| From: | Ron Johnson <ron(dot)l(dot)johnson(at)cox(dot)net> |
|---|---|
| To: | pgsql-general(at)postgresql(dot)org |
| Subject: | Re: Fault Tolerant Postgresql (two machines, two postmasters, one disk array) |
| Date: | 2007-05-17 20:55:43 |
| Message-ID: | 464CC14F.30000@cox.net |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 05/17/07 09:35, Andrew Sullivan wrote:
[snip]
>
> The problems come when you get a false detection of machine failure.
> Consider a case, for instance, where the machine A gets overloaded,
> goes into swap madness, or has a billion runaway processes that cause
> it to stagger. In this case, A might not respond in time on the
> heartbeat monitor, and then the standby machine B thinks A has
> failed. But A doesn't know that, of course, because it is working as
> hard as it can just to stay up. Now, if B mounts the disk and starts
> the postmaster, but doesn't have a way to make _sure_ tha A is
> completely disconnected from the disk, then it's entirely possible A
> will flush buffers out to the still-mounted data area. Poof!
> Instant data corruption.
Aren't there PCI heartbeat cards that are independent of the load on
the host machine?
- --
Ron Johnson, Jr.
Jefferson LA USA
Give a man a fish, and he eats for a day.
Hit him with a fish, and he goes away for good!
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFGTMFPS9HxQb37XmcRAgY7AJ9rJqy0XP01ubb4HqZwBUcBHplmwQCeM5wj
gXKTp80exZQhR9ZTbgq7Ejg=
=7Rkx
-----END PGP SIGNATURE-----
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Paul Ramsey | 2007-05-17 20:56:00 | 8.0, UTF8, and CLIENT_ENCODING |
| Previous Message | Ron Johnson | 2007-05-17 20:48:55 | Re: Large Database Restore |