> On 10/9/2005 9:57 PM, David Fetter wrote:
>
>>> I propose to get 1.1.2 out as it is now and I will then see that I
>>> can make failover in HEAD rock solid by finally moving the entire
>>> watchdog functionality into slon itself.
>>
>> Groovy.  Can we see about some kind of prominent notice in the docs as
>> to where the gotchas on failover are and (ideally) some kind of
>> explanation and/or workaround?
>
> Those who know be longer would have bet that I don't leave it at that.
> So I did dig a little deeper and found what's wrong with failover. The
> fix to it is to mainly to require FAILOVER_SET - faked to originate from
> the failed node - to be answered by the backup node with ACCEPT_SET. All
> subscribers have to wait on ACCEPT_SET until they see either MOVE_SET or
> FAILOVER_SET. A good surprise was that even after waiting for that, the
> subscriber continued logging "no sets need syncing". The ACCEPT_SET
> processing now forces a slon restart to ensure the entire configuration
> is reloaded.

Beautiful is the symmetry of that...

It's most pleasing to see that the ACCEPT_SET event, created to solve
other concurrency oddities, turns out to be the solution to additional
problems :-).