Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
Skip to content

Commit ac76ec2

Browse files
committed
pg_upgrade: shut down server after auth failure
Register atexit() server shutdown if pg_ctl successfully started the server, but we can't connect to it. Backpatch to 9.3. Pavel Raiskup
1 parent 05cbce6 commit ac76ec2

File tree

1 file changed

+29
-5
lines changed

1 file changed

+29
-5
lines changed

contrib/pg_upgrade/server.c

+29-5
Original file line numberDiff line numberDiff line change
@@ -166,7 +166,6 @@ static void
166166
stop_postmaster_atexit(void)
167167
{
168168
stop_postmaster(true);
169-
170169
}
171170

172171

@@ -236,10 +235,34 @@ start_postmaster(ClusterInfo *cluster, bool throw_error)
236235
false,
237236
"%s", cmd);
238237

238+
/* Did it fail and we are just testing if the server could be started? */
239239
if (!pg_ctl_return && !throw_error)
240240
return false;
241241

242-
/* Check to see if we can connect to the server; if not, report it. */
242+
/*
243+
* We set this here to make sure atexit() shuts down the server,
244+
* but only if we started the server successfully. We do it
245+
* before checking for connectivity in case the server started but
246+
* there is a connectivity failure. If pg_ctl did not return success,
247+
* we will exit below.
248+
*
249+
* Pre-9.1 servers do not have PQping(), so we could be leaving the server
250+
* running if authentication was misconfigured, so someday we might went to
251+
* be more aggressive about doing server shutdowns even if pg_ctl fails,
252+
* but now (2013-08-14) it seems prudent to be cautious. We don't want to
253+
* shutdown a server that might have been accidentally started during the
254+
* upgrade.
255+
*/
256+
if (pg_ctl_return)
257+
os_info.running_cluster = cluster;
258+
259+
/*
260+
* pg_ctl -w might have failed because the server couldn't be started,
261+
* or there might have been a connection problem in _checking_ if the
262+
* server has started. Therefore, even if pg_ctl failed, we continue
263+
* and test for connectivity in case we get a connection reason for the
264+
* failure.
265+
*/
243266
if ((conn = get_db_conn(cluster, "template1")) == NULL ||
244267
PQstatus(conn) != CONNECTION_OK)
245268
{
@@ -253,13 +276,14 @@ start_postmaster(ClusterInfo *cluster, bool throw_error)
253276
}
254277
PQfinish(conn);
255278

256-
/* If the connection didn't fail, fail now */
279+
/*
280+
* If pg_ctl failed, and the connection didn't fail, and throw_error is
281+
* enabled, fail now. This could happen if the server was already running.
282+
*/
257283
if (!pg_ctl_return)
258284
pg_log(PG_FATAL, "pg_ctl failed to start the %s server, or connection failed\n",
259285
CLUSTER_NAME(cluster));
260286

261-
os_info.running_cluster = cluster;
262-
263287
return true;
264288
}
265289

0 commit comments

Comments
 (0)