| From: | Gregory Stark <stark(at)enterprisedb(dot)com> |
|---|---|
| To: | Fujii Masao <masao(dot)fujii(at)gmail(dot)com> |
| Cc: | "Kolb\, Harald \(NSN - DE\/Munich\)" <harald(dot)kolb(at)nsn(dot)com>, pgsql-hackers(at)postgresql(dot)org, "Czichy\, Thoralf \(NSN - FI\/Helsinki\)" <thoralf(dot)czichy(at)nsn(dot)com> |
| Subject: | Re: postmaster recovery and automatic restart suppression |
| Date: | 2009-06-08 09:45:40 |
| Message-ID: | 87tz2rt5x7.fsf@oxford.xeocode.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Fujii Masao <masao(dot)fujii(at)gmail(dot)com> writes:
> On the other hand, the primary postgres might *not* restart automatically.
> So, it's difficult for clusterware to choose whether to do failover when it
> detects the death of the primary postgres, I think.
I think the accepted way to handle this kind of situation is called STONITH --
"Shoot The Other Node In The Head".
You need some way when the cluster software decides to initiate failover to
ensure that the first node *cannot* come back up. That could mean shutting the
power to it at the PDU or disabling its network connection at the switch, or
various other options.
Gregory Stark
http://mit.edu/~gsstark/resume.pdf
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Mark Mielke | 2009-06-08 12:36:05 | Re: PostgreSQL Developer meeting minutes up |
| Previous Message | Fujii Masao | 2009-06-08 09:27:07 | Re: postmaster recovery and automatic restart suppression |