| From: | Fujii Masao <masao(dot)fujii(at)gmail(dot)com> |
|---|---|
| To: | Gregory Stark <stark(at)enterprisedb(dot)com> |
| Cc: | "Kolb, Harald (NSN - DE/Munich)" <harald(dot)kolb(at)nsn(dot)com>, pgsql-hackers(at)postgresql(dot)org, "Czichy, Thoralf (NSN - FI/Helsinki)" <thoralf(dot)czichy(at)nsn(dot)com> |
| Subject: | Re: postmaster recovery and automatic restart suppression |
| Date: | 2009-06-08 12:56:06 |
| Message-ID: | 3f0b79eb0906080556qa4399fajd4c647749057de68@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Hi,
On Mon, Jun 8, 2009 at 6:45 PM, Gregory Stark<stark(at)enterprisedb(dot)com> wrote:
> Fujii Masao <masao(dot)fujii(at)gmail(dot)com> writes:
>
>> On the other hand, the primary postgres might *not* restart automatically.
>> So, it's difficult for clusterware to choose whether to do failover when it
>> detects the death of the primary postgres, I think.
>
>
> I think the accepted way to handle this kind of situation is called STONITH --
> "Shoot The Other Node In The Head".
>
> You need some way when the cluster software decides to initiate failover to
> ensure that the first node *cannot* come back up. That could mean shutting the
> power to it at the PDU or disabling its network connection at the switch, or
> various other options.
Yes, I understand that STONITH is a safe solution for split-brain. But,
since some special equipment like PDU must probably be prepared,
I think that some people (including me) want another reasonable way.
The proposed feature is not perfect solution, but is a convenient way
to prevent one of split-brain situations.
Regards,
--
Fujii Masao
NIPPON TELEGRAPH AND TELEPHONE CORPORATION
NTT Open Source Software Center
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Merlin Moncure | 2009-06-08 13:10:11 | Re: pg_migrator issue with contrib |
| Previous Message | Mark Mielke | 2009-06-08 12:36:05 | Re: PostgreSQL Developer meeting minutes up |