pg_rewind — synchronize a Postgres Pro data directory with another data directory that was forked from it
pg_rewind [option...] { -D | --target-pgdata } directory { --source-pgdata= | directory--source-server= } connstr
pg_rewind is a tool for synchronizing a Postgres Pro cluster with another copy of the same cluster, after the clusters' timelines have diverged. A typical scenario is to bring an old master server back online after failover as a standby that follows the new master.
The result is equivalent to replacing the target data directory with the source one. Only changed blocks from relation files are copied; all other files are copied in full, including configuration files. The advantage of pg_rewind over taking a new base backup, or tools like rsync, is that pg_rewind does not require reading through unchanged blocks in the cluster. This makes it a lot faster when the database is large and only a small fraction of blocks differ between the clusters.
pg_rewind examines the timeline histories of the source
and target clusters to determine the point where they diverged, and
expects to find WAL in the target cluster's pg_wal directory
reaching all the way back to the point of divergence. The point of divergence
can be found either on the target timeline, the source timeline, or their common
ancestor. In the typical failover scenario where the target cluster was
shut down soon after the divergence, this is not a problem, but if the
target cluster ran for a long time after the divergence, its old WAL
files might no longer be present. In this case, you can manually copy them
from the WAL archive to the pg_wal directory, or run
pg_rewind with the -c option to
automatically retrieve them from the WAL archive. The use of
pg_rewind is not limited to failover, e.g., a standby
server can be promoted, run some write transactions, and then rewound
to become a standby again.
When the target server is started for the first time after running
pg_rewind, it will go into recovery mode and replay all
WAL generated in the source server after the point of divergence.
If some of the WAL was no longer available in the source server when
pg_rewind was run, and therefore could not be copied by the
pg_rewind session, it must be made available when the
target server is started. This can be done by creating a
recovery.signal file in the target data directory
and configuring suitable restore_command
in postgresql.conf.
pg_rewind requires that the target server either has
the wal_log_hints option enabled
in postgresql.conf or data checksums enabled when
the cluster was initialized with initdb. While
wal_log_hints is currently off by default, the checksums are enabled.
full_page_writes
must also be set to on, and it is enabled by default.
If pg_rewind fails while processing, then the data folder of the target is likely not in a state that can be recovered. In such a case, taking a new fresh backup is recommended.
pg_rewind will fail immediately if it finds files it cannot write directly to. This can happen for example when the source and the target server use the same file mapping for read-only SSL keys and certificates. If such files are present on the target server it is recommended to remove them before running pg_rewind. After doing the rewind, some of those files may have been copied from the source, in which case it may be necessary to remove the data copied and restore back the set of links used before the rewind.
pg_rewind accepts the following command-line arguments:
-D directory--target-pgdata=directoryThis option specifies the target data directory that is synchronized with the source. The target server must be shut down cleanly before running pg_rewind
--source-pgdata=directorySpecifies the file system path to the data directory of the source server to synchronize the target with. This option requires the source server to be cleanly shut down.
--source-server=connstrSpecifies a libpq connection string to connect to the source Postgres Pro server to synchronize the target with. The connection must be a normal (non-replication) connection with a role having sufficient permissions to execute the functions used by pg_rewind on the source server (see Notes section for details) or a superuser role. This option requires the source server to be running and not in recovery mode.
-n--dry-runDo everything except actually modifying the target directory.
-N--no-sync
By default, pg_rewind will wait for all files
to be written safely to disk. This option causes
pg_rewind to return without waiting, which is
faster, but means that a subsequent operating system crash can leave
the data directory corrupt. Generally, this option is useful for
testing but should not be used when creating a production
installation.
-P--progressEnables progress reporting. Turning this on will deliver an approximate progress report while copying data from the source cluster.
-c--restore-target-wal
Use restore_command defined in the target cluster
configuration to retrieve WAL files from the WAL archive if these
files are no longer available in the pg_wal
directory.
--debugPrint verbose debugging output that is mostly useful for developers debugging pg_rewind.
-V--versionDisplay version information, then exit.
-?--helpShow help, then exit.
When --source-server option is used,
pg_rewind also uses the environment variables
supported by libpq (see Section 31.14).
The environment variable PG_COLOR specifies whether to use
color in diagnostic messages. Possible values are
always, auto and
never.
When executing pg_rewind using an online
cluster as source, a role having sufficient permissions to execute the
functions used by pg_rewind on the source
cluster can be used instead of a superuser. Here is how to create such
a role, named rewind_user here:
CREATE USER rewind_user LOGIN; GRANT EXECUTE ON function pg_catalog.pg_ls_dir(text, boolean, boolean) TO rewind_user; GRANT EXECUTE ON function pg_catalog.pg_stat_file(text, boolean) TO rewind_user; GRANT EXECUTE ON function pg_catalog.pg_read_binary_file(text) TO rewind_user; GRANT EXECUTE ON function pg_catalog.pg_read_binary_file(text, bigint, bigint, boolean) TO rewind_user;
When executing pg_rewind using an online
cluster as source which has been recently promoted, it is necessary
to execute a CHECKPOINT after promotion so as its
control file reflects up-to-date timeline information, which is used by
pg_rewind to check if the target cluster
can be rewound using the designated source cluster.
The basic idea is to copy all file system-level changes from the source cluster to the target cluster:
Scan the WAL log of the target cluster, starting from the last
checkpoint before the point where the source cluster's timeline
history forked off from the target cluster. For each WAL record,
record each data block that was touched. This yields a list of all
the data blocks that were changed in the target cluster, after the
source cluster forked off. If some of the WAL files are no longer
available, try re-running pg_rewind with
the -c option to search for the missing files in
the WAL archive.
Copy all those changed blocks from the source cluster to
the target cluster, either using direct file system access
(--source-pgdata) or SQL (--source-server).
Copy all other files such as pg_xact and
configuration files from the source cluster to the target cluster
(everything except the relation files). Similarly to base backups,
the contents of the directories pg_dynshmem/,
pg_notify/, pg_replslot/,
pg_serial/, pg_snapshots/,
pg_stat_tmp/, and
pg_subtrans/ are omitted from the data copied
from the source cluster. Any file or directory beginning with
pgsql_tmp is omitted, as well as are
backup_label,
tablespace_map,
pg_internal.init,
postmaster.opts and
postmaster.pid.
Apply the WAL from the source cluster, starting from the checkpoint created at failover. (Strictly speaking, pg_rewind doesn't apply the WAL, it just creates a backup label file that makes Postgres Pro start by replaying all WAL from that checkpoint forward.)