Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1nFnVy-0003JO-5Y for pgsql-hackers@arkaria.postgresql.org; Fri, 04 Feb 2022 01:35:55 +0000 Received: from localhost ([127.0.0.1] helo=malur.postgresql.org) by malur.postgresql.org with esmtp (Exim 4.92) (envelope-from ) id 1nFnVw-0006z8-GP for pgsql-hackers@arkaria.postgresql.org; Fri, 04 Feb 2022 01:35:52 +0000 Received: from magus.postgresql.org ([2a02:c0:301:0:ffff::29]) by malur.postgresql.org with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1nFnVu-0006un-KY for pgsql-hackers@lists.postgresql.org; Fri, 04 Feb 2022 01:35:52 +0000 Received: from wout2-smtp.messagingengine.com ([64.147.123.25]) by magus.postgresql.org with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1nFnVq-0007td-KW for pgsql-hackers@lists.postgresql.org; Fri, 04 Feb 2022 01:35:50 +0000 Received: from compute2.internal (compute2.nyi.internal [10.202.2.46]) by mailout.west.internal (Postfix) with ESMTP id E05A03201F68; Thu, 3 Feb 2022 20:35:42 -0500 (EST) Received: from mailfrontend1 ([10.202.2.162]) by compute2.internal (MEProxy); Thu, 03 Feb 2022 20:35:43 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=anarazel.de; h= cc:cc:content-type:date:date:from:from:in-reply-to:in-reply-to :message-id:mime-version:references:reply-to:sender:subject :subject:to:to; s=fm3; bh=DH+Mta9Y0n5RihlTZYTvNN3M/MCPtpnG8hH404 65HDQ=; b=vob0gtb+x+r/u8+n0R0zyglvVyxXmuE6XrFypIa3CY2pCvUPE/Gihr eiIL3MvCyZuDx3RU6SkZH0FTv6il7nrHgvHgj9XrDlL2j24/emw95sMGA3deazH8 gth/TmAcOkGr9lABBljFGQ6hDW4cFrDPN1+ADiSKtMl5TTLYXhVMC5uIkhOkXh6L FghM8bibQkaGckZbmyZAetA3IhSaH007b05r6tp2ogcVD0HiPM00gGOgljOiWjrQ jRn9+O2+QMlpuz4qJIHmMkSekLw/VSFzqzb/kFhJgKqgSsMn62ujaciETzr5nTrA ouPEjzjAPriQBBjlOsFVTPuT3wf8Y6Rg== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-type:date:date:from:from :in-reply-to:in-reply-to:message-id:mime-version:references :reply-to:sender:subject:subject:to:to:x-me-proxy:x-me-proxy :x-me-sender:x-me-sender:x-sasl-enc; s=fm2; bh=DH+Mta9Y0n5RihlTZ YTvNN3M/MCPtpnG8hH40465HDQ=; b=h5ppZ8tVZuBGgcVXn1dh2Ha7MHBZOs1pv J59wifev6vOsNACnbU+bkyDuk5B9GujXXEgi5MHOF82iRCn5WN0MoXWxEuznSvdr 95uz69ggfaj4OJzyvxLasUULBNHA0OjWsru0K1X6k1jzJr/t9C3BoEPWYVHTUN6V BffCIAGfo6+dCq8MPawN0hyQqJ+mLAyKEJVJH4PT9ook3cmDWo8xff2YrnRoW2tC cWefVM4sBhNb4iUqXJZxCUvDjVOYq0dZjUyTz/TSqXr44naNSEg7b2bEPFEJ1lEN tdjJ16iJ2rEWivCGoXFENufGY8Kp5ejmCnx2o7cKbzqsqR/cfUPfg== X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvvddrgeekgdefjecutefuodetggdotefrodftvf curfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfghnecu uegrihhlohhuthemuceftddtnecusecvtfgvtghiphhivghnthhsucdlqddutddtmdenuc fjughrpeffhffvuffkfhggtggujgesthdtredttddtvdenucfhrhhomheptehnughrvghs ucfhrhgvuhhnugcuoegrnhgurhgvshesrghnrghrrgiivghlrdguvgeqnecuggftrfgrth htvghrnhepudekhfekleeugeevteehleffffejgeelueduleeffeeutdelffeujeffhfeu ffdunecuvehluhhsthgvrhfuihiivgeptdenucfrrghrrghmpehmrghilhhfrhhomheprg hnughrvghssegrnhgrrhgriigvlhdruggv X-ME-Proxy: Received: by mail.messagingengine.com (Postfix) with ESMTPA; Thu, 3 Feb 2022 20:35:41 -0500 (EST) Date: Thu, 3 Feb 2022 17:35:39 -0800 From: Andres Freund To: Robert Haas Cc: John Naylor , Peter Geoghegan , PostgreSQL Hackers Subject: Re: do only critical work during single-user vacuum? Message-ID: <20220204013539.qdegpqzvayq3d4y2@alap3.anarazel.de> References: <20211210015616.o242b4xchhpglfcy@alap3.anarazel.de> <20220203215048.rmwjzixdzaetedxq@alap3.anarazel.de> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: List-Id: List-Help: List-Subscribe: List-Post: List-Owner: List-Archive: Archived-At: Precedence: bulk Hi, On 2022-02-03 17:02:15 -0500, Robert Haas wrote: > On Thu, Feb 3, 2022 at 4:50 PM Andres Freund wrote: > > I wonder if we shouldn't add some exceptions to the xid allocation > > prevention. It makes sense that we don't allow random DML. But it's e.g. often > > more realistic to drop / truncate a few tables with unimportant content, > > rather than spend the time vacuuming those. We could e.g. allow xid > > consumption within VACUUM, TRUNCATE, DROP TABLE / INDEX when run at the top > > level for longer than we allow it for anything else. > > True, although we currently don't start refusing XID allocation > altogether until only 1 million remain, IIRC. And that's cutting it > really close if we need to start consuming 1 XID per table we need to > drop. We might need to push out some of the thresholds a bit. Yea, I'd have no problem leaving the "hard" limit somewhere closer to 1 million (although 100k should be just as well), but introduce a softer "only vacuum/drop/truncate" limit a good bit before that. > For the most part, I think that there's no reason why autovacuum > shouldn't be able to recover from this situation automatically, as > long as old replication slots and prepared transactions are cleaned up > and any old transactions are killed off. To address the "as long as" part: I think that describing better what is holding back the horizon would be a significant usability improvement. Imagine that instead of the generic hints in these messages: ereport(ERROR, (errcode(ERRCODE_PROGRAM_LIMIT_EXCEEDED), errmsg("database is not accepting commands to avoid wraparound data loss in database \"%s\"", oldest_datname), errhint("Stop the postmaster and vacuum that database in single-user mode.\n" "You might also need to commit or roll back old prepared transactions, or drop stale replication slots."))); and ereport(WARNING, (errmsg("oldest xmin is far in the past"), errhint("Close open transactions soon to avoid wraparound problems.\n" "You might also need to commit or roll back old prepared transactions, or drop stale replication slots."))); we'd actually tell the user a bit more what about what is causing the problem. We can compute the: 1) oldest slot by xmin, with name 2) oldest walsender by xmin, with pid 3) oldest prepared transaction id by xid / xmin, with name 4) oldest in-progress transaction id by xid / xmin, with name 5) oldest database datfrozenxid, with database name If 1-4) are close to 5), there's no point in trying to vacuum aggressively, it won't help. So we instead can say that the xmin horizon (with a better name) is held back by the oldest of these, with enough identifying information for the user to actually know where to look. In contrast, if 5) is older than 1-4), then we can tell the user which database is the problem, as we do right now, but we can stop mentioning the "You might also need to commit ..." bit. Also, adding an SRF providing the above in a useful format would be great for monitoring and for "remote debugging" of problems. Greetings, Andres Freund