| From: | Marco Slot <marco(at)citusdata(dot)com> |
|---|---|
| To: | Andrey Borodin <x4mmm(at)yandex-team(dot)ru> |
| Cc: | PostgreSQL Hackers <pgsql-hackers(at)lists(dot)postgresql(dot)org>, dim(at)tapoueh(dot)org |
| Subject: | Re: Disallow cancellation of waiting for synchronous replication |
| Date: | 2019-12-20 07:23:10 |
| Message-ID: | CANNhMLD8qhF=0pTbLrPtr=YwiTNKPuhvE8PrRkXo0eKXTzGttQ@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Fri, Dec 20, 2019 at 6:04 AM Andrey Borodin <x4mmm(at)yandex-team(dot)ru> wrote:
> I think proper solution here would be to add GUC to disallow cancellation of synchronous replication. Retry step 3 will wait on locks after hanging 1 and data will be consistent.
> Three is still a problem when backend is not canceled, but terminated [2]. Ideal solution would be to keep locks on changed data. Some well known databases threat termination of synchronous replication as system failure and refuse to operate until standbys appear (see Maximum Protection mode). From my point of view it's enough to PANIC once so that HA tool be informed that something is going wrong.
Sending a cancellation is currently the only way to resume after
disabling synchronous replication. Some HA solutions (e.g.
pg_auto_failover) rely on this behaviour. Would it be worth checking
whether synchronous replication is still required?
Marco
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Peter Eisentraut | 2019-12-20 07:33:21 | Re: allow_system_table_mods and DROP RULE |
| Previous Message | Michael Paquier | 2019-12-20 07:20:18 | Re: Hooks for session start and end, take two |