On Mon, Oct 18, 2010 at 4:31 AM, Fujii Masao <masao.fu...@gmail.com> wrote: > But, even though we will have done that, it should be noted that WAL in > A might be ahead of that in B. For example, A might crash right after > writing WAL to the disk and before sending it to B. So when we restart > the old master A as the standby after failover, we should need to delete > some WAL files (in A) which are inconsistent with the WAL sequence in B.
Right. There's no way to make it categorically safe to turn A into a standby, because there's no way to guarantee that the fsyncs of the WAL happen at the same femtosecond on both machines. What we should be looking for is a reliable way to determine whether or not it is in fact safe. Timelines are intended to provide that, but there are holes, so they don't. -- Robert Haas EnterpriseDB: http://www.enterprisedb.com The Enterprise PostgreSQL Company -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
