From 72e606ca7ab3b411de2971600b3ed0a64e2644ec Mon Sep 17 00:00:00 2001 From: Nathan Bossart Date: Wed, 27 Oct 2021 03:22:04 +0000 Subject: [PATCH v7 1/1] Introduce archive module infrastructure. This feature allows custom archive libraries to be used in place of archive_command. A new GUC called archive_library specifies the archive module that should be used. The library is preloaded, so its _PG_init() can do anything that libraries loaded via shared_preload_libraries can do. Like logical decoding output plugins, archive modules must define an initialization function and some callbacks. If archive_library is set to "shell" (which is the default for backward compatibility), archive_command is used. --- doc/src/sgml/archive-modules.sgml | 133 +++++++++++++++ doc/src/sgml/backup.sgml | 83 +++++---- doc/src/sgml/config.sgml | 37 +++- doc/src/sgml/filelist.sgml | 1 + doc/src/sgml/high-availability.sgml | 6 +- doc/src/sgml/postgres.sgml | 1 + doc/src/sgml/ref/pg_basebackup.sgml | 4 +- doc/src/sgml/ref/pg_receivewal.sgml | 6 +- doc/src/sgml/wal.sgml | 2 +- src/backend/access/transam/xlog.c | 2 +- src/backend/postmaster/Makefile | 1 + src/backend/postmaster/pgarch.c | 182 +++++++------------- src/backend/postmaster/postmaster.c | 2 + src/backend/postmaster/shell_archive.c | 156 +++++++++++++++++ src/backend/utils/init/miscinit.c | 27 +++ src/backend/utils/misc/guc.c | 15 +- src/backend/utils/misc/postgresql.conf.sample | 1 + src/include/access/xlog.h | 1 - src/include/miscadmin.h | 2 + src/include/postmaster/pgarch.h | 45 +++++ src/test/modules/Makefile | 1 + src/test/modules/basic_archive/.gitignore | 4 + src/test/modules/basic_archive/Makefile | 20 +++ src/test/modules/basic_archive/basic_archive.c | 189 +++++++++++++++++++++ src/test/modules/basic_archive/basic_archive.conf | 3 + .../basic_archive/expected/basic_archive.out | 29 ++++ .../modules/basic_archive/sql/basic_archive.sql | 22 +++ 27 files changed, 802 insertions(+), 173 deletions(-) create mode 100644 doc/src/sgml/archive-modules.sgml create mode 100644 src/backend/postmaster/shell_archive.c create mode 100644 src/test/modules/basic_archive/.gitignore create mode 100644 src/test/modules/basic_archive/Makefile create mode 100644 src/test/modules/basic_archive/basic_archive.c create mode 100644 src/test/modules/basic_archive/basic_archive.conf create mode 100644 src/test/modules/basic_archive/expected/basic_archive.out create mode 100644 src/test/modules/basic_archive/sql/basic_archive.sql diff --git a/doc/src/sgml/archive-modules.sgml b/doc/src/sgml/archive-modules.sgml new file mode 100644 index 0000000000..d69b462578 --- /dev/null +++ b/doc/src/sgml/archive-modules.sgml @@ -0,0 +1,133 @@ + + + + Archive Modules + + Archive Modules + + + + PostgreSQL provides infrastructure to create custom modules for continuous + archiving (see ). While archiving via + a shell command (i.e., ) is much + simpler, a custom archive module will often be considerably more robust and + performant. + + + + When a custom is configured, PostgreSQL + will submit completed WAL files to the module, and the server will avoid + recyling or removing these WAL files until the module indicates that the files + were successfully archived. It is ultimately up to the module to decide what + to do with each WAL file, but many recommendations are listed at + . + + + + Archiving modules must at least consist of an initialization function (see + ) and the required callbacks (see + ). However, archive modules are + also permitted to do much more (e.g., declare GUCs, register background + workers, and implement SQL functions). + + + + The src/test/modules/basic_archive module contains a + working example, which demonstrates some useful techniques. + + + + + There are considerable robustness and security risks in using archive modules + because, being written in the C language, they have access + to many of the server resources. Administrators wishing to enable archive + modules should exercise extreme caution. Only carefully audited modules + should be loaded. + + + + + Initialization Functions + + _PG_archive_module_init + + + An archive library is loaded by dynamically loading a shared library with the + 's name as the library base name. The + normal library search path is used to locate the library. To provide the + required archive module callbacks and to indicate that the library is + actually an archive module, it needs to provide a function named + PG_archive_module_init. This function is passed a + struct that needs to be filled with the callback function pointers for + individual actions. + + +typedef struct ArchiveModuleCallbacks +{ + ArchiveCheckConfiguredCB check_configured_cb; + ArchiveFileCB archive_file_cb; +} ArchiveModuleCallbacks; +typedef void (*ArchiveModuleInit) (struct ArchiveModuleCallbacks *cb); + + + Both callbacks are required. + + + + Archive libraries are preloaded in a similar fashion as + . This means that it is + possible to do things in the module's _PG_init function + that can only be done at server start. The + process_archive_library_in_progress will be set to + true when the archive library is being preloaded during + server startup. + + + + + Archive Module Callbacks + + The archive callbacks define the actual archiving behavior of the module. + The server will call them as required to process each individual WAL file. + + + + Check Callback + + The check_configured_cb callback is called to determine + whether the module is fully configured and ready to accept WAL files. + + +typedef bool (*ArchiveCheckConfiguredCB) (void); + + + If true is returned, the server will proceed with + archiving the file by calling the archive_file_cb + callback. If false is returned, archiving will not + proceed. In the latter case, the server will periodically call this + function, and archiving will proceed if it eventually returns + true. + + + + + Archive Callback + + The archive_file_cb callback is called to archive a + single WAL file. + + +typedef bool (*ArchiveFileCB) (const char *file, const char *path); + + + If true is returned, the server proceeds as if the file + was successfully archived, which may include recycling or removing the + original WAL file. If false is returned, the server will + keep the original WAL file and retry archiving later. + file will contain just the file name of the WAL file to + archive, while path contains the full path of the WAL + file (including the file name). + + + + diff --git a/doc/src/sgml/backup.sgml b/doc/src/sgml/backup.sgml index cba32b6eb3..b42f1b3ca7 100644 --- a/doc/src/sgml/backup.sgml +++ b/doc/src/sgml/backup.sgml @@ -593,20 +593,23 @@ tar -cf backup.tar /usr/local/pgsql/data provide the database administrator with flexibility, PostgreSQL tries not to make any assumptions about how the archiving will be done. Instead, PostgreSQL lets - the administrator specify a shell command to be executed to copy a - completed segment file to wherever it needs to go. The command could be - as simple as a cp, or it could invoke a complex shell - script — it's all up to you. + the administrator specify an archive library to be executed to copy a + completed segment file to wherever it needs to go. This could be as simple + as a shell command that uses cp, or it could invoke a + complex C function — it's all up to you. To enable WAL archiving, set the configuration parameter to replica or higher, to on, - and specify the shell command to use in the configuration parameter. In practice + and specify the library to use in the configuration parameter. In practice these settings will always be placed in the postgresql.conf file. + One simple way to archive is to set archive_library to + shell and to specify a shell command in + . In archive_command, %p is replaced by the path name of the file to archive, while %f is replaced by only the file name. @@ -631,7 +634,17 @@ test ! -f /mnt/server/archivedir/00000001000000A900000065 && cp pg_wal/0 - The archive command will be executed under the ownership of the same + Another way to archive is to use a custom archive module as the + archive_library. Since such modules are written in + C, creating your own may require considerably more effort + than writing a shell command. However, archive modules can be more + performant than archiving via shell, and they will have access to many + useful server resources. For more information about archive modules, see + . + + + + The archive library will be executed under the ownership of the same user that the PostgreSQL server is running as. Since the series of WAL files being archived contains effectively everything in your database, you will want to be sure that the archived data is @@ -640,25 +653,31 @@ test ! -f /mnt/server/archivedir/00000001000000A900000065 && cp pg_wal/0 - It is important that the archive command return zero exit status if and - only if it succeeds. Upon getting a zero result, + It is important that the archive function return true if + and only if it succeeds. If true is returned, PostgreSQL will assume that the file has been - successfully archived, and will remove or recycle it. However, a nonzero - status tells PostgreSQL that the file was not archived; - it will try again periodically until it succeeds. + successfully archived, and will remove or recycle it. However, a return + value of false tells + PostgreSQL that the file was not archived; it + will try again periodically until it succeeds. If you are archiving via a + shell command, the appropriate return values can be achieved by returning + 0 if the command succeeds and a nonzero value if it + fails. - When the archive command is terminated by a signal (other than - SIGTERM that is used as part of a server - shutdown) or an error by the shell with an exit status greater than - 125 (such as command not found), the archiver process aborts and gets - restarted by the postmaster. In such cases, the failure is - not reported in . + If the archive function emits an ERROR or + FATAL, the archiver process aborts and gets restarted by + the postmaster. If you are archiving via shell command, FATAL is emitted if + the command is terminated by a signal (other than + SIGTERM that is used as part of a server shutdown) + or an error by the shell with an exit status greater than 125 (such as + command not found). In such cases, the failure is not reported in + . - The archive command should generally be designed to refuse to overwrite + The archive library should generally be designed to refuse to overwrite any pre-existing archive file. This is an important safety feature to preserve the integrity of your archive in case of administrator error (such as sending the output of two different servers to the same archive @@ -666,9 +685,9 @@ test ! -f /mnt/server/archivedir/00000001000000A900000065 && cp pg_wal/0 - It is advisable to test your proposed archive command to ensure that it + It is advisable to test your proposed archive library to ensure that it indeed does not overwrite an existing file, and that it returns - nonzero status in this case. + false in this case. The example command above for Unix ensures this by including a separate test step. On some Unix platforms, cp has switches such as that can be used to do the same thing @@ -680,7 +699,7 @@ test ! -f /mnt/server/archivedir/00000001000000A900000065 && cp pg_wal/0 While designing your archiving setup, consider what will happen if - the archive command fails repeatedly because some aspect requires + the archive library fails repeatedly because some aspect requires operator intervention or the archive runs out of space. For example, this could occur if you write to tape without an autochanger; when the tape fills, nothing further can be archived until the tape is swapped. @@ -695,7 +714,7 @@ test ! -f /mnt/server/archivedir/00000001000000A900000065 && cp pg_wal/0 - The speed of the archiving command is unimportant as long as it can keep up + The speed of the archive library is unimportant as long as it can keep up with the average rate at which your server generates WAL data. Normal operation continues even if the archiving process falls a little behind. If archiving falls significantly behind, this will increase the amount of @@ -707,11 +726,11 @@ test ! -f /mnt/server/archivedir/00000001000000A900000065 && cp pg_wal/0 - In writing your archive command, you should assume that the file names to + In writing your archive library, you should assume that the file names to be archived can be up to 64 characters long and can contain any combination of ASCII letters, digits, and dots. It is not necessary to - preserve the original relative path (%p) but it is necessary to - preserve the file name (%f). + preserve the original relative path but it is necessary to preserve the file + name. @@ -728,7 +747,7 @@ test ! -f /mnt/server/archivedir/00000001000000A900000065 && cp pg_wal/0 - The archive command is only invoked on completed WAL segments. Hence, + The archive function is only invoked on completed WAL segments. Hence, if your server generates only little WAL traffic (or has slack periods where it does so), there could be a long delay between the completion of a transaction and its safe recording in archive storage. To put @@ -758,7 +777,8 @@ test ! -f /mnt/server/archivedir/00000001000000A900000065 && cp pg_wal/0 contain enough information for archive recovery. (Crash recovery is unaffected.) For this reason, wal_level can only be changed at server start. However, archive_command can be changed with a - configuration file reload. If you wish to temporarily stop archiving, + configuration file reload. If you are archiving via shell and wish to + temporarily stop archiving, one way to do it is to set archive_command to the empty string (''). This will cause WAL files to accumulate in pg_wal/ until a @@ -938,11 +958,11 @@ SELECT * FROM pg_stop_backup(false, true); On a standby, archive_mode must be always in order for pg_stop_backup to wait. Archiving of these files happens automatically since you have - already configured archive_command. In most cases this + already configured archive_library. In most cases this happens quickly, but you are advised to monitor your archive system to ensure there are no delays. If the archive process has fallen behind - because of failures of the archive command, it will keep retrying + because of failures of the archive library, it will keep retrying until the archive succeeds and the backup is complete. If you wish to place a time limit on the execution of pg_stop_backup, set an appropriate @@ -1500,9 +1520,10 @@ restore_command = 'cp /mnt/server/archivedir/%f %p' To prepare for low level standalone hot backups, make sure wal_level is set to replica or higher, archive_mode to - on, and set up an archive_command that performs + on, and set up an archive_library that performs archiving only when a switch file exists. For example: +archive_library = 'shell' archive_command = 'test ! -f /var/lib/pgsql/backup_in_progress || (test ! -f /var/lib/pgsql/archive/%f && cp %p /var/lib/pgsql/archive/%f)' This command will perform archiving when diff --git a/doc/src/sgml/config.sgml b/doc/src/sgml/config.sgml index de77f14573..1e6ab34913 100644 --- a/doc/src/sgml/config.sgml +++ b/doc/src/sgml/config.sgml @@ -3479,7 +3479,7 @@ include_dir 'conf.d' Maximum size to let the WAL grow during automatic checkpoints. This is a soft limit; WAL size can exceed max_wal_size under special circumstances, such as - heavy load, a failing archive_command, or a high + heavy load, a failing archive_library, or a high wal_keep_size setting. If this value is specified without units, it is taken as megabytes. The default is 1 GB. @@ -3528,7 +3528,7 @@ include_dir 'conf.d' When archive_mode is enabled, completed WAL segments are sent to archive storage by setting - . In addition to off, + . In addition to off, to disable, there are two modes: on, and always. During normal operation, there is no difference between the two modes, but when set to always @@ -3538,9 +3538,6 @@ include_dir 'conf.d' for details. - archive_mode and archive_command are - separate variables so that archive_command can be - changed without leaving archiving mode. This parameter can only be set at server start. archive_mode cannot be enabled when wal_level is set to minimal. @@ -3548,6 +3545,28 @@ include_dir 'conf.d' + + archive_library (string) + + archive_library configuration parameter + + + + + The library to use for archiving completed WAL file segments. If set to + shell (the default) or an empty string, archiving via + shell is enabled, and is used. + Otherwise, the specified shared library is preloaded and is used for + archiving. For more information, see + and + . + + + This parameter can only be set at server start. + + + + archive_command (string) @@ -3570,9 +3589,11 @@ include_dir 'conf.d' This parameter can only be set in the postgresql.conf file or on the server command line. It is ignored unless - archive_mode was enabled at server start. + archive_mode was enabled at server start and + archive_library specifies to archive via shell command. If archive_command is an empty string (the default) while - archive_mode is enabled, WAL archiving is temporarily + archive_mode is enabled and archive_library + specifies archiving via shell, WAL archiving is temporarily disabled, but the server continues to accumulate WAL segment files in the expectation that a command will soon be provided. Setting archive_command to a command that does nothing but @@ -3592,7 +3613,7 @@ include_dir 'conf.d' - The is only invoked for + The is only invoked for completed WAL segments. Hence, if your server generates little WAL traffic (or has slack periods where it does so), there could be a long delay between the completion of a transaction and its safe diff --git a/doc/src/sgml/filelist.sgml b/doc/src/sgml/filelist.sgml index 89454e99b9..e6b472ec32 100644 --- a/doc/src/sgml/filelist.sgml +++ b/doc/src/sgml/filelist.sgml @@ -99,6 +99,7 @@ + diff --git a/doc/src/sgml/high-availability.sgml b/doc/src/sgml/high-availability.sgml index c43f214020..f4e5e9420b 100644 --- a/doc/src/sgml/high-availability.sgml +++ b/doc/src/sgml/high-availability.sgml @@ -935,7 +935,7 @@ primary_conninfo = 'host=192.168.1.50 port=5432 user=foo password=foopass' In lieu of using replication slots, it is possible to prevent the removal of old WAL segments using , or by storing the segments in an archive using - . + . However, these methods often result in retaining more WAL segments than required, whereas replication slots retain only the number of segments known to be needed. On the other hand, replication slots can retain so @@ -1386,10 +1386,10 @@ synchronous_standby_names = 'ANY 2 (s1, s2, s3)' to always, and the standby will call the archive command for every WAL segment it receives, whether it's by restoring from the archive or by streaming replication. The shared archive can - be handled similarly, but the archive_command must + be handled similarly, but the archive_library must test if the file being archived exists already, and if the existing file has identical contents. This requires more care in the - archive_command, as it must + archive_library, as it must be careful to not overwrite an existing file with different contents, but return success if the exactly same file is archived twice. And all that must be done free of race conditions, if two servers attempt diff --git a/doc/src/sgml/postgres.sgml b/doc/src/sgml/postgres.sgml index dba9cf413f..3db6d2160b 100644 --- a/doc/src/sgml/postgres.sgml +++ b/doc/src/sgml/postgres.sgml @@ -233,6 +233,7 @@ break is not needed in a wider output rendering. &bgworker; &logicaldecoding; &replication-origins; + &archive-modules; diff --git a/doc/src/sgml/ref/pg_basebackup.sgml b/doc/src/sgml/ref/pg_basebackup.sgml index 9e6807b457..2aaeaca766 100644 --- a/doc/src/sgml/ref/pg_basebackup.sgml +++ b/doc/src/sgml/ref/pg_basebackup.sgml @@ -102,8 +102,8 @@ PostgreSQL documentation All WAL records required for the backup must contain sufficient full-page writes, which requires you to enable full_page_writes on the primary and - not to use a tool like pg_compresslog as - archive_command to remove full-page writes from WAL files. + not to use a tool in your archive_library to remove + full-page writes from WAL files. diff --git a/doc/src/sgml/ref/pg_receivewal.sgml b/doc/src/sgml/ref/pg_receivewal.sgml index 9fde2fd2ef..10ee107000 100644 --- a/doc/src/sgml/ref/pg_receivewal.sgml +++ b/doc/src/sgml/ref/pg_receivewal.sgml @@ -40,7 +40,7 @@ PostgreSQL documentation pg_receivewal streams the write-ahead log in real time as it's being generated on the server, and does not wait - for segments to complete like does. + for segments to complete like does. For this reason, it is not necessary to set when using pg_receivewal. @@ -465,11 +465,11 @@ PostgreSQL documentation When using pg_receivewal instead of - as the main WAL backup method, it is + as the main WAL backup method, it is strongly recommended to use replication slots. Otherwise, the server is free to recycle or remove write-ahead log files before they are backed up, because it does not have any information, either - from or the replication slots, about + from or the replication slots, about how far the WAL stream has been archived. Note, however, that a replication slot will fill up the server's disk space if the receiver does not keep up with fetching the WAL data. diff --git a/doc/src/sgml/wal.sgml b/doc/src/sgml/wal.sgml index 24e1c89503..2bb27a8468 100644 --- a/doc/src/sgml/wal.sgml +++ b/doc/src/sgml/wal.sgml @@ -636,7 +636,7 @@ WAL files plus one additional WAL file are kept at all times. Also, if WAL archiving is used, old segments cannot be removed or recycled until they are archived. If WAL archiving cannot keep up - with the pace that WAL is generated, or if archive_command + with the pace that WAL is generated, or if archive_library fails repeatedly, old WAL files will accumulate in pg_wal until the situation is resolved. A slow or failed standby server that uses a replication slot will have the same effect (see diff --git a/src/backend/access/transam/xlog.c b/src/backend/access/transam/xlog.c index f547efd294..6350656a8b 100644 --- a/src/backend/access/transam/xlog.c +++ b/src/backend/access/transam/xlog.c @@ -8795,7 +8795,7 @@ ShutdownXLOG(int code, Datum arg) * process one more time at the end of shutdown). The checkpoint * record will go to the next XLOG file and won't be archived (yet). */ - if (XLogArchivingActive() && XLogArchiveCommandSet()) + if (XLogArchivingActive()) RequestXLogSwitch(false); CreateCheckPoint(CHECKPOINT_IS_SHUTDOWN | CHECKPOINT_IMMEDIATE); diff --git a/src/backend/postmaster/Makefile b/src/backend/postmaster/Makefile index 787c6a2c3b..dbbeac5a82 100644 --- a/src/backend/postmaster/Makefile +++ b/src/backend/postmaster/Makefile @@ -23,6 +23,7 @@ OBJS = \ pgarch.o \ pgstat.o \ postmaster.o \ + shell_archive.o \ startup.o \ syslogger.o \ walwriter.o diff --git a/src/backend/postmaster/pgarch.c b/src/backend/postmaster/pgarch.c index 74a7d7c4d0..f0e437f820 100644 --- a/src/backend/postmaster/pgarch.c +++ b/src/backend/postmaster/pgarch.c @@ -25,18 +25,12 @@ */ #include "postgres.h" -#include -#include -#include #include -#include -#include #include #include "access/xlog.h" #include "access/xlog_internal.h" #include "libpq/pqsignal.h" -#include "miscadmin.h" #include "pgstat.h" #include "postmaster/interrupt.h" #include "postmaster/pgarch.h" @@ -78,6 +72,8 @@ typedef struct PgArchData int pgprocno; /* pgprocno of archiver process */ } PgArchData; +char *XLogArchiveLibrary = ""; + /* ---------- * Local data @@ -85,6 +81,8 @@ typedef struct PgArchData */ static time_t last_sigterm_time = 0; static PgArchData *PgArch = NULL; +static ArchiveModuleCallbacks *ArchiveContext = NULL; + /* * Flags set by interrupt handlers for later service in the main loop. @@ -103,6 +101,7 @@ static bool pgarch_readyXlog(char *xlog); static void pgarch_archiveDone(char *xlog); static void pgarch_die(int code, Datum arg); static void HandlePgArchInterrupts(void); +static void LoadArchiveLibrary(void); /* Report shared memory space needed by PgArchShmemInit */ Size @@ -198,6 +197,11 @@ PgArchiverMain(void) */ PgArch->pgprocno = MyProc->pgprocno; + /* + * Load the archive_library. + */ + LoadArchiveLibrary(); + pgarch_MainLoop(); proc_exit(0); @@ -358,11 +362,11 @@ pgarch_ArchiverCopyLoop(void) */ HandlePgArchInterrupts(); - /* can't do anything if no command ... */ - if (!XLogArchiveCommandSet()) + /* can't do anything if not configured ... */ + if (!ArchiveContext->check_configured_cb()) { ereport(WARNING, - (errmsg("archive_mode enabled, yet archive_command is not set"))); + (errmsg("archive_mode enabled, yet archiving is not configured"))); return; } @@ -443,136 +447,31 @@ pgarch_ArchiverCopyLoop(void) /* * pgarch_archiveXlog * - * Invokes system(3) to copy one archive file to wherever it should go + * Invokes archive_file_cb to copy one archive file to wherever it should go * * Returns true if successful */ static bool pgarch_archiveXlog(char *xlog) { - char xlogarchcmd[MAXPGPATH]; char pathname[MAXPGPATH]; char activitymsg[MAXFNAMELEN + 16]; - char *dp; - char *endp; - const char *sp; - int rc; + bool ret; snprintf(pathname, MAXPGPATH, XLOGDIR "/%s", xlog); - /* - * construct the command to be executed - */ - dp = xlogarchcmd; - endp = xlogarchcmd + MAXPGPATH - 1; - *endp = '\0'; - - for (sp = XLogArchiveCommand; *sp; sp++) - { - if (*sp == '%') - { - switch (sp[1]) - { - case 'p': - /* %p: relative path of source file */ - sp++; - strlcpy(dp, pathname, endp - dp); - make_native_path(dp); - dp += strlen(dp); - break; - case 'f': - /* %f: filename of source file */ - sp++; - strlcpy(dp, xlog, endp - dp); - dp += strlen(dp); - break; - case '%': - /* convert %% to a single % */ - sp++; - if (dp < endp) - *dp++ = *sp; - break; - default: - /* otherwise treat the % as not special */ - if (dp < endp) - *dp++ = *sp; - break; - } - } - else - { - if (dp < endp) - *dp++ = *sp; - } - } - *dp = '\0'; - - ereport(DEBUG3, - (errmsg_internal("executing archive command \"%s\"", - xlogarchcmd))); - /* Report archive activity in PS display */ snprintf(activitymsg, sizeof(activitymsg), "archiving %s", xlog); set_ps_display(activitymsg); - rc = system(xlogarchcmd); - if (rc != 0) - { - /* - * If either the shell itself, or a called command, died on a signal, - * abort the archiver. We do this because system() ignores SIGINT and - * SIGQUIT while waiting; so a signal is very likely something that - * should have interrupted us too. Also die if the shell got a hard - * "command not found" type of error. If we overreact it's no big - * deal, the postmaster will just start the archiver again. - */ - int lev = wait_result_is_any_signal(rc, true) ? FATAL : LOG; - - if (WIFEXITED(rc)) - { - ereport(lev, - (errmsg("archive command failed with exit code %d", - WEXITSTATUS(rc)), - errdetail("The failed archive command was: %s", - xlogarchcmd))); - } - else if (WIFSIGNALED(rc)) - { -#if defined(WIN32) - ereport(lev, - (errmsg("archive command was terminated by exception 0x%X", - WTERMSIG(rc)), - errhint("See C include file \"ntstatus.h\" for a description of the hexadecimal value."), - errdetail("The failed archive command was: %s", - xlogarchcmd))); -#else - ereport(lev, - (errmsg("archive command was terminated by signal %d: %s", - WTERMSIG(rc), pg_strsignal(WTERMSIG(rc))), - errdetail("The failed archive command was: %s", - xlogarchcmd))); -#endif - } - else - { - ereport(lev, - (errmsg("archive command exited with unrecognized status %d", - rc), - errdetail("The failed archive command was: %s", - xlogarchcmd))); - } - + ret = ArchiveContext->archive_file_cb(xlog, pathname); + if (ret) + snprintf(activitymsg, sizeof(activitymsg), "last was %s", xlog); + else snprintf(activitymsg, sizeof(activitymsg), "failed on %s", xlog); - set_ps_display(activitymsg); - - return false; - } - elog(DEBUG1, "archived write-ahead log file \"%s\"", xlog); - - snprintf(activitymsg, sizeof(activitymsg), "last was %s", xlog); set_ps_display(activitymsg); - return true; + return ret; } /* @@ -716,3 +615,44 @@ HandlePgArchInterrupts(void) ProcessConfigFile(PGC_SIGHUP); } } + +/* + * LoadArchiveLibrary + * + * Loads the archiving callbacks into our local ArchiveContext. + */ +static void +LoadArchiveLibrary(void) +{ + ArchiveContext = palloc0(sizeof(ArchiveModuleCallbacks)); + + /* + * If shell archiving is enabled, use our special initialization + * function. Otherwise, load the library and call its + * _PG_archive_module_init(). + */ + if (ShellArchivingEnabled()) + shell_archive_init(ArchiveContext); + else + { + ArchiveModuleInit archive_init; + + archive_init = (ArchiveModuleInit) + load_external_function(XLogArchiveLibrary, + "_PG_archive_module_init", false, NULL); + + if (archive_init == NULL) + ereport(ERROR, + (errmsg("archive modules have to declare the " + "_PG_archive_module_init symbol"))); + + archive_init(ArchiveContext); + } + + if (ArchiveContext->check_configured_cb == NULL) + ereport(ERROR, + (errmsg("archive modules must register a check callback"))); + if (ArchiveContext->archive_file_cb == NULL) + ereport(ERROR, + (errmsg("archive modules must register an archive callback"))); +} diff --git a/src/backend/postmaster/postmaster.c b/src/backend/postmaster/postmaster.c index e2a76ba055..f43c6b4cdc 100644 --- a/src/backend/postmaster/postmaster.c +++ b/src/backend/postmaster/postmaster.c @@ -1024,6 +1024,7 @@ PostmasterMain(int argc, char *argv[]) * process any libraries that should be preloaded at postmaster start */ process_shared_preload_libraries(); + process_archive_library(); /* * Initialize SSL library, if specified. @@ -5011,6 +5012,7 @@ SubPostmasterMain(int argc, char *argv[]) * non-EXEC_BACKEND behavior. */ process_shared_preload_libraries(); + process_archive_library(); /* Run backend or appropriate child */ if (strcmp(argv[1], "--forkbackend") == 0) diff --git a/src/backend/postmaster/shell_archive.c b/src/backend/postmaster/shell_archive.c new file mode 100644 index 0000000000..7298dda6ee --- /dev/null +++ b/src/backend/postmaster/shell_archive.c @@ -0,0 +1,156 @@ +/*------------------------------------------------------------------------- + * + * shell_archive.c + * + * This archiving function uses a user-specified shell command (the + * archive_command GUC) to copy write-ahead log files. It is used as the + * default, but other modules may define their own custom archiving logic. + * + * Copyright (c) 2021, PostgreSQL Global Development Group + * + * IDENTIFICATION + * src/backend/postmaster/shell_archive.c + * + *------------------------------------------------------------------------- + */ +#include "postgres.h" + +#include + +#include "access/xlog.h" +#include "postmaster/pgarch.h" + +static bool shell_archive_configured(void); +static bool shell_archive_file(const char *file, const char *path); + +void +shell_archive_init(ArchiveModuleCallbacks *cb) +{ + AssertVariableIsOfType(&shell_archive_init, ArchiveModuleInit); + + cb->check_configured_cb = shell_archive_configured; + cb->archive_file_cb = shell_archive_file; +} + +static bool +shell_archive_configured(void) +{ + return XLogArchiveCommand[0] != '\0'; +} + +static bool +shell_archive_file(const char *file, const char *path) +{ + char xlogarchcmd[MAXPGPATH]; + char *dp; + char *endp; + const char *sp; + int rc; + + Assert(file != NULL); + Assert(path != NULL); + + /* + * construct the command to be executed + */ + dp = xlogarchcmd; + endp = xlogarchcmd + MAXPGPATH - 1; + *endp = '\0'; + + for (sp = XLogArchiveCommand; *sp; sp++) + { + if (*sp == '%') + { + switch (sp[1]) + { + case 'p': + /* %p: relative path of source file */ + sp++; + strlcpy(dp, path, endp - dp); + make_native_path(dp); + dp += strlen(dp); + break; + case 'f': + /* %f: filename of source file */ + sp++; + strlcpy(dp, file, endp - dp); + dp += strlen(dp); + break; + case '%': + /* convert %% to a single % */ + sp++; + if (dp < endp) + *dp++ = *sp; + break; + default: + /* otherwise treat the % as not special */ + if (dp < endp) + *dp++ = *sp; + break; + } + } + else + { + if (dp < endp) + *dp++ = *sp; + } + } + *dp = '\0'; + + ereport(DEBUG3, + (errmsg_internal("executing archive command \"%s\"", + xlogarchcmd))); + + rc = system(xlogarchcmd); + if (rc != 0) + { + /* + * If either the shell itself, or a called command, died on a signal, + * abort the archiver. We do this because system() ignores SIGINT and + * SIGQUIT while waiting; so a signal is very likely something that + * should have interrupted us too. Also die if the shell got a hard + * "command not found" type of error. If we overreact it's no big + * deal, the postmaster will just start the archiver again. + */ + int lev = wait_result_is_any_signal(rc, true) ? FATAL : LOG; + + if (WIFEXITED(rc)) + { + ereport(lev, + (errmsg("archive command failed with exit code %d", + WEXITSTATUS(rc)), + errdetail("The failed archive command was: %s", + xlogarchcmd))); + } + else if (WIFSIGNALED(rc)) + { +#if defined(WIN32) + ereport(lev, + (errmsg("archive command was terminated by exception 0x%X", + WTERMSIG(rc)), + errhint("See C include file \"ntstatus.h\" for a description of the hexadecimal value."), + errdetail("The failed archive command was: %s", + xlogarchcmd))); +#else + ereport(lev, + (errmsg("archive command was terminated by signal %d: %s", + WTERMSIG(rc), pg_strsignal(WTERMSIG(rc))), + errdetail("The failed archive command was: %s", + xlogarchcmd))); +#endif + } + else + { + ereport(lev, + (errmsg("archive command exited with unrecognized status %d", + rc), + errdetail("The failed archive command was: %s", + xlogarchcmd))); + } + + return false; + } + + elog(DEBUG1, "archived write-ahead log file \"%s\"", file); + return true; +} diff --git a/src/backend/utils/init/miscinit.c b/src/backend/utils/init/miscinit.c index 88801374b5..9f2766ed04 100644 --- a/src/backend/utils/init/miscinit.c +++ b/src/backend/utils/init/miscinit.c @@ -38,6 +38,7 @@ #include "pgstat.h" #include "postmaster/autovacuum.h" #include "postmaster/interrupt.h" +#include "postmaster/pgarch.h" #include "postmaster/postmaster.h" #include "storage/fd.h" #include "storage/ipc.h" @@ -1614,6 +1615,9 @@ char *local_preload_libraries_string = NULL; /* Flag telling that we are loading shared_preload_libraries */ bool process_shared_preload_libraries_in_progress = false; +/* Flag telling that we are loading archive_library */ +bool process_archive_library_in_progress = false; + /* * load the shared libraries listed in 'libraries' * @@ -1696,6 +1700,29 @@ process_session_preload_libraries(void) true); } +/* + * process the archive library + */ +void +process_archive_library(void) +{ + process_archive_library_in_progress = true; + + /* + * The shell archiving code is in the core server, so there's nothing + * to load for that. + */ + if (!ShellArchivingEnabled()) + { + load_file(XLogArchiveLibrary, false); + ereport(DEBUG1, + (errmsg_internal("loaded archive library \"%s\"", + XLogArchiveLibrary))); + } + + process_archive_library_in_progress = false; +} + void pg_bindtextdomain(const char *domain) { diff --git a/src/backend/utils/misc/guc.c b/src/backend/utils/misc/guc.c index e91d5a3cfd..9204f608fc 100644 --- a/src/backend/utils/misc/guc.c +++ b/src/backend/utils/misc/guc.c @@ -3864,13 +3864,23 @@ static struct config_string ConfigureNamesString[] = { {"archive_command", PGC_SIGHUP, WAL_ARCHIVING, gettext_noop("Sets the shell command that will be called to archive a WAL file."), - NULL + gettext_noop("This is unused if \"archive_library\" does not indicate archiving via shell is enabled.") }, &XLogArchiveCommand, "", NULL, NULL, show_archive_command }, + { + {"archive_library", PGC_POSTMASTER, WAL_ARCHIVING, + gettext_noop("Sets the library that will be called to archive a WAL file."), + gettext_noop("A value of \"shell\" or an empty string indicates that \"archive_command\" should be used.") + }, + &XLogArchiveLibrary, + "shell", + NULL, NULL, NULL + }, + { {"restore_command", PGC_SIGHUP, WAL_ARCHIVE_RECOVERY, gettext_noop("Sets the shell command that will be called to retrieve an archived WAL file."), @@ -8961,7 +8971,8 @@ init_custom_variable(const char *name, * module might already have hooked into. */ if (context == PGC_POSTMASTER && - !process_shared_preload_libraries_in_progress) + !process_shared_preload_libraries_in_progress && + !process_archive_library_in_progress) elog(FATAL, "cannot create PGC_POSTMASTER variables after startup"); /* diff --git a/src/backend/utils/misc/postgresql.conf.sample b/src/backend/utils/misc/postgresql.conf.sample index 1cbc9feeb6..dc4a20b014 100644 --- a/src/backend/utils/misc/postgresql.conf.sample +++ b/src/backend/utils/misc/postgresql.conf.sample @@ -245,6 +245,7 @@ #archive_mode = off # enables archiving; off, on, or always # (change requires restart) +#archive_library = 'shell' # library to use to archive a logfile segment #archive_command = '' # command to use to archive a logfile segment # placeholders: %p = path of file to archive # %f = file name only diff --git a/src/include/access/xlog.h b/src/include/access/xlog.h index 5e2c94a05f..7093e3390f 100644 --- a/src/include/access/xlog.h +++ b/src/include/access/xlog.h @@ -157,7 +157,6 @@ extern PGDLLIMPORT int wal_level; /* Is WAL archiving enabled always (even during recovery)? */ #define XLogArchivingAlways() \ (AssertMacro(XLogArchiveMode == ARCHIVE_MODE_OFF || wal_level >= WAL_LEVEL_REPLICA), XLogArchiveMode == ARCHIVE_MODE_ALWAYS) -#define XLogArchiveCommandSet() (XLogArchiveCommand[0] != '\0') /* * Is WAL-logging necessary for archival or log-shipping, or can we skip diff --git a/src/include/miscadmin.h b/src/include/miscadmin.h index 90a3016065..8717fed0dc 100644 --- a/src/include/miscadmin.h +++ b/src/include/miscadmin.h @@ -464,6 +464,7 @@ extern void BaseInit(void); /* in utils/init/miscinit.c */ extern bool IgnoreSystemIndexes; extern PGDLLIMPORT bool process_shared_preload_libraries_in_progress; +extern PGDLLIMPORT bool process_archive_library_in_progress; extern char *session_preload_libraries_string; extern char *shared_preload_libraries_string; extern char *local_preload_libraries_string; @@ -477,6 +478,7 @@ extern bool RecheckDataDirLockFile(void); extern void ValidatePgVersion(const char *path); extern void process_shared_preload_libraries(void); extern void process_session_preload_libraries(void); +extern void process_archive_library(void); extern void pg_bindtextdomain(const char *domain); extern bool has_rolreplication(Oid roleid); diff --git a/src/include/postmaster/pgarch.h b/src/include/postmaster/pgarch.h index 1e47a143e1..7d09d2665e 100644 --- a/src/include/postmaster/pgarch.h +++ b/src/include/postmaster/pgarch.h @@ -32,4 +32,49 @@ extern bool PgArchCanRestart(void); extern void PgArchiverMain(void) pg_attribute_noreturn(); extern void PgArchWakeup(void); +/* + * The value of the archive_library GUC. + */ +extern char *XLogArchiveLibrary; + +/* + * Callback that gets called to determine if the archive module is + * configured. + */ +typedef bool (*ArchiveCheckConfiguredCB) (void); + +/* + * Callback called to archive a single WAL file. + */ +typedef bool (*ArchiveFileCB) (const char *file, const char *path); + +/* + * Archive module callbacks + */ +typedef struct ArchiveModuleCallbacks +{ + ArchiveCheckConfiguredCB check_configured_cb; + ArchiveFileCB archive_file_cb; +} ArchiveModuleCallbacks; + +/* + * Type of the shared library symbol _PG_archive_module_init that is looked + * up when loading an archive library. + */ +typedef void (*ArchiveModuleInit) (ArchiveModuleCallbacks *cb); + +/* + * Since the logic for archiving via a shell command is in the core server + * and does not need to be loaded via a shared library, it has a special + * initialization function. + */ +extern void shell_archive_init(ArchiveModuleCallbacks *cb); + +/* + * We consider archiving via shell to be enabled if archive_library is + * empty or if archive_library is set to "shell". + */ +#define ShellArchivingEnabled() \ + (XLogArchiveLibrary[0] == '\0' || strcmp(XLogArchiveLibrary, "shell") == 0) + #endif /* _PGARCH_H */ diff --git a/src/test/modules/Makefile b/src/test/modules/Makefile index dffc79b2d9..b49e508a2c 100644 --- a/src/test/modules/Makefile +++ b/src/test/modules/Makefile @@ -5,6 +5,7 @@ top_builddir = ../../.. include $(top_builddir)/src/Makefile.global SUBDIRS = \ + basic_archive \ brin \ commit_ts \ delay_execution \ diff --git a/src/test/modules/basic_archive/.gitignore b/src/test/modules/basic_archive/.gitignore new file mode 100644 index 0000000000..5dcb3ff972 --- /dev/null +++ b/src/test/modules/basic_archive/.gitignore @@ -0,0 +1,4 @@ +# Generated subdirectories +/log/ +/results/ +/tmp_check/ diff --git a/src/test/modules/basic_archive/Makefile b/src/test/modules/basic_archive/Makefile new file mode 100644 index 0000000000..ffbf846b68 --- /dev/null +++ b/src/test/modules/basic_archive/Makefile @@ -0,0 +1,20 @@ +# src/test/modules/basic_archive/Makefile + +MODULES = basic_archive +PGFILEDESC = "basic_archive - basic archive module" + +REGRESS = basic_archive +REGRESS_OPTS = --temp-config $(top_srcdir)/src/test/modules/basic_archive/basic_archive.conf + +NO_INSTALLCHECK = 1 + +ifdef USE_PGXS +PG_CONFIG = pg_config +PGXS := $(shell $(PG_CONFIG) --pgxs) +include $(PGXS) +else +subdir = src/test/modules/basic_archive +top_builddir = ../../../.. +include $(top_builddir)/src/Makefile.global +include $(top_srcdir)/contrib/contrib-global.mk +endif diff --git a/src/test/modules/basic_archive/basic_archive.c b/src/test/modules/basic_archive/basic_archive.c new file mode 100644 index 0000000000..322049d45f --- /dev/null +++ b/src/test/modules/basic_archive/basic_archive.c @@ -0,0 +1,189 @@ +/*------------------------------------------------------------------------- + * + * basic_archive.c + * + * This file demonstrates a basic archive library implementation that is + * roughly equivalent to the following shell command: + * + * test ! -f /path/to/dest && cp /path/to/src /path/to/dest + * + * One notable difference between this module and the shell command above + * is that this module first copies the file to a temporary destination, + * syncs it to disk, and then durably moves it to the final destination. + * + * Copyright (c) 2021, PostgreSQL Global Development Group + * + * IDENTIFICATION + * src/test/modules/basic_archive/basic_archive.c + * + *------------------------------------------------------------------------- + */ +#include "postgres.h" + +#include +#include + +#include "miscadmin.h" +#include "postmaster/pgarch.h" +#include "storage/copydir.h" +#include "storage/fd.h" +#include "utils/guc.h" + +PG_MODULE_MAGIC; + +void _PG_init(void); +void _PG_archive_module_init(ArchiveModuleCallbacks *cb); + +static char *archive_directory = NULL; + +static bool basic_archive_configured(void); +static bool basic_archive_file(const char *file, const char *path); +static bool check_archive_directory(char **newval, void **extra, GucSource source); + +/* + * _PG_init + * + * Defines the module's GUC. + */ +void +_PG_init(void) +{ + if (!process_archive_library_in_progress) + ereport(ERROR, + (errmsg("\"basic_archive\" can only be loaded via \"archive_library\""))); + + DefineCustomStringVariable("basic_archive.archive_directory", + gettext_noop("Archive file destination directory."), + NULL, + &archive_directory, + "", + PGC_SIGHUP, + 0, + check_archive_directory, NULL, NULL); + + EmitWarningsOnPlaceholders("basic_archive"); +} + +/* + * _PG_archive_module_init + * + * Returns the module's archiving callbacks. + */ +void +_PG_archive_module_init(ArchiveModuleCallbacks *cb) +{ + AssertVariableIsOfType(&_PG_archive_module_init, ArchiveModuleInit); + + cb->check_configured_cb = basic_archive_configured; + cb->archive_file_cb = basic_archive_file; +} + +/* + * check_archive_directory + * + * Checks that the provided archive directory exists. + */ +static bool +check_archive_directory(char **newval, void **extra, GucSource source) +{ + struct stat st; + + /* + * The default value is an empty string, so we have to accept that value. + * Our check_configured callback also checks for this and prevents archiving + * from proceeding if it is still empty. + */ + if (*newval == NULL || *newval[0] == '\0') + return true; + + /* + * Make sure the file paths won't be too long. The docs indicate that the + * file names to be archived can be up to 64 characters long. + */ + if (strlen(*newval) + 64 + 2 >= MAXPGPATH) + { + GUC_check_errdetail("archive directory too long"); + return false; + } + + /* + * Do a basic sanity check that the specified archive directory exists. It + * could be removed at some point in the future, so we still need to be + * prepared for it not to exist in the actual archiving logic. + */ + if (stat(*newval, &st) != 0 || !S_ISDIR(st.st_mode)) + { + GUC_check_errdetail("specified archive directory does not exist"); + return false; + } + + return true; +} + +/* + * basic_archive_configured + * + * Checks that archive_directory is not blank. + */ +static bool +basic_archive_configured(void) +{ + return archive_directory != NULL && archive_directory[0] != '\0'; +} + +/* + * basic_archive_file + * + * Archives one file. + */ +static bool +basic_archive_file(const char *file, const char *path) +{ + char destination[MAXPGPATH]; + char temp[MAXPGPATH]; + struct stat st; + + ereport(DEBUG3, + (errmsg("archiving \"%s\" via basic_archive", file))); + + snprintf(destination, MAXPGPATH, "%s/%s", archive_directory, file); + snprintf(temp, MAXPGPATH, "%s/%s", archive_directory, "archtemp"); + + /* + * First, check if the file has already been archived. If the archive file + * already exists, something might be wrong, so we just fail. + */ + if (stat(destination, &st) == 0) + { + ereport(WARNING, + (errmsg("archive file \"%s\" already exists", destination))); + return false; + } + else if (errno != ENOENT) + ereport(ERROR, + (errcode_for_file_access(), + errmsg("could not stat file \"%s\": %m", destination))); + + /* + * Remove pre-existing temporary file, if one exists. + */ + if (unlink(temp) != 0 && errno != ENOENT) + ereport(ERROR, + (errcode_for_file_access(), + errmsg("could not unlink file \"%s\": %m", temp))); + + /* + * Copy the file to its temporary destination. + */ + copy_file(unconstify(char *, path), temp); + + /* + * Sync the temporary file to disk and move it to its final destination. + */ + (void) durable_rename_excl(temp, destination, ERROR); + + ereport(DEBUG1, + (errmsg("archived \"%s\" via basic_archive", file))); + + return true; +} diff --git a/src/test/modules/basic_archive/basic_archive.conf b/src/test/modules/basic_archive/basic_archive.conf new file mode 100644 index 0000000000..b26b2d4144 --- /dev/null +++ b/src/test/modules/basic_archive/basic_archive.conf @@ -0,0 +1,3 @@ +archive_mode = 'on' +archive_library = 'basic_archive' +basic_archive.archive_directory = '.' diff --git a/src/test/modules/basic_archive/expected/basic_archive.out b/src/test/modules/basic_archive/expected/basic_archive.out new file mode 100644 index 0000000000..0015053e0f --- /dev/null +++ b/src/test/modules/basic_archive/expected/basic_archive.out @@ -0,0 +1,29 @@ +CREATE TABLE test (a INT); +SELECT 1 FROM pg_switch_wal(); + ?column? +---------- + 1 +(1 row) + +DO $$ +DECLARE + archived bool; + loops int := 0; +BEGIN + LOOP + archived := count(*) > 0 FROM pg_ls_dir('.', false, false) a + WHERE a ~ '^[0-9A-F]{24}$'; + IF archived OR loops > 120 * 10 THEN EXIT; END IF; + PERFORM pg_sleep(0.1); + loops := loops + 1; + END LOOP; +END +$$; +SELECT count(*) > 0 FROM pg_ls_dir('.', false, false) a + WHERE a ~ '^[0-9A-F]{24}$'; + ?column? +---------- + t +(1 row) + +DROP TABLE test; diff --git a/src/test/modules/basic_archive/sql/basic_archive.sql b/src/test/modules/basic_archive/sql/basic_archive.sql new file mode 100644 index 0000000000..14e236d57a --- /dev/null +++ b/src/test/modules/basic_archive/sql/basic_archive.sql @@ -0,0 +1,22 @@ +CREATE TABLE test (a INT); +SELECT 1 FROM pg_switch_wal(); + +DO $$ +DECLARE + archived bool; + loops int := 0; +BEGIN + LOOP + archived := count(*) > 0 FROM pg_ls_dir('.', false, false) a + WHERE a ~ '^[0-9A-F]{24}$'; + IF archived OR loops > 120 * 10 THEN EXIT; END IF; + PERFORM pg_sleep(0.1); + loops := loops + 1; + END LOOP; +END +$$; + +SELECT count(*) > 0 FROM pg_ls_dir('.', false, false) a + WHERE a ~ '^[0-9A-F]{24}$'; + +DROP TABLE test; -- 2.16.6