<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
</head>
<body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; ">
<br>
<div>
<div>On Apr 4, 2013, at 8:08 AM, Takatoshi MATSUO <<a href="mailto:matsuo.tak@gmail.com">matsuo.tak@gmail.com</a>> wrote:</div>
<br class="Apple-interchange-newline">
<blockquote type="cite">Hi Steven<br>
<br>
I made a patch as a trial.<br>
<a href="https://github.com/t-matsuo/resource-agents/commit/bd3b587c6665c4f5eba0491b91f83965e601bb6b#heartbeat/pgsql">https://github.com/t-matsuo/resource-agents/commit/bd3b587c6665c4f5eba0491b91f83965e601bb6b#heartbeat/pgsql</a><br>
<br>
This patch never show "STREAMING|POTENTIAL".<br>
<br>
Thanks,<br>
Takatoshi MATSUO<br>
<br>
2013/4/4 Takatoshi MATSUO <matsuo.tak@gmail.com>:<br>
<blockquote type="cite">Hi Steven<br>
<br>
Sorry for late reply<br>
<br>
2013/3/29 Steven Bambling <smbambling@arin.net>:<br>
<blockquote type="cite">Taskatoshi/Rainer thanks so much for the quick responses and clarification.<br>
<br>
In response to the rep_mode being set to sync.<br>
<br>
If the master is running the monitor check as low as every 1s, then its updating the nodes with the "new" master preference in the event that the current synchronous replica couldn't be reached and the postgres service then selected the next node in the synchronous_standby_names
list to perform they synchronous transaction with.<br>
<br>
If you are doing multiple transactions a second then doesn't it become possible for the postgres service to switch it synchronous replication replica ( from node2 to node3 for instance ) and potentially fail ( though I think the risk seems small ) before the
monitor function is invoke to update the master preference?<br>
<br>
In this case you've committed a transaction(s) and reported it back to your application that it was successful, but when the new master is promoted it doesn't have the committed transactions because it is located on the other replica ( and the failed master
). Basically you've lost these transactions even though they were reported successful.<br>
</blockquote>
<br>
Yes !<br>
I didn't consider this situation.<br>
<br>
<blockquote type="cite"><br>
The only way I can see getting around this would be to compare the current xlog locations on each of the remaining replicas, the promoting the one that meets your business needs.<br>
1. If you need to have greater data consistency.<br>
- promote the node that has the furtherest log location even IF they haven't been replayed and there is some "recovery" period.<br>
<br>
2. If you need to have greater "up time"<br>
- promote the node that has the furtherest log location, taking into account the replay lag<br>
- promote the node that has the furthest head or near furthest ahead log location and the LESS replay lag.<br>
</blockquote>
<br>
How do slaves get "up time" ?<br>
I think slaves can't know the replay lag.<br>
</blockquote>
</blockquote>
<div><br>
</div>
I've been working on some scripts I believe will have a node check to see if it is the most up to date replica</div>
<div><a href="https://github.com/smbambling/pgsql_replica_check">https://github.com/smbambling/pgsql_replica_check</a>. I just can't figure out how to make the server that the cluster though should be promoted FAIL out gracefully and/or force the promotion
to another node.</div>
<div><br>
</div>
<div><br>
<blockquote type="cite">
<blockquote type="cite"><br>
<blockquote type="cite">Does this even seem possible with a resource agent or is my thinking totally off?<br>
</blockquote>
<br>
Method 1 and 2 may cause data loss.<br>
If you can accept data loss, you use "rep_mode=async".<br>
It's about the same as method 1.<br>
</blockquote>
</blockquote>
<div><br>
</div>
Method 1 doesn't cause data loss just has the potential to have down time as there is a recovery period.</div>
<div><br>
</div>
<div>Method 2 indeed can cause data loss. Some business decisions may call for greater uptime vs consistency ( NOT ours :) ), so I put that option in there<br>
<blockquote type="cite">
<blockquote type="cite"><br>
<br>
How about refraining from switching synchronous replication replica to avoid<br>
data loss to set one node into "synchronous_standby_names" ?<br>
</blockquote>
</blockquote>
<div><br>
</div>
I have thought about doing that, as long as when failing over you move the STREAMING|POTENTIAL into the synchronous_standby_names during promotion.</div>
<div><br>
</div>
<div>The only potential issue I see here is that now you only have 1 sync partner and if something locks up or there is a lot of lag on the sync streaming node then you introduce performance delay or the transaction "may" not complete. </div>
<div><br>
</div>
<div>I'm not 100% how Postgrsql will handle the master loosing a sync partner. Will it "queue" the transaction and then FSYNC with a sync slave once it comes back online or will it report the transaction as failed. <br>
<blockquote type="cite">
<blockquote type="cite"><br>
<br>
Thanks,<br>
Takatoshi MATSUO<br>
</blockquote>
<br>
_______________________________________________<br>
Pacemaker mailing list: <a href="mailto:Pacemaker@oss.clusterlabs.org">Pacemaker@oss.clusterlabs.org</a><br>
<a href="http://oss.clusterlabs.org/mailman/listinfo/pacemaker">http://oss.clusterlabs.org/mailman/listinfo/pacemaker</a><br>
<br>
Project Home: http://www.clusterlabs.org<br>
Getting started: http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf<br>
Bugs: http://bugs.clusterlabs.org<br>
</blockquote>
</div>
<br>
</body>
</html>