On 2/15/2011 1:32 PM, Tech Madhu wrote:
> hi all,
>
> Iam new to slony with postgres. Using Slony 2.x with postgres 8.4
>
> I used this link: http://www.slony.info/documentation/failover.html
>
> In my setup, there is only one master (node:1) and one slave (node:2)
>
> to do some switchover testing.. The controlled switchover works fine.
>
> The test i wanted to do was 'what if master server goes down - like a
> restart'. I want the 'slave' to become master and accept write requests.
> and when the original master server comes back up, i want it to become
> the 'slave'.

This is NOT possible given the Slony-I design.

Slony-I is an asynchronous replication system. That means that changes 
to the origin are replicated some time AFTER they have been committed. 
That means that if the origin goes down unexpectedly, you have no chance 
of knowing what changes did not propagate to the replica before it crashed.

The only way to solve this situation is to actually do a hard FAILOVER, 
abandoning the old origin and rebuilding it from scratch.

To illustrate, think about a simple foreign key constraint, t2.fk 
references t1.pk. There currently are no rows in t2 referencing a 
certain t1.pk, so node:1 will allow to DELETE it. Node:1 crashes before 
the DELETE can propagate to node:2. You failover to node:2 and since it 
still has the t1 row, it will happily allow you to INSERT references to 
it into t1. Now you bring back node:1 and ... how exactly do you get the 
two to agree what is right? Will you forcefully remove the rows, node:2 
inserted into t2 or will you recreate the t1 row in node:1 so that the 
INSERT's can propagate from node:2 to node:1?


Jan

-- 
Anyone who trades liberty for security deserves neither
liberty nor security. -- Benjamin Franklin