On Thu, May 27, 2010 at 8:28 PM, Robert Haas <robertmhaas@gmail.com> wrote:
> On Thu, May 27, 2010 at 3:13 AM, Fujii Masao <masao.fujii@gmail.com> wrote:
>> (1) most standard case: 1 master + 1 "sync" standby (near)
>> When the master goes down, something like a clusterware detects that
>> failure, and brings the standby online. Since we can ensure that the
>> standby has all the committed transactions, failover doesn't cause
>> any data loss.
>
> How do you propose to guarantee that? ISTM that you have to either
> commit locally first, or send the commit to the remote first. Either
> way, the two events won't occur exactly simultaneously.
Letting the transaction wait until the standby has received / flushed /
replayed the WAL before it returns a "success" indicator to a client
would guarantee that. This ensures that all transactions which a client
knows as committed exist in the memory or disk of the standby. So we
would be able to see those transactions from new master after failover.
Regards,
--
Fujii Masao
NIPPON TELEGRAPH AND TELEPHONE CORPORATION
NTT Open Source Software Center