On 2/15/2011 2:44 PM, Jan Wieck wrote:
> This is NOT possible given the Slony-I design.
>
> Slony-I is an asynchronous replication system. That means that changes
> to the origin are replicated some time AFTER they have been committed.
> That means that if the origin goes down unexpectedly, you have no chance
> of knowing what changes did not propagate to the replica before it crashed.
>
> The only way to solve this situation is to actually do a hard FAILOVER,
> abandoning the old origin and rebuilding it from scratch.
>
> To illustrate, think about a simple foreign key constraint, t2.fk
> references t1.pk. There currently are no rows in t2 referencing a
> certain t1.pk, so node:1 will allow to DELETE it. Node:1 crashes before
> the DELETE can propagate to node:2. You failover to node:2 and since it
> still has the t1 row, it will happily allow you to INSERT references to
> it into t1. Now you bring back node:1 and ... how exactly do you get the

into t2, of course.

> two to agree what is right? Will you forcefully remove the rows, node:2
> inserted into t2 or will you recreate the t1 row in node:1 so that the
> INSERT's can propagate from node:2 to node:1?
>
>
> Jan
>


-- 
Anyone who trades liberty for security deserves neither
liberty nor security. -- Benjamin Franklin