Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Bug#1056303: pg_createcluster destroys data directory under certain conditions
21 views
Skip to first unread message
Max Kellermann
Nov 20, 2023, 4:00:05 AM11/20/23
to
Package: postgresql-common
Version: 248
Severity: critical
When I tried to use "pg_createcluster" to configure my pre-existing
PostgreSQL data directory with a new Debian install, it deleted the
whole cluster with all databases instead. (This serious data loss
justifies "severity critical" according to
https://www.debian.org/Bugs/Developer#severities)
Steps to reproduce:
pg_createcluster 15 test
cp /etc/postgresql/15/test/postgresql.conf /var/lib/postgresql/15/test/
rm -r /etc/postgresql/15/test
pg_createcluster 15 test
This creates a new cluster just for the demo, then deletes the
configuration directory, after copying the postgresql.conf to the data
directory.
I expect the second "pg_createcluster" call to find the existing data
directory and configure it; and it tries to do so indeed:
Configuring already existing cluster (configuration: /etc/postgresql/15/test, data: /var/lib/postgresql/15/test, owner: 103:111)
After it finds and moves a "postgresql.conf", it however fails to find
"pg_hba.conf"
Error: move_conffile: required configuration file /var/lib/postgresql/15/test/pg_hba.conf does not exist
This fails the whole operation, and apparently, "pg_createcluster"
tries to roll back by invoking "pg_dropcluster 15 test 2>/dev/null",
destroying all pre-existing data.
If "postgresql.conf" does not exist (or is empty), "pg_dropcluster" is
not invoked.
Version: 248
Severity: critical
When I tried to use "pg_createcluster" to configure my pre-existing
PostgreSQL data directory with a new Debian install, it deleted the
whole cluster with all databases instead. (This serious data loss
justifies "severity critical" according to
https://www.debian.org/Bugs/Developer#severities)
Steps to reproduce:
pg_createcluster 15 test
cp /etc/postgresql/15/test/postgresql.conf /var/lib/postgresql/15/test/
rm -r /etc/postgresql/15/test
pg_createcluster 15 test
This creates a new cluster just for the demo, then deletes the
configuration directory, after copying the postgresql.conf to the data
directory.
I expect the second "pg_createcluster" call to find the existing data
directory and configure it; and it tries to do so indeed:
Configuring already existing cluster (configuration: /etc/postgresql/15/test, data: /var/lib/postgresql/15/test, owner: 103:111)
After it finds and moves a "postgresql.conf", it however fails to find
"pg_hba.conf"
Error: move_conffile: required configuration file /var/lib/postgresql/15/test/pg_hba.conf does not exist
This fails the whole operation, and apparently, "pg_createcluster"
tries to roll back by invoking "pg_dropcluster 15 test 2>/dev/null",
destroying all pre-existing data.
If "postgresql.conf" does not exist (or is empty), "pg_dropcluster" is
not invoked.
Michael Banck
Jan 2, 2024, 10:10:05 AM1/2/24
to
severity 1056303 important
tags 1056303 +patch
thanks
Hi,
On Mon, Nov 20, 2023 at 09:49:34AM +0100, Max Kellermann wrote:
> When I tried to use "pg_createcluster" to configure my pre-existing
> PostgreSQL data directory with a new Debian install, it deleted the
> whole cluster with all databases instead. (This serious data loss
> justifies "severity critical" according to
> https://www.debian.org/Bugs/Developer#severities)
> Steps to reproduce:
>
> pg_createcluster 15 test
> cp /etc/postgresql/15/test/postgresql.conf /var/lib/postgresql/15/test/
You missed to copy the other configuration files, as cautioned in the
manpage:
| If the data directory already exists, it is integrated into the
| postgresql-common structure by moving the configuration file and
| setting the data_directory option. Please note that this only works
| for data directories which were created directly with initdb, i.e.
| all the configuration files (postgresql.conf etc.) must be present in
| the data directory.
> rm -r /etc/postgresql/15/test
> pg_createcluster 15 test
>
> This creates a new cluster just for the demo, then deletes the
> configuration directory, after copying the postgresql.conf to the data
> directory.
>
> I expect the second "pg_createcluster" call to find the existing data
> directory and configure it; and it tries to do so indeed:
>
> Configuring already existing cluster (configuration:
> /etc/postgresql/15/test, data: /var/lib/postgresql/15/test, owner:
> 103:111)
>
> After it finds and moves a "postgresql.conf", it however fails to find
> "pg_hba.conf"
Right, see above.
> Error: move_conffile: required configuration file /var/lib/postgresql/15/test/pg_hba.conf does not exist
> This fails the whole operation, and apparently, "pg_createcluster"
> tries to roll back by invoking "pg_dropcluster 15 test 2>/dev/null",
> destroying all pre-existing data.
>
> If "postgresql.conf" does not exist (or is empty), "pg_dropcluster" is
> not invoked.
This is because pg_creatcluster copies postgresql.conf first, and gets
version and cluster from it - if those are set, the data directory is
removed in the cleanup phase on error.
I think it would be sensible to only remove the data directory if it
actually got created by pg_createcluster, so I propose the attached
patch; I have also opened a merge request on Salsa for this:
https://salsa.debian.org/postgresql/postgresql-common/-/merge_requests/19
Michael
tags 1056303 +patch
thanks
Hi,
On Mon, Nov 20, 2023 at 09:49:34AM +0100, Max Kellermann wrote:
> When I tried to use "pg_createcluster" to configure my pre-existing
> PostgreSQL data directory with a new Debian install, it deleted the
> whole cluster with all databases instead. (This serious data loss
> justifies "severity critical" according to
> https://www.debian.org/Bugs/Developer#severities)
> Steps to reproduce:
>
> pg_createcluster 15 test
> cp /etc/postgresql/15/test/postgresql.conf /var/lib/postgresql/15/test/
manpage:
| If the data directory already exists, it is integrated into the
| postgresql-common structure by moving the configuration file and
| setting the data_directory option. Please note that this only works
| for data directories which were created directly with initdb, i.e.
| all the configuration files (postgresql.conf etc.) must be present in
| the data directory.
> rm -r /etc/postgresql/15/test
> pg_createcluster 15 test
>
> This creates a new cluster just for the demo, then deletes the
> configuration directory, after copying the postgresql.conf to the data
> directory.
>
> I expect the second "pg_createcluster" call to find the existing data
> directory and configure it; and it tries to do so indeed:
>
> Configuring already existing cluster (configuration:
> /etc/postgresql/15/test, data: /var/lib/postgresql/15/test, owner:
> 103:111)
>
> After it finds and moves a "postgresql.conf", it however fails to find
> "pg_hba.conf"
> Error: move_conffile: required configuration file /var/lib/postgresql/15/test/pg_hba.conf does not exist
> This fails the whole operation, and apparently, "pg_createcluster"
> tries to roll back by invoking "pg_dropcluster 15 test 2>/dev/null",
> destroying all pre-existing data.
>
> If "postgresql.conf" does not exist (or is empty), "pg_dropcluster" is
> not invoked.
version and cluster from it - if those are set, the data directory is
removed in the cleanup phase on error.
I think it would be sensible to only remove the data directory if it
actually got created by pg_createcluster, so I propose the attached
patch; I have also opened a merge request on Salsa for this:
https://salsa.debian.org/postgresql/postgresql-common/-/merge_requests/19
Michael
0 new messages