Tomas Vondra <tv@fuzzy.cz> wrote:
> I think it's safe as long as you don't try to reuse the cluster
> after a crash (be it due to OS error, power outage, ...). If the
> primary crashes for any reasons, you have to start from scratch,
> otherwise there might be silent corruption as you've described.
I agree. It seems to me that as long as you never try to start the
old master after a crash of the OS (directly or because of hardware
or VM failure), the standby should be usable without risk of
corruption. As soon as you start the old master after such a crash
though, you could be replicating corrupted blocks; you would need
to be very hard-line about never bringing the old master back up.
--
Kevin Grittner
EDB: http://www.enterprisedb.com
The Enterprise PostgreSQL Company
