On Sat, May 27, 2017 at 12:56 PM, Andres Freund <andres@anarazel.de> wrote:
> On 2017-05-27 19:48:24 +0300, Vladimir Borodin wrote:
>> Well, actually clean shutdown of master with exit code 0 from `pg_ctl
>> stop -m fast` guarantees that all WAL has been replicated to standby.
>
> It does not. It makes it likely, but the connection to the standby
> could be not up just then, you could run into walsender timeout, and a
> bunch of other scenarios.
Amen.
>> And if something would go wrong in above logic, postgres will not let you attach old master as a standby of new
master.So it is highly probable not a setup problem.
>
> There's no such guarantee. There's a bunch of checks that'll somewhat
> likely trigger, but nothing more than that.
Yes. Take for example the case where the host with a primary is
plugged off, and another host with a standby is promoted. If at next
restart you add directly for the old primary a recovery.conf and
attempt to use it as a standby to the new primary it may be able to
connect and to begin replication. That will result in a corrupted
standby.
--
Michael
