Home / server / Questions / 512638
Accepted
orokusaki
Asked: 2013-06-03 08:03:26 +0800 CST

If I `sudo reboot` my Ubuntu 12.04.2 server with Postgres running, can I lose data?

  • 772

I've been wondering for the longest time if a sudo reboot with a running Postgres (namely, 9.2.4) server can (or definitely will) lead to data loss or other problems (e.g., inability to start again the server upon system boot). Or, does reboot send the proper signals to processes that allow them to properly be shut down (including, for instance, allowing transactions to complete, etc.).

postgresql

3 Answers

  1. Best Answer

    If your server and hardware are properly configured you will not lose data even if you press the reset button, yank the power cord, or trigger a kernel panic. PostgreSQL is crash safe because of its write-ahead logging.

    The only person who got this vaguely right is "Zoredache" in the comments.

    You will only lose data if:

    • You've configured PostgreSQL not to be crash safe by setting fsync=off;
    • You're using UNLOGGED tables, which are not crash-safe (and in this case you'll only lose the data in the unlogged tables);
    • The underlying storage system isn't crash safe or disregards fsync, like many cheap consumer SSDs that do write-back caching to volatile cache without proper backup power;

    I wrote a lot more on this in a blog post a few months ago.

    Even if you're using a cheap SSD, you still won't generally lose data on a sudden reboot, only when your system actually loses power. I've seen a few systems that power-cycle the disks on reset, though, and these systems would get data loss if using cheap SSDs.

    A "clean" shutdown is pretty much optional for PostgreSQL; the only downsides of a sudden reboot are that the database might take a bit longer to start up due to the time required to apply write-ahead-logs during recovery, and that (per the documentation) UNLOGGED tables will be truncated.

    Even in a so-called "clean" shutdown, most init scripts will only wait for a limited time for the server to shut down. Most init scripts use "fast" shutdown mode, which will abort current transactions, refuse new sessions, and quickly but cleanly shut down the server. They'll usually time out if that takes too long and just shut down anyway, effectively relying on PostgreSQL's crash safety.

    If you want to allow current transactions to finish you need to do a "smart" shutdown manually before shutting your system down, or modify your init scripts to use it. Smart shutdown isn't always very useful because one long running or abandoned connection can stop the whole server shutting down indefinitely, leaving it sitting there refusing all connections. It's useful as a first-try that you let run for a minute or before doing a fast shutdown.

    Crash safety is no excuse for failing to take backups - and test them.

    • 8

  2. It should gracefully shut down it and all running services. Take a backup and test!

    • 2

  3. reboot is a graceful shutdown. reboot -f / reboot --force is the data killer.

    • 1