2009/12/17 Andy Dale <[email protected]> > Hi, > > For a project I am working on we are using slony (1.2-16) to replicate data > from a master to 2 slaves. > > The controlled failover (move set) works really well, however to do this > all nodes must be reachable. There is a requirement to perform a failover > when the master site is no longer reachable, to do this I am currently using > the failover command followed by the drop node command. > > The problem now is that it is very likely that the old master will be > started up in the same state as before the failover was performed (with all > the old replication settings) and this site should then become the master > again (with any new data that was added during it was offline). What is the > best approach to this problem, the only solution I can think of is: > > 1) Stop any slon process on the previous master site. > 2) Drop "replication schema" at the previous master. > 3) Add the node and paths to the previous master to the current running > slony cluster. > 4) Subscribe the previous master to the replication set(s). > 5) Move set(s) back to the previous master. > > Is this a better approach than the one above. > > Sounds very sensible.
Comments: - you will need to bring slon process up again (or skip point 1, maybe) - you definitely need some "STONITH" mechanism. - enabled simultaneously with the failover. That is, make 100% sure that no application connects to the "previous master" - thinking it's still master, and issuing some data manipulation there. You understand it would be definitely uncool - ranging from "just a mess" to "apocalypse" - depending how sensitive your transactions are from business point of view. -- Filip Rembiałkowski JID,mailto:[email protected] http://filip.rembialkowski.net/
_______________________________________________ Slony1-general mailing list [email protected] http://lists.slony.info/mailman/listinfo/slony1-general
