The current WAL archive cleanup logic triggers only when the archive
directory exceeds 50% of the total volume size. On instances with
large volumes and relatively small effective data size, this allows
the WAL archive to grow excessively and consume most of the disk.
For example, on a 200GB volume with ~10GB of actual database data,
WAL cleanup starts only after the archive reaches ~100GB. With regular
scheduled backups, the archive size then remains close to this value,
unnecessarily reserving disk space and increasing the risk of running
out of free space as the database grows.
This change replaces the hardcoded volume-based threshold with a limit
derived from max_wal_size and a configurable safety factor:
max_archive_size = max_wal_size * WAL_SAFETY_FACTOR
The proposed default WAL_SAFETY_FACTOR is 5, which provides sufficient
headroom for typical workloads while keeping archive growth bounded.
Users with write-heavy workloads can increase max_wal_size as needed.
The patch also introduces a mechanism to disable the default WAL
archive cleanup for advanced use cases by detecting a special keyword
in archive_command. Documentation includes an example of implementing
a custom mtime-based cleanup routine.
See also the security note regarding archive_command handling in
validation-rules.json.
Depends-On: https://review.opendev.org/c/openstack/trove/+/978130
Depends-On: https://review.opendev.org/c/openstack/trove/+/978131
Change-Id: I96fa125fa2044e40e3fbeb685cc826b62b21bd4a
Signed-off-by: Erkin Mussurmankulov <mangust404@gmail.com>
0604f0ecc9