From 20961ceaf0426c6fba40bb422cf111f704a00058 Mon Sep 17 00:00:00 2001 From: Fujii Masao Date: Fri, 11 Oct 2019 15:47:59 +0900 Subject: [PATCH] Make crash recovery ignore restore_command and recovery_end_command settings. In v11 or before, those settings could not take effect in crash recovery because they are specified in recovery.conf and crash recovery always starts without recovery.conf. But commit 2dedf4d9a8 integrated recovery.conf into postgresql.conf and which unexpectedly allowed those settings to take effect even in crash recovery. This is definitely not good behavior. To fix the issue, this commit makes crash recovery always ignore restore_command and recovery_end_command settings. Back-patch to v12 where the issue was added. Author: Fujii Masao Reviewed-by: Peter Eisentraut Discussion: https://postgr.es/m/e445616d-023e-a268-8aa1-67b8b335340c@pgmasters.net --- src/backend/access/transam/xlog.c | 6 +++--- src/backend/access/transam/xlogarchive.c | 7 +++++++ 2 files changed, 10 insertions(+), 3 deletions(-) diff --git a/src/backend/access/transam/xlog.c b/src/backend/access/transam/xlog.c index 790e2c8714..0ff9af53fe 100644 --- a/src/backend/access/transam/xlog.c +++ b/src/backend/access/transam/xlog.c @@ -7610,7 +7610,10 @@ StartupXLOG(void) } else CreateCheckPoint(CHECKPOINT_END_OF_RECOVERY | CHECKPOINT_IMMEDIATE); + } + if (ArchiveRecoveryRequested) + { /* * And finally, execute the recovery_end_command, if any. */ @@ -7618,10 +7621,7 @@ StartupXLOG(void) ExecuteRecoveryCommand(recoveryEndCommand, "recovery_end_command", true); - } - if (ArchiveRecoveryRequested) - { /* * We switched to a new timeline. Clean up segments on the old * timeline. diff --git a/src/backend/access/transam/xlogarchive.c b/src/backend/access/transam/xlogarchive.c index 9a21f006d1..e14bcf8ea6 100644 --- a/src/backend/access/transam/xlogarchive.c +++ b/src/backend/access/transam/xlogarchive.c @@ -64,6 +64,13 @@ RestoreArchivedFile(char *path, const char *xlogfname, XLogRecPtr restartRedoPtr; TimeLineID restartTli; + /* + * Ignore restore_command when not in archive recovery (meaning + * we are in crash recovery). + */ + if (!ArchiveRecoveryRequested) + goto not_available; + /* In standby mode, restore_command might not be supplied */ if (recoveryRestoreCommand == NULL || strcmp(recoveryRestoreCommand, "") == 0) goto not_available;