| From: | Phil Frost <phil(at)postmates(dot)com> |
|---|---|
| To: | "pgsql-admin(at)postgresql(dot)org" <pgsql-admin(at)postgresql(dot)org> |
| Subject: | Re: avoiding split brain with repmgr |
| Date: | 2017-08-15 14:56:27 |
| Message-ID: | CAC6ry0JcSFFztyE3rMmyw8rvt-O10e22sGBxeWpoPL6i6-xgMw@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-admin |
I recommend looking into Pacemaker if avoiding split-brain is a hard
requirement. A proper solution requires:
- A mechanism to fence failed nodes, since "failed" really means "unknown".
Without fencing there's a significant probability of split-brain. Pacemaker
has a meatware fencing plugin which can be used on its own, or as a backup
to automated fencing mechanisms.
- At least three nodes to establish quorum. Otherwise there's a risk that
each half of a partition will try to fence the other, thinking the other
half has failed.
- A non-trivial consensus protocol, one that's been mathematically studied
and reviewed. Like encryption, this is a notoriously difficult problem and
not the place for casually designed solutions.
http://clusterlabs.org/
and for cross-datacenter failover:
http://clusterlabs.org/doc/en-US/Pacemaker/1.1/html/Pacemaker_Explained/ch15.html
https://aphyr.com/tags/jepsen is a good read on database consistency
generally.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Jerry Sievers | 2017-08-15 19:50:12 | Re: CREATE ANY TABLE privileges, etc |
| Previous Message | Don Seiler | 2017-08-15 14:30:40 | Re: CREATE ANY TABLE privileges, etc |