On Tue, Jun 29, 2010 at 3:55 AM, Fujii Masao <masao(dot)fujii(at)gmail(dot)com> wrote:
> On Tue, Jun 15, 2010 at 11:35 AM, Fujii Masao <masao(dot)fujii(at)gmail(dot)com> wrote:
>> On the other hand, I like immediate-panicking. And I don't want the standby
>> to retry reconnecting the master infinitely.
> On second thought, the peremptory PANIC is not good for HA system. If the
> master unfortunately has written an invalid record because of its crash,
> the standby would exit with PANIC before performing a failover.
I don't think that should ever happen. The master only streams WAL
that it has fsync'd. Presumably there's no reason for the master to
ever fsync a partial WAL record (which is usually how a corrupt record
gets into the stream).
> So when an invalid record is found in streamed WAL file, we should keep
> the standby running and leave the decision whether the standby retries to
> connect to the master forever or shuts down right now, up to the user
> (actually, it may be a clusterware)?
Well, if we want to leave it up to the user/clusterware, the current
code is possibly adequate, although there are many different log
messages that could signal this situation, so coding it up might not
be too trivial.
The Enterprise Postgres Company
In response to
pgsql-hackers by date
|Next:||From: Mike Fowler||Date: 2010-06-29 11:22:06|
|Subject: Re: [PATCH] Re: Adding XMLEXISTS to the grammar|
|Previous:||From: Mike Fowler||Date: 2010-06-29 10:37:28|
|Subject: Re: [PATCH] Re: Adding xpath_exists function|