On Fri, 2011-01-21 at 13:32 -0500, Robert Haas wrote:
> One idea might be to wait both before and after commit. If
> allow_standalone_primary is off, and a commit is attempted, we check
> whether there's a slave connected, and if not, wait for one to
> connect. Then, we write and sync the commit WAL record. Next, we
> wait for the WAL to be ack'd. Of course, the standby might disappear
> between the first check and the second, but it would greatly reduce
> the possibility of the master being ahead of the standby after a
> crash, which might be useful for some people.
I like this idea.
I think it would be too invasive to make a check before we insert each
WAL record, as Aidan suggests. Even if we did that, you aren't protected
when a standby goes down because you'll still have written half a
transaction and still be waiting.
So I propose that
if (!allow_standalone_primary) ConfirmSyncRepAvailable();
before PreCommit_Notify(). That puts transaction into a wait state that
lasts until a sync rep standby is available. Note that it is before the
actual commit, so if we decide we need to we can cancel those
transactions and have them properly abort.
I won't add that code yet, in case better ideas emerge.
There is no support for preventing connections at startup, so I will
remove that completely, now.
-- Simon Riggs http://www.2ndQuadrant.com/books/PostgreSQL Development, 24x7 Support, Training and Services
