We recently attempted a test of our failover procedure and it brought to
light a few issues with our slony configuration. The one thing I'm still
not certain about is the precise order of steps I should take when doing
the failover, and I'm beginning to wonder if it's because I have a
sub-optimal slony configuration.

 

We're basically working with 4 servers in two cities (2 per city) and I
want to plan for total failure in a single city.  Currently the
replication works in this manner:

 

Node 1 -> Node 2 -> Node 3 -> Node 4

 

Node 1 and Node 2 are in one city and 3 & 4 in another.

 

Having reviewed the Slony failover documentation
(http://www.slony.info/documentation/failover.html ) I get that if I had
everything subscribed to node 1, I would first subscribe node 4 to node
3, drop node 2, then failover node 1 to node 3. The setup I have in
place means I don't need to move the subscription, but I can't just drop
node 2. Should I then do the following?

 

failover (id = 2, backup node = 3);

failover (id = 1, backup node = 3);

 

drop node (id = 2, event node = 3);

drop node (id = 1, event node = 3);

 

I originally tried to just failover from 1 to 3 which seemed to cause
several issues, but I later realized that some of them were due to other
configuration choices I had made (ie. Not all nodes subscribed to
certain sets and such. Will be changing that.) Still, knowing how slony
seems to like to work from the end first, failing node 2 then node 1
seems logical.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.slony.info/pipermail/slony1-general/attachments/20091109/58af0043/attachment.htm