If a base backup is cancelled by server shutdown or crash, throw an error

in WAL recovery when it sees the shutdown checkpoint record. It's more
user-friendly to find out about it at that point than at the end of
recovery, and you're not left wondering why your hot standby server never
opens up for read-only connections.

diff --git a/src/backend/access/transam/xlog.c b/src/backend/access/transam/xlog.c
index 3f339825ae7a39c98f2bbcc72fccb3ac71368b6d..6812cf5e9a4c8bebcf067ec4d080a311a85e770c 100644 (file)
--- a/src/backend/access/transam/xlog.c
+++ b/src/backend/access/transam/xlog.c
@@ -7,7 +7,7 @@
  * Portions Copyright (c) 1996-2010, PostgreSQL Global Development Group
  * Portions Copyright (c) 1994, Regents of the University of California
  *
- * $PostgreSQL: pgsql/src/backend/access/transam/xlog.c,v 1.403 2010/04/23 20:21:31 sriggs Exp $
+ * $PostgreSQL: pgsql/src/backend/access/transam/xlog.c,v 1.404 2010/04/27 09:25:18 heikki Exp $
  *
  *-------------------------------------------------------------------------
  */
@@ -7713,6 +7713,16 @@ xlog_redo(XLogRecPtr lsn, XLogRecord *record)
                if (standbyState != STANDBY_DISABLED)
                        CheckRequiredParameterValues(checkPoint);
 
+               /*
+                * If we see a shutdown checkpoint while waiting for an
+                * end-of-backup record, the backup was cancelled and the
+                * end-of-backup record will never arrive.
+                */
+               if (InArchiveRecovery &&
+                       !XLogRecPtrIsInvalid(ControlFile->backupStartPoint))
+                       ereport(ERROR,
+                                       (errmsg("online backup was cancelled, recovery cannot continue")));
+
                /*
                 * If we see a shutdown checkpoint, we know that nothing was
                 * running on the master at this point. So fake-up an empty