Use pg_probackup.pid file instead of locking pg_probackup.conf

Author: Artur Zakirov

backup.c

@@ -404,7 +404,6 @@ do_backup_database(parray *backup_list, bool smooth_checkpoint)
 int
 do_backup(bool smooth_checkpoint)
 {
-	int			ret;
 	parray	   *backup_list;
 	parray	   *files_database;
 
@@ -433,12 +432,7 @@ do_backup(bool smooth_checkpoint)
 	elog(LOG, "----------------------------------------");
 
 	/* get exclusive lock of backup catalog */
-	ret = catalog_lock(true);
-	if (ret == -1)
-		elog(ERROR, "cannot lock backup catalog");
-	else if (ret == 1)
-		elog(ERROR,
-			 "another pg_probackup is running, skipping this backup");
+	catalog_lock(true);
 
 	/* initialize backup result */
 	current.status = BACKUP_STATUS_RUNNING;
@@ -509,9 +503,6 @@ do_backup(bool smooth_checkpoint)
 
 	pgBackupValidate(&current, false, false);
 
-	/* release catalog lock */
-	catalog_unlock();
-
 	return 0;
 }
 

catalog.c

@@ -13,6 +13,7 @@
 #include <dirent.h>
 #include <fcntl.h>
 #include <libgen.h>
+#include <signal.h>
 #include <sys/file.h>
 #include <sys/stat.h>
 #include <sys/types.h>
@@ -26,42 +27,185 @@ static pgBackup *read_backup_from_file(const char *path);
 
 #define BOOL_TO_STR(val)	((val) ? "true" : "false")
 
-static int lock_fd = -1;
+static bool exit_hook_registered = false;
+static char lock_file[MAXPGPATH];
+
+static void
+unlink_lock_atexit(void)
+{
+	int			res;
+	res = unlink(lock_file);
+	if (res != 0 && res != ENOENT)
+		elog(WARNING, "%s: %s", lock_file, strerror(errno));
+}
 
 /*
- * Lock of the catalog with pg_probackup.conf file and return 0.
- * If the lock is held by another one, return 1 immediately.
+ * Create a lockfile.
  */
 int
 catalog_lock(bool check_catalog)
 {
-	int			ret;
-	char		id_path[MAXPGPATH];
-
-	join_path_components(id_path, backup_path, BACKUP_CATALOG_CONF_FILE);
-	lock_fd = open(id_path, O_RDWR);
-	if (lock_fd == -1)
-		elog(errno == ENOENT ? ERROR : ERROR,
-			"cannot open file \"%s\": %s", id_path, strerror(errno));
-#ifdef __IBMC__
-	ret = lockf(lock_fd, LOCK_EX | LOCK_NB, 0);	/* non-blocking */
+	int			fd;
+	char		buffer[MAXPGPATH * 2 + 256];
+	int			ntries;
+	int			len;
+	int			encoded_pid;
+	pid_t		my_pid,
+				my_p_pid;
+
+	join_path_components(lock_file, backup_path, BACKUP_CATALOG_PID);
+
+	/*
+	 * If the PID in the lockfile is our own PID or our parent's or
+	 * grandparent's PID, then the file must be stale (probably left over from
+	 * a previous system boot cycle).  We need to check this because of the
+	 * likelihood that a reboot will assign exactly the same PID as we had in
+	 * the previous reboot, or one that's only one or two counts larger and
+	 * hence the lockfile's PID now refers to an ancestor shell process.  We
+	 * allow pg_ctl to pass down its parent shell PID (our grandparent PID)
+	 * via the environment variable PG_GRANDPARENT_PID; this is so that
+	 * launching the postmaster via pg_ctl can be just as reliable as
+	 * launching it directly.  There is no provision for detecting
+	 * further-removed ancestor processes, but if the init script is written
+	 * carefully then all but the immediate parent shell will be root-owned
+	 * processes and so the kill test will fail with EPERM.  Note that we
+	 * cannot get a false negative this way, because an existing postmaster
+	 * would surely never launch a competing postmaster or pg_ctl process
+	 * directly.
+	 */
+	my_pid = getpid();
+#ifndef WIN32
+	my_p_pid = getppid();
 #else
-	ret = flock(lock_fd, LOCK_EX | LOCK_NB);	/* non-blocking */
+
+	/*
+	 * Windows hasn't got getppid(), but doesn't need it since it's not using
+	 * real kill() either...
+	 */
+	my_p_pid = 0;
 #endif
-	if (ret == -1)
+
+	/*
+	 * We need a loop here because of race conditions.  But don't loop forever
+	 * (for example, a non-writable $backup_path directory might cause a failure
+	 * that won't go away).  100 tries seems like plenty.
+	 */
+	for (ntries = 0;; ntries++)
 	{
-		if (errno == EWOULDBLOCK)
+		/*
+		 * Try to create the lock file --- O_EXCL makes this atomic.
+		 *
+		 * Think not to make the file protection weaker than 0600.  See
+		 * comments below.
+		 */
+		fd = open(lock_file, O_RDWR | O_CREAT | O_EXCL, 0600);
+		if (fd >= 0)
+			break;				/* Success; exit the retry loop */
+
+		/*
+		 * Couldn't create the pid file. Probably it already exists.
+		 */
+		if ((errno != EEXIST && errno != EACCES) || ntries > 100)
+			elog(ERROR, "could not create lock file \"%s\": %s",
+				 lock_file, strerror(errno));
+
+		/*
+		 * Read the file to get the old owner's PID.  Note race condition
+		 * here: file might have been deleted since we tried to create it.
+		 */
+		fd = open(lock_file, O_RDONLY, 0600);
+		if (fd < 0)
 		{
-			close(lock_fd);
-			return 1;
+			if (errno == ENOENT)
+				continue;		/* race condition; try again */
+			elog(ERROR, "could not open lock file \"%s\": %s",
+				 lock_file, strerror(errno));
 		}
-		else
+		if ((len = read(fd, buffer, sizeof(buffer) - 1)) < 0)
+			elog(ERROR, "could not read lock file \"%s\": %s",
+				 lock_file, strerror(errno));
+		close(fd);
+
+		if (len == 0)
+			elog(ERROR, "lock file \"%s\" is empty", lock_file);
+
+		buffer[len] = '\0';
+		encoded_pid = atoi(buffer);
+
+		if (encoded_pid <= 0)
+			elog(ERROR, "bogus data in lock file \"%s\": \"%s\"",
+				 lock_file, buffer);
+
+		/*
+		 * Check to see if the other process still exists
+		 *
+		 * Per discussion above, my_pid, my_p_pid can be
+		 * ignored as false matches.
+		 *
+		 * Normally kill() will fail with ESRCH if the given PID doesn't
+		 * exist.
+		 */
+		if (encoded_pid != my_pid && encoded_pid != my_p_pid)
 		{
-			int errno_tmp = errno;
-			close(lock_fd);
-			elog(ERROR, "cannot lock file \"%s\": %s", id_path,
-				strerror(errno_tmp));
+			if (kill(encoded_pid, 0) == 0 ||
+				(errno != ESRCH && errno != EPERM))
+				elog(ERROR, "lock file \"%s\" already exists", lock_file);
 		}
+
+		/*
+		 * Looks like nobody's home.  Unlink the file and try again to create
+		 * it.  Need a loop because of possible race condition against other
+		 * would-be creators.
+		 */
+		if (unlink(lock_file) < 0)
+			elog(ERROR, "could not remove old lock file \"%s\": %s",
+				 lock_file, strerror(errno));
+	}
+
+	/*
+	 * Successfully created the file, now fill it.
+	 */
+	snprintf(buffer, sizeof(buffer), "%d\n", my_pid);
+
+	errno = 0;
+	if (write(fd, buffer, strlen(buffer)) != strlen(buffer))
+	{
+		int			save_errno = errno;
+
+		close(fd);
+		unlink(lock_file);
+		/* if write didn't set errno, assume problem is no disk space */
+		errno = save_errno ? save_errno : ENOSPC;
+		elog(ERROR, "could not write lock file \"%s\": %s",
+			 lock_file, strerror(errno));
+	}
+	if (fsync(fd) != 0)
+	{
+		int			save_errno = errno;
+
+		close(fd);
+		unlink(lock_file);
+		errno = save_errno;
+		elog(ERROR, "could not write lock file \"%s\": %s",
+			 lock_file, strerror(errno));
+	}
+	if (close(fd) != 0)
+	{
+		int			save_errno = errno;
+
+		unlink(lock_file);
+		errno = save_errno;
+		elog(ERROR, "could not write lock file \"%s\": %s",
+			 lock_file, strerror(errno));
+	}
+
+	/*
+	 * Arrange to unlink the lock file(s) at proc_exit.
+	 */
+	if (!exit_hook_registered)
+	{
+		atexit(unlink_lock_atexit);
+		exit_hook_registered = true;
 	}
 
 	if (check_catalog)
@@ -80,16 +224,6 @@ catalog_lock(bool check_catalog)
 	return 0;
 }
 
-/*
- * Release catalog lock.
- */
-void
-catalog_unlock(void)
-{
-	close(lock_fd);
-	lock_fd = -1;
-}
-
 /*
  * Create a pgBackup which taken at timestamp.
  * If no backup matches, return NULL.

delete.c

@@ -23,7 +23,6 @@ do_delete(time_t backup_id)
 {
 	int			i;
 	int			b_index;
-	int			ret;
 	parray		*backup_list;
 	pgBackup	*last_backup = NULL;
 
@@ -32,12 +31,7 @@ do_delete(time_t backup_id)
 		elog(ERROR, "required backup ID not specified");
 
 	/* Lock backup catalog */
-	ret = catalog_lock(false);
-	if (ret == -1)
-		elog(ERROR, "can't lock backup catalog.");
-	else if (ret == 1)
-		elog(ERROR,
-			 "another pg_probackup is running, stop delete.");
+	catalog_lock(false);
 
 	/* Get complete list of backups */
 	backup_list = catalog_get_backup_list(0);
@@ -78,15 +72,12 @@ do_delete(time_t backup_id)
 			pgBackupDeleteFiles(backup);
 	}
 
-	/* release catalog lock */
-	catalog_unlock();
-
 	/* cleanup */
 	parray_walk(backup_list, pgBackupFree);
 	parray_free(backup_list);
 
 	if (delete_wal)
-		do_deletewal(backup_id, false);
+		do_deletewal(backup_id, false, false);
 
 	return 0;
 }
@@ -97,22 +88,17 @@ do_delete(time_t backup_id)
  * found around needs to keep.
  */
 int
-do_deletewal(time_t backup_id, bool strict)
+do_deletewal(time_t backup_id, bool strict, bool need_catalog_lock)
 {
 	size_t		i;
-	int			ret;
 	parray		*backup_list;
 	XLogRecPtr	oldest_lsn = InvalidXLogRecPtr;
 	TimeLineID	oldest_tli;
 	bool		backup_found = false;
 
 	/* Lock backup catalog */
-	ret = catalog_lock(false);
-	if (ret == -1)
-		elog(ERROR, "can't lock backup catalog.");
-	else if (ret == 1)
-		elog(ERROR,
-			 "another pg_probackup is running, stop delete.");
+	if (need_catalog_lock)
+		catalog_lock(false);
 
 	/* Find oldest LSN, used by backups */
 	backup_list = catalog_get_backup_list(0);
@@ -136,7 +122,6 @@ do_deletewal(time_t backup_id, bool strict)
 	if (strict && backup_id != 0 && backup_found == false)
 		elog(ERROR, "not found backup for deletwal command");
 
-	catalog_unlock();
 	parray_walk(backup_list, pgBackupFree);
 	parray_free(backup_list);
 
@@ -158,7 +143,6 @@ do_retention_purge(void)
 	time_t		days_threshold = time(NULL) - (retention_window * 60 * 60 * 24);
 	XLogRecPtr	oldest_lsn = InvalidXLogRecPtr;
 	TimeLineID	oldest_tli;
-	int			ret;
 	bool		keep_next_backup = true; /* Do not delete first full backup */
 
 	if (retention_redundancy > 0)
@@ -170,18 +154,14 @@ do_retention_purge(void)
 		elog(ERROR, "retention policy is not set");
 
 	/* Lock backup catalog */
-	ret = catalog_lock(false);
-	if (ret == 1)
-		elog(ERROR,
-			 "cannot lock backup catalog, another pg_probackup is running");
+	catalog_lock(false);
 
 	/* Get a complete list of backups. */
 	backup_list = catalog_get_backup_list(0);
 	if (parray_num(backup_list) == 0)
 	{
 		elog(INFO, "backup list is empty");
 		elog(INFO, "exit");
-		catalog_unlock();
 		return 0;
 	}
 
@@ -236,8 +216,6 @@ do_retention_purge(void)
 	parray_walk(backup_list, pgBackupFree);
 	parray_free(backup_list);
 
-	catalog_unlock();
-
 	elog(INFO, "purging is finished");
 
 	return 0;

pg_probackup.c

@@ -209,7 +209,7 @@ main(int argc, char *argv[])
 	else if (pg_strcasecmp(cmd, "delete") == 0)
 		return do_delete(backup_id);
 	else if (pg_strcasecmp(cmd, "delwal") == 0)
-		return do_deletewal(backup_id, true);
+		return do_deletewal(backup_id, true, true);
 	else if (pg_strcasecmp(cmd, "retention") == 0)
 	{
 		if (subcmd == NULL)