On Tue, Apr 10, 2018 at 10:27:19PM +0200, Daniel Gustafsson wrote:
>> On 10 Apr 2018, at 06:21, Michael Paquier <michael@paquier.xyz> wrote:
> Does it really imply that? Either way, the tool could potentially be useful
> for debugging a broken cluster so I’m not sure that stating it requires a
> cleanly shut down server is useful.
Torn pages could lead to false positives. So I think that the tool's
assumptions are right.
> Thinking more on this, I don’t think the -f option should be in the tool until
> we have the ability to turn on/off checksums. Since checksums are always on,
> or always off, -f is at best confusing IMO. The attached patch removes -f,
> when we can turn checksums on/off we can rethink how -f should behave.
That's my impression as well, thanks for confirming. Your patch looks
fine to me.
I am wondering as well if we should not actually rename the tool? Why
not naming it pg_checksums instead of pg_verify_checksums, and add an
--action switch to it which can be used to work on checksums. The
obvious option to support in v11 is a "verify" mode, but I would imagine
that a "disable" and "enable" modes would be useful as well, and all the
APIs are here already to be able to do an in-place update of the
checksums, and then switch the control file properly. We have no idea
at this stage if a patch to enable checksums while the cluster is online
will be able to make it, still a way to switch checksums while the
cluster is offline is both reliable and easy to implement. Not saying
do to that for v11 of course, I would like to keep the door open for
v12.
--
Michael
