1 /*-------------------------------------------------------------------------
2 *
3 * pgarch.c
4 *
5 * PostgreSQL WAL archiver
6 *
7 * All functions relating to archiver are included here
8 *
9 * - All functions executed by archiver process
10 *
11 * - archiver is forked from postmaster, and the two
12 * processes then communicate using signals. All functions
13 * executed by postmaster are included in this file.
14 *
15 * Initial author: Simon Riggs simon@2ndquadrant.com
16 *
17 * Portions Copyright (c) 1996-2017, PostgreSQL Global Development Group
18 * Portions Copyright (c) 1994, Regents of the University of California
19 *
20 *
21 * IDENTIFICATION
22 * src/backend/postmaster/pgarch.c
23 *
24 *-------------------------------------------------------------------------
25 */
26 #include "postgres.h"
27
28 #include <fcntl.h>
29 #include <signal.h>
30 #include <time.h>
31 #include <sys/time.h>
32 #include <sys/wait.h>
33 #include <unistd.h>
34
35 #include "access/xlog.h"
36 #include "access/xlog_internal.h"
37 #include "libpq/pqsignal.h"
38 #include "miscadmin.h"
39 #include "pgstat.h"
40 #include "postmaster/fork_process.h"
41 #include "postmaster/pgarch.h"
42 #include "postmaster/postmaster.h"
43 #include "storage/dsm.h"
44 #include "storage/fd.h"
45 #include "storage/ipc.h"
46 #include "storage/latch.h"
47 #include "storage/pg_shmem.h"
48 #include "storage/pmsignal.h"
49 #include "utils/guc.h"
50 #include "utils/ps_status.h"
51
52
53 /* ----------
54 * Timer definitions.
55 * ----------
56 */
57 #define PGARCH_AUTOWAKE_INTERVAL 60 /* How often to force a poll of the
58 * archive status directory; in seconds. */
59 #define PGARCH_RESTART_INTERVAL 10 /* How often to attempt to restart a
60 * failed archiver; in seconds. */
61
62 #define NUM_ARCHIVE_RETRIES 3
63
64
65 /* ----------
66 * Local data
67 * ----------
68 */
69 static time_t last_pgarch_start_time;
70 static time_t last_sigterm_time = 0;
71
72 /*
73 * Flags set by interrupt handlers for later service in the main loop.
74 */
75 static volatile sig_atomic_t got_SIGHUP = false;
76 static volatile sig_atomic_t got_SIGTERM = false;
77 static volatile sig_atomic_t wakened = false;
78 static volatile sig_atomic_t ready_to_stop = false;
79
80 /* ----------
81 * Local function forward declarations
82 * ----------
83 */
84 #ifdef EXEC_BACKEND
85 static pid_t pgarch_forkexec(void);
86 #endif
87
88 NON_EXEC_STATIC void PgArchiverMain(int argc, char *argv[]) pg_attribute_noreturn();
89 static void pgarch_exit(SIGNAL_ARGS);
90 static void ArchSigHupHandler(SIGNAL_ARGS);
91 static void ArchSigTermHandler(SIGNAL_ARGS);
92 static void pgarch_waken(SIGNAL_ARGS);
93 static void pgarch_waken_stop(SIGNAL_ARGS);
94 static void pgarch_MainLoop(void);
95 static void pgarch_ArchiverCopyLoop(void);
96 static bool pgarch_archiveXlog(char *xlog);
97 static bool pgarch_readyXlog(char *xlog);
98 static void pgarch_archiveDone(char *xlog);
99
100
101 /* ------------------------------------------------------------
102 * Public functions called from postmaster follow
103 * ------------------------------------------------------------
104 */
105
106 /*
107 * pgarch_start
108 *
109 * Called from postmaster at startup or after an existing archiver
110 * died. Attempt to fire up a fresh archiver process.
111 *
112 * Returns PID of child process, or 0 if fail.
113 *
114 * Note: if fail, we will be called again from the postmaster main loop.
115 */
116 int
pgarch_start(void)117 pgarch_start(void)
118 {
119 time_t curtime;
120 pid_t pgArchPid;
121
122 /*
123 * Do nothing if no archiver needed
124 */
125 if (!XLogArchivingActive())
126 return 0;
127
128 /*
129 * Do nothing if too soon since last archiver start. This is a safety
130 * valve to protect against continuous respawn attempts if the archiver is
131 * dying immediately at launch. Note that since we will be re-called from
132 * the postmaster main loop, we will get another chance later.
133 */
134 curtime = time(NULL);
135 if ((unsigned int) (curtime - last_pgarch_start_time) <
136 (unsigned int) PGARCH_RESTART_INTERVAL)
137 return 0;
138 last_pgarch_start_time = curtime;
139
140 #ifdef EXEC_BACKEND
141 switch ((pgArchPid = pgarch_forkexec()))
142 #else
143 switch ((pgArchPid = fork_process()))
144 #endif
145 {
146 case -1:
147 ereport(LOG,
148 (errmsg("could not fork archiver: %m")));
149 return 0;
150
151 #ifndef EXEC_BACKEND
152 case 0:
153 /* in postmaster child ... */
154 InitPostmasterChild();
155
156 /* Close the postmaster's sockets */
157 ClosePostmasterPorts(false);
158
159 /* Drop our connection to postmaster's shared memory, as well */
160 dsm_detach_all();
161 PGSharedMemoryDetach();
162
163 PgArchiverMain(0, NULL);
164 break;
165 #endif
166
167 default:
168 return (int) pgArchPid;
169 }
170
171 /* shouldn't get here */
172 return 0;
173 }
174
175 /* ------------------------------------------------------------
176 * Local functions called by archiver follow
177 * ------------------------------------------------------------
178 */
179
180
181 #ifdef EXEC_BACKEND
182
183 /*
184 * pgarch_forkexec() -
185 *
186 * Format up the arglist for, then fork and exec, archive process
187 */
188 static pid_t
pgarch_forkexec(void)189 pgarch_forkexec(void)
190 {
191 char *av[10];
192 int ac = 0;
193
194 av[ac++] = "postgres";
195
196 av[ac++] = "--forkarch";
197
198 av[ac++] = NULL; /* filled in by postmaster_forkexec */
199
200 av[ac] = NULL;
201 Assert(ac < lengthof(av));
202
203 return postmaster_forkexec(ac, av);
204 }
205 #endif /* EXEC_BACKEND */
206
207
208 /*
209 * PgArchiverMain
210 *
211 * The argc/argv parameters are valid only in EXEC_BACKEND case. However,
212 * since we don't use 'em, it hardly matters...
213 */
214 NON_EXEC_STATIC void
PgArchiverMain(int argc,char * argv[])215 PgArchiverMain(int argc, char *argv[])
216 {
217 /*
218 * Ignore all signals usually bound to some action in the postmaster,
219 * except for SIGHUP, SIGTERM, SIGUSR1, SIGUSR2, and SIGQUIT.
220 */
221 pqsignal(SIGHUP, ArchSigHupHandler);
222 pqsignal(SIGINT, SIG_IGN);
223 pqsignal(SIGTERM, ArchSigTermHandler);
224 pqsignal(SIGQUIT, pgarch_exit);
225 pqsignal(SIGALRM, SIG_IGN);
226 pqsignal(SIGPIPE, SIG_IGN);
227 pqsignal(SIGUSR1, pgarch_waken);
228 pqsignal(SIGUSR2, pgarch_waken_stop);
229 pqsignal(SIGCHLD, SIG_DFL);
230 pqsignal(SIGTTIN, SIG_DFL);
231 pqsignal(SIGTTOU, SIG_DFL);
232 pqsignal(SIGCONT, SIG_DFL);
233 pqsignal(SIGWINCH, SIG_DFL);
234 PG_SETMASK(&UnBlockSig);
235
236 /*
237 * Identify myself via ps
238 */
239 init_ps_display("archiver process", "", "", "");
240
241 pgarch_MainLoop();
242
243 exit(0);
244 }
245
246 /* SIGQUIT signal handler for archiver process */
247 static void
pgarch_exit(SIGNAL_ARGS)248 pgarch_exit(SIGNAL_ARGS)
249 {
250 /*
251 * We DO NOT want to run proc_exit() or atexit() callbacks; they wouldn't
252 * be safe to run from a signal handler. Just nail the windows shut and
253 * get out of town.
254 *
255 * For consistency with other postmaster children, we do _exit(2) not
256 * _exit(1). The postmaster currently will treat these exit codes alike,
257 * but it seems better to report that we died in an unexpected way.
258 */
259 _exit(2);
260 }
261
262 /* SIGHUP signal handler for archiver process */
263 static void
ArchSigHupHandler(SIGNAL_ARGS)264 ArchSigHupHandler(SIGNAL_ARGS)
265 {
266 int save_errno = errno;
267
268 /* set flag to re-read config file at next convenient time */
269 got_SIGHUP = true;
270 SetLatch(MyLatch);
271
272 errno = save_errno;
273 }
274
275 /* SIGTERM signal handler for archiver process */
276 static void
ArchSigTermHandler(SIGNAL_ARGS)277 ArchSigTermHandler(SIGNAL_ARGS)
278 {
279 int save_errno = errno;
280
281 /*
282 * The postmaster never sends us SIGTERM, so we assume that this means
283 * that init is trying to shut down the whole system. If we hang around
284 * too long we'll get SIGKILL'd. Set flag to prevent starting any more
285 * archive commands.
286 */
287 got_SIGTERM = true;
288 SetLatch(MyLatch);
289
290 errno = save_errno;
291 }
292
293 /* SIGUSR1 signal handler for archiver process */
294 static void
pgarch_waken(SIGNAL_ARGS)295 pgarch_waken(SIGNAL_ARGS)
296 {
297 int save_errno = errno;
298
299 /* set flag that there is work to be done */
300 wakened = true;
301 SetLatch(MyLatch);
302
303 errno = save_errno;
304 }
305
306 /* SIGUSR2 signal handler for archiver process */
307 static void
pgarch_waken_stop(SIGNAL_ARGS)308 pgarch_waken_stop(SIGNAL_ARGS)
309 {
310 int save_errno = errno;
311
312 /* set flag to do a final cycle and shut down afterwards */
313 ready_to_stop = true;
314 SetLatch(MyLatch);
315
316 errno = save_errno;
317 }
318
319 /*
320 * pgarch_MainLoop
321 *
322 * Main loop for archiver
323 */
324 static void
pgarch_MainLoop(void)325 pgarch_MainLoop(void)
326 {
327 pg_time_t last_copy_time = 0;
328 bool time_to_stop;
329
330 /*
331 * We run the copy loop immediately upon entry, in case there are
332 * unarchived files left over from a previous database run (or maybe the
333 * archiver died unexpectedly). After that we wait for a signal or
334 * timeout before doing more.
335 */
336 wakened = true;
337
338 /*
339 * There shouldn't be anything for the archiver to do except to wait for a
340 * signal ... however, the archiver exists to protect our data, so she
341 * wakes up occasionally to allow herself to be proactive.
342 */
343 do
344 {
345 ResetLatch(MyLatch);
346
347 /* When we get SIGUSR2, we do one more archive cycle, then exit */
348 time_to_stop = ready_to_stop;
349
350 /* Check for config update */
351 if (got_SIGHUP)
352 {
353 got_SIGHUP = false;
354 ProcessConfigFile(PGC_SIGHUP);
355 }
356
357 /*
358 * If we've gotten SIGTERM, we normally just sit and do nothing until
359 * SIGUSR2 arrives. However, that means a random SIGTERM would
360 * disable archiving indefinitely, which doesn't seem like a good
361 * idea. If more than 60 seconds pass since SIGTERM, exit anyway, so
362 * that the postmaster can start a new archiver if needed.
363 */
364 if (got_SIGTERM)
365 {
366 time_t curtime = time(NULL);
367
368 if (last_sigterm_time == 0)
369 last_sigterm_time = curtime;
370 else if ((unsigned int) (curtime - last_sigterm_time) >=
371 (unsigned int) 60)
372 break;
373 }
374
375 /* Do what we're here for */
376 if (wakened || time_to_stop)
377 {
378 wakened = false;
379 pgarch_ArchiverCopyLoop();
380 last_copy_time = time(NULL);
381 }
382
383 /*
384 * Sleep until a signal is received, or until a poll is forced by
385 * PGARCH_AUTOWAKE_INTERVAL having passed since last_copy_time, or
386 * until postmaster dies.
387 */
388 if (!time_to_stop) /* Don't wait during last iteration */
389 {
390 pg_time_t curtime = (pg_time_t) time(NULL);
391 int timeout;
392
393 timeout = PGARCH_AUTOWAKE_INTERVAL - (curtime - last_copy_time);
394 if (timeout > 0)
395 {
396 int rc;
397
398 rc = WaitLatch(MyLatch,
399 WL_LATCH_SET | WL_TIMEOUT | WL_POSTMASTER_DEATH,
400 timeout * 1000L,
401 WAIT_EVENT_ARCHIVER_MAIN);
402 if (rc & WL_TIMEOUT)
403 wakened = true;
404 }
405 else
406 wakened = true;
407 }
408
409 /*
410 * The archiver quits either when the postmaster dies (not expected)
411 * or after completing one more archiving cycle after receiving
412 * SIGUSR2.
413 */
414 } while (PostmasterIsAlive() && !time_to_stop);
415 }
416
417 /*
418 * pgarch_ArchiverCopyLoop
419 *
420 * Archives all outstanding xlogs then returns
421 */
422 static void
pgarch_ArchiverCopyLoop(void)423 pgarch_ArchiverCopyLoop(void)
424 {
425 char xlog[MAX_XFN_CHARS + 1];
426
427 /*
428 * loop through all xlogs with archive_status of .ready and archive
429 * them...mostly we expect this to be a single file, though it is possible
430 * some backend will add files onto the list of those that need archiving
431 * while we are still copying earlier archives
432 */
433 while (pgarch_readyXlog(xlog))
434 {
435 int failures = 0;
436
437 for (;;)
438 {
439 /*
440 * Do not initiate any more archive commands after receiving
441 * SIGTERM, nor after the postmaster has died unexpectedly. The
442 * first condition is to try to keep from having init SIGKILL the
443 * command, and the second is to avoid conflicts with another
444 * archiver spawned by a newer postmaster.
445 */
446 if (got_SIGTERM || !PostmasterIsAlive())
447 return;
448
449 /*
450 * Check for config update. This is so that we'll adopt a new
451 * setting for archive_command as soon as possible, even if there
452 * is a backlog of files to be archived.
453 */
454 if (got_SIGHUP)
455 {
456 got_SIGHUP = false;
457 ProcessConfigFile(PGC_SIGHUP);
458 }
459
460 /* can't do anything if no command ... */
461 if (!XLogArchiveCommandSet())
462 {
463 ereport(WARNING,
464 (errmsg("archive_mode enabled, yet archive_command is not set")));
465 return;
466 }
467
468 if (pgarch_archiveXlog(xlog))
469 {
470 /* successful */
471 pgarch_archiveDone(xlog);
472
473 /*
474 * Tell the collector about the WAL file that we successfully
475 * archived
476 */
477 pgstat_send_archiver(xlog, false);
478
479 break; /* out of inner retry loop */
480 }
481 else
482 {
483 /*
484 * Tell the collector about the WAL file that we failed to
485 * archive
486 */
487 pgstat_send_archiver(xlog, true);
488
489 if (++failures >= NUM_ARCHIVE_RETRIES)
490 {
491 ereport(WARNING,
492 (errmsg("archiving write-ahead log file \"%s\" failed too many times, will try again later",
493 xlog)));
494 return; /* give up archiving for now */
495 }
496 pg_usleep(1000000L); /* wait a bit before retrying */
497 }
498 }
499 }
500 }
501
502 /*
503 * pgarch_archiveXlog
504 *
505 * Invokes system(3) to copy one archive file to wherever it should go
506 *
507 * Returns true if successful
508 */
509 static bool
pgarch_archiveXlog(char * xlog)510 pgarch_archiveXlog(char *xlog)
511 {
512 char xlogarchcmd[MAXPGPATH];
513 char pathname[MAXPGPATH];
514 char activitymsg[MAXFNAMELEN + 16];
515 char *dp;
516 char *endp;
517 const char *sp;
518 int rc;
519
520 snprintf(pathname, MAXPGPATH, XLOGDIR "/%s", xlog);
521
522 /*
523 * construct the command to be executed
524 */
525 dp = xlogarchcmd;
526 endp = xlogarchcmd + MAXPGPATH - 1;
527 *endp = '\0';
528
529 for (sp = XLogArchiveCommand; *sp; sp++)
530 {
531 if (*sp == '%')
532 {
533 switch (sp[1])
534 {
535 case 'p':
536 /* %p: relative path of source file */
537 sp++;
538 strlcpy(dp, pathname, endp - dp);
539 make_native_path(dp);
540 dp += strlen(dp);
541 break;
542 case 'f':
543 /* %f: filename of source file */
544 sp++;
545 strlcpy(dp, xlog, endp - dp);
546 dp += strlen(dp);
547 break;
548 case '%':
549 /* convert %% to a single % */
550 sp++;
551 if (dp < endp)
552 *dp++ = *sp;
553 break;
554 default:
555 /* otherwise treat the % as not special */
556 if (dp < endp)
557 *dp++ = *sp;
558 break;
559 }
560 }
561 else
562 {
563 if (dp < endp)
564 *dp++ = *sp;
565 }
566 }
567 *dp = '\0';
568
569 ereport(DEBUG3,
570 (errmsg_internal("executing archive command \"%s\"",
571 xlogarchcmd)));
572
573 /* Report archive activity in PS display */
574 snprintf(activitymsg, sizeof(activitymsg), "archiving %s", xlog);
575 set_ps_display(activitymsg, false);
576
577 rc = system(xlogarchcmd);
578 if (rc != 0)
579 {
580 /*
581 * If either the shell itself, or a called command, died on a signal,
582 * abort the archiver. We do this because system() ignores SIGINT and
583 * SIGQUIT while waiting; so a signal is very likely something that
584 * should have interrupted us too. Also die if the shell got a hard
585 * "command not found" type of error. If we overreact it's no big
586 * deal, the postmaster will just start the archiver again.
587 */
588 int lev = wait_result_is_any_signal(rc, true) ? FATAL : LOG;
589
590 if (WIFEXITED(rc))
591 {
592 ereport(lev,
593 (errmsg("archive command failed with exit code %d",
594 WEXITSTATUS(rc)),
595 errdetail("The failed archive command was: %s",
596 xlogarchcmd)));
597 }
598 else if (WIFSIGNALED(rc))
599 {
600 #if defined(WIN32)
601 ereport(lev,
602 (errmsg("archive command was terminated by exception 0x%X",
603 WTERMSIG(rc)),
604 errhint("See C include file \"ntstatus.h\" for a description of the hexadecimal value."),
605 errdetail("The failed archive command was: %s",
606 xlogarchcmd)));
607 #else
608 ereport(lev,
609 (errmsg("archive command was terminated by signal %d: %s",
610 WTERMSIG(rc), pg_strsignal(WTERMSIG(rc))),
611 errdetail("The failed archive command was: %s",
612 xlogarchcmd)));
613 #endif
614 }
615 else
616 {
617 ereport(lev,
618 (errmsg("archive command exited with unrecognized status %d",
619 rc),
620 errdetail("The failed archive command was: %s",
621 xlogarchcmd)));
622 }
623
624 snprintf(activitymsg, sizeof(activitymsg), "failed on %s", xlog);
625 set_ps_display(activitymsg, false);
626
627 return false;
628 }
629 elog(DEBUG1, "archived write-ahead log file \"%s\"", xlog);
630
631 snprintf(activitymsg, sizeof(activitymsg), "last was %s", xlog);
632 set_ps_display(activitymsg, false);
633
634 return true;
635 }
636
637 /*
638 * pgarch_readyXlog
639 *
640 * Return name of the oldest xlog file that has not yet been archived.
641 * No notification is set that file archiving is now in progress, so
642 * this would need to be extended if multiple concurrent archival
643 * tasks were created. If a failure occurs, we will completely
644 * re-copy the file at the next available opportunity.
645 *
646 * It is important that we return the oldest, so that we archive xlogs
647 * in order that they were written, for two reasons:
648 * 1) to maintain the sequential chain of xlogs required for recovery
649 * 2) because the oldest ones will sooner become candidates for
650 * recycling at time of checkpoint
651 *
652 * NOTE: the "oldest" comparison will consider any .history file to be older
653 * than any other file except another .history file. Segments on a timeline
654 * with a smaller ID will be older than all segments on a timeline with a
655 * larger ID; the net result being that past timelines are given higher
656 * priority for archiving. This seems okay, or at least not obviously worth
657 * changing.
658 */
659 static bool
pgarch_readyXlog(char * xlog)660 pgarch_readyXlog(char *xlog)
661 {
662 /*
663 * open xlog status directory and read through list of xlogs that have the
664 * .ready suffix, looking for earliest file. It is possible to optimise
665 * this code, though only a single file is expected on the vast majority
666 * of calls, so....
667 */
668 char XLogArchiveStatusDir[MAXPGPATH];
669 DIR *rldir;
670 struct dirent *rlde;
671 bool found = false;
672 bool historyFound = false;
673
674 snprintf(XLogArchiveStatusDir, MAXPGPATH, XLOGDIR "/archive_status");
675 rldir = AllocateDir(XLogArchiveStatusDir);
676 if (rldir == NULL)
677 ereport(ERROR,
678 (errcode_for_file_access(),
679 errmsg("could not open archive status directory \"%s\": %m",
680 XLogArchiveStatusDir)));
681
682 while ((rlde = ReadDir(rldir, XLogArchiveStatusDir)) != NULL)
683 {
684 int basenamelen = (int) strlen(rlde->d_name) - 6;
685 char basename[MAX_XFN_CHARS + 1];
686 bool ishistory;
687
688 /* Ignore entries with unexpected number of characters */
689 if (basenamelen < MIN_XFN_CHARS ||
690 basenamelen > MAX_XFN_CHARS)
691 continue;
692
693 /* Ignore entries with unexpected characters */
694 if (strspn(rlde->d_name, VALID_XFN_CHARS) < basenamelen)
695 continue;
696
697 /* Ignore anything not suffixed with .ready */
698 if (strcmp(rlde->d_name + basenamelen, ".ready") != 0)
699 continue;
700
701 /* Truncate off the .ready */
702 memcpy(basename, rlde->d_name, basenamelen);
703 basename[basenamelen] = '\0';
704
705 /* Is this a history file? */
706 ishistory = IsTLHistoryFileName(basename);
707
708 /*
709 * Consume the file to archive. History files have the highest
710 * priority. If this is the first file or the first history file
711 * ever, copy it. In the presence of a history file already chosen as
712 * target, ignore all other files except history files which have been
713 * generated for an older timeline than what is already chosen as
714 * target to archive.
715 */
716 if (!found || (ishistory && !historyFound))
717 {
718 strcpy(xlog, basename);
719 found = true;
720 historyFound = ishistory;
721 }
722 else if (ishistory || !historyFound)
723 {
724 if (strcmp(basename, xlog) < 0)
725 strcpy(xlog, basename);
726 }
727 }
728 FreeDir(rldir);
729
730 return found;
731 }
732
733 /*
734 * pgarch_archiveDone
735 *
736 * Emit notification that an xlog file has been successfully archived.
737 * We do this by renaming the status file from NNN.ready to NNN.done.
738 * Eventually, a checkpoint process will notice this and delete both the
739 * NNN.done file and the xlog file itself.
740 */
741 static void
pgarch_archiveDone(char * xlog)742 pgarch_archiveDone(char *xlog)
743 {
744 char rlogready[MAXPGPATH];
745 char rlogdone[MAXPGPATH];
746
747 StatusFilePath(rlogready, xlog, ".ready");
748 StatusFilePath(rlogdone, xlog, ".done");
749 (void) durable_rename(rlogready, rlogdone, WARNING);
750 }
751