On Fri, Jan 22, 2016 at 2:46 AM, Craig Ringer <cr...@2ndquadrant.com> wrote: > It's also going to be necessary to handle what happens when a new failover > slot (physical or logical) is created on the master where it conflicts with > the name of a non-failover physical slot that was created on the replica. In > this case I am inclined to terminate any walsender backend for the replica's > slot with a conflict with recovery, remove its slot and replace it with a > failover slot. The failover slot does not permit replay while in recovery so > if the booted-off client reconnects it'll get an ERROR saying it can't > replay from a failover slot. It should be pretty clear to the admin what's > happening between the conflict with recovery and the failover slot error. > There could still be an issue if the client persistently keeps retrying and > successfully reconnects after replica promotion but I don't see that much > can be done about that. The documentation will need to address the need to > try to avoid name conflicts between slots created on replicas and failover > slots on the master.
That's not going to win any design-of-the-year awards, but maybe it's acceptable. It occurred to me to wonder if it might be better to propagate logical slots partially or entirely outside the WAL stream, because with this design you will end up with the logical slots on every replica, including cascaded replicas, and I'm not sure that's what we want. Then again, I'm also not sure it isn't what we want. -- Robert Haas EnterpriseDB: http://www.enterprisedb.com The Enterprise PostgreSQL Company -- Sent via pgsql-hackers mailing list (firstname.lastname@example.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers