIGUSR1, procsignal_sigusr1_handler);
pqsignal(SIGUSR2, StartupProcTriggerHandler);
/*
* Reset some signals that are accepted by postmaster but not here
*/
pqsignal(SIGCHLD, SIG_DFL);
/*
* Register timeouts needed for standby mode
*/
RegisterTimeout(STANDBY_DEADLOCK_TIMEOUT, StandbyDeadLockHandler);
RegisterTimeout(STANDBY_TIMEOUT, StandbyTimeoutHandler);
RegisterTimeout(STANDBY_LOCK_TIMEOUT, StandbyLockTimeoutHandler);
/*
* Unblock signals (they were blocked when the postmaster forked us)
*/
sigprocmask(SIG_SETMASK, &UnBlockSig, NULL);
/*
* Do what we came for.
*/
StartupXLOG();
/*
* Exit normally. Exit code 0 tells postmaster that we completed recovery
* successfully.
*/
proc_exit(0);
}
void
PreRestoreCommand(void)
{
/*
* Set in_restore_command to tell the signal handler that we should exit
* right away on SIGTERM. We know that we're at a safe point to do that.
* Check if we had already received the signal, so that we don't miss a
* shutdown request received just before this.
*/
in_restore_command = true;
if (shutdown_requested)
proc_exit(1);
}
void
PostRestoreCommand(void)
{
in_restore_command = false;
}
bool
IsPromoteSignaled(void)
{
return promote_signaled;
}
void
ResetPromoteSignaled(void)
{
promote_signaled = false;
}
/*
* Set a flag indicating that it's time to log a progress report.
*/
void
startup_progress_timeout_handler(void)
{
startup_progress_timer_expired = true;
}
void
disable_startup_progress_timeout(void)
{
/* Feature is disabled. */
if (log_startup_progress_interval == 0)
return;
disable_timeout(STARTUP_PROGRESS_TIMEOUT, false);
startup_progress_timer_expired = false;
}
/*
* Set the start timestamp of the current operation and enable the timeout.
*/
void
enable_startup_progress_timeout(void)
{
TimestampTz fin_time;
/* Feature is disabled. */
if (log_startup_progress_interval == 0)
return;
startup_progress_phase_start_time = GetCurrentTimestamp();
fin_time = TimestampTzPlusMilliseconds(startup_progress_phase_start_time,
log_startup_progress_interval);
enable_timeout_every(STARTUP_PROGRESS_TIMEOUT, fin_time,
log_startup_progress_interval);
}
/*
* A thin wrapper to first disable and then enable the startup progress
* timeout.
*/
void
begin_startup_progress_phase(void)
{
/* Feature is disabled. */
if (log_startup_progress_interval == 0)
return;
disable_startup_progress_timeout();
enable_startup_progress_timeout();
}
/*
* Report whether startup progress timeout has occurred. Reset the timer flag
* if it did, set the elapsed time to the out parameters and return true,
* otherwise return false.
*/
bool
has_startup_progress_timeout_expired(long *secs, int *usecs)
{
long seconds;
int useconds;
TimestampTz now;
/* No timeout has occurred. */
if (!startup_progress_timer_expired)
return false;
/* Calculate the elapsed time. */
now = GetCurrentTimestamp();
TimestampDifference(startup_progress_phase_start_time, now, &seconds, &useconds);
*secs = seconds;
*usecs = useconds;
startup_progress_timer_expired = false;
return true;
}
|