Re: standby registration (was: is sync rep stalled?) - Mailing list pgsql-hackers
From | Simon Riggs |
---|---|
Subject | Re: standby registration (was: is sync rep stalled?) |
Date | |
Msg-id | 1286296855.2025.1737.camel@ebony Whole thread Raw |
In response to | Re: standby registration (was: is sync rep stalled?) (Robert Haas <robertmhaas@gmail.com>) |
Responses |
Re: standby registration (was: is sync rep stalled?)
|
List | pgsql-hackers |
On Tue, 2010-10-05 at 11:46 -0400, Robert Haas wrote: > On Tue, Oct 5, 2010 at 10:46 AM, Simon Riggs <simon@2ndquadrant.com> wrote: > > On Tue, 2010-10-05 at 10:41 -0400, Robert Haas wrote: > >> >> > >> >> When you have one server functioning at each site you'll block until > >> >> you get a third machine back, rather than replicating to both sites > >> >> and remaining functional. > >> > > >> > And that is so important a consideration that you would like to move > >> > from one parameter in one file to a whole set of parameters, set > >> > differently in 5 separate files? > >> > >> I don't accept that this is the trade-off being proposed. You seem > >> convinced that having the config all in one place on the master is > >> going to make things much more complicated, but I can't see why. > > > > But it is not "all in one place" because the file needs to be different > > on 5 separate nodes. Which *does* make it more complicated than the > > alternative is a single parameter, set the same everywhere. > > Well, you only need to have the file at all on nodes you want to fail > over to. And aren't you going to end up rejiggering the config when > you fail over anyway, based on what happened? I mean, suppose you > have three servers and you require sync rep to 2 slaves. If the > master falls over and dies, it seems likely you're going to want to > relax that restriction. Or suppose you have three servers and you > require sync rep to 1 slave. The first time you fail over, you're > going to probably want to leave that config as-is, but if you fail > over again, you're very likely going to want to change it. Single failovers are common. Multiple failovers aren't. For me, the key question is about what is the common case, not edge cases. > This is really the key question for me. If distributing the > configuration throughout the cluster meant that we could just fail > over and keep on trucking, that would be, well, really neat, and a > very compelling argument for the design you are proposing. Good, thanks. The important thing is in the minutes and hours immediately after failover it will all still work; there is no need to change to a different and very likely untested config. If you configure N+1 or N+2 redundancy, we should assume that if you lose a node you will be striving to quickly replace it rather than shrug and say "you lose some". And note as well, that when you do add that other node back in, you won't need to change the config back again afterwards. It all just works and keeps working, so the DBA can spend his time investigating the issue and seeing if they can get the original master back up, not keeping one eye on the config files of the remaining servers. > But since > that seems impossible to me, I'm arguing for centralizing the > configuration file for ease of management. You can't "centralize" something in 5 different places, at least not in my understanding of the word. -- Simon Riggs www.2ndQuadrant.comPostgreSQL Development, 24x7 Support, Training and Services
pgsql-hackers by date: