fix(restore): use 3-section sequential pg_restore to prevent OID race conditions#4170
Open
mixelburg wants to merge 1 commit intoDokploy:canaryfrom
Open
fix(restore): use 3-section sequential pg_restore to prevent OID race conditions#4170mixelburg wants to merge 1 commit intoDokploy:canaryfrom
mixelburg wants to merge 1 commit intoDokploy:canaryfrom
Conversation
… conditions Replaces the single-pass pg_restore with a sequential 3-section approach: 1. pre-data: creates schema objects with --clean --if-exists 2. data: inserts records after schema is fully established 3. post-data: creates indexes, constraints, and triggers after all data This prevents 'could not open relation with OID' errors that occur with complex schemas (TimescaleDB, foreign keys) where the previous single-pass restore could race against itself during schema creation and data insertion. The dump is saved to a temp file inside the container via stdin, then restored in three passes. The temp file is always cleaned up (using ; not && before rm -f) even if a restore step fails. Fixes Dokploy#4127
dosubot
bot
added
size:XS
![greptile-apps[bot]](https://avatars.githubusercontent.com/in/867647?s=60&v=4){kind=small}
Comment on lines
+10
to
+12
| const tmpFile = "/tmp/dokploy_restore.dump"; | ||
| const pgArgs = `-U '${databaseUser}' -d ${database} -O`; | ||
| return `docker exec -i $CONTAINER_ID sh -c "cat > ${tmpFile} && pg_restore ${pgArgs} --clean --if-exists --section=pre-data ${tmpFile} && pg_restore ${pgArgs} --section=data ${tmpFile} && pg_restore ${pgArgs} --section=post-data ${tmpFile}; rm -f ${tmpFile}"`; |
Contributor
There was a problem hiding this comment.
The fixed path /tmp/dokploy_restore.dump lives inside the container (due to docker exec), so concurrent restores to different containers are safe. However, if two restore jobs target the same container simultaneously, both cat > writes race to the same file and the second restore could read a corrupted dump. Using the shell's $$ (PID) in the filename eliminates this risk at no cost.
Suggested change
| const tmpFile = "/tmp/dokploy_restore.dump"; | |
| const pgArgs = `-U '${databaseUser}' -d ${database} -O`; | |
| return `docker exec -i $CONTAINER_ID sh -c "cat > ${tmpFile} && pg_restore ${pgArgs} --clean --if-exists --section=pre-data ${tmpFile} && pg_restore ${pgArgs} --section=data ${tmpFile} && pg_restore ${pgArgs} --section=post-data ${tmpFile}; rm -f ${tmpFile}"`; | |
| const tmpFile = "/tmp/dokploy_restore_$$.dump"; | |
| const pgArgs = `-U '${databaseUser}' -d ${database} -O`; |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
Fixes #4127
PostgreSQL restore was using a single
pg_restorepass with-Fc(custom format), which causesERROR: could not open relation with OIDerrors when restoring complex schemas — particularly databases using TimescaleDB, foreign key constraints, or other extensions.Root Cause
The single-pass restore processes schema creation, data insertion, and constraint creation in a mixed order determined by pg_restore's dependency graph. With extensions like TimescaleDB that register custom types and catalogs, some tables get their OIDs cached during schema creation, then become stale by the time data COPY statements run against them.
Fix
Replace the single
pg_restorecall with 3 sequential section passes:--section=pre-data): Creates schema objects (tables, types, extensions) with--clean --if-existsto drop existing objects first--section=data): Inserts all data after the schema is fully established--section=post-data): Creates indexes, constraints, and triggers after all data is loadedThe dump is saved to a temp file inside the container via stdin (
cat > /tmp/dokploy_restore.dump), then restored in three passes. The temp file cleanup uses;instead of&&so it always runs even if a restore step fails.Tested Against
web-server.ts) is unaffected — it already usesdocker cpto place the file inside the container before restoringChecklist
Greptile Summary
Replaces the single-pass
pg_restorewith three sequential section passes (pre-data→data→post-data) to eliminate OID-staleness errors caused by extensions like TimescaleDB. The dump is written to a temp file inside the container viacat, restored in three passes, and the cleanup correctly uses;sorm -falways runs regardless of any restore step failing. One minor suggestion: using a PID-based suffix ($$) on the temp filename would prevent conflicts if two restores ever target the same container concurrently.Confidence Score: 5/5
Safe to merge — the 3-section restore logic is correct and the cleanup is sound.
All remaining findings are P2 (defensive hardening). The core logic, shell operator precedence, and section ordering are all correct.
No files require special attention.
Reviews (1): Last reviewed commit: "fix(restore): use 3-section sequential p..." | Re-trigger Greptile