Re: [ADMIN] avoiding split brain with repmgr
| От | Phil Frost |
|---|---|
| Тема | Re: [ADMIN] avoiding split brain with repmgr |
| Дата | |
| Msg-id | CAC6ry0JcSFFztyE3rMmyw8rvt-O10e22sGBxeWpoPL6i6-xgMw@mail.gmail.com обсуждение исходный текст |
| Ответ на | Re: [ADMIN] avoiding split brain with repmgr (Aleksander Kamenik <aleksander.kamenik@gmail.com>) |
| Список | pgsql-admin |
I recommend looking into Pacemaker if avoiding split-brain is a hard requirement. A proper solution requires:
- A mechanism to fence failed nodes, since "failed" really means "unknown". Without fencing there's a significant probability of split-brain. Pacemaker has a meatware fencing plugin which can be used on its own, or as a backup to automated fencing mechanisms.
- At least three nodes to establish quorum. Otherwise there's a risk that each half of a partition will try to fence the other, thinking the other half has failed.
- A non-trivial consensus protocol, one that's been mathematically studied and reviewed. Like encryption, this is a notoriously difficult problem and not the place for casually designed solutions.
and for cross-datacenter failover: http://clusterlabs.org/doc/en-US/Pacemaker/1.1/html/Pacemaker_Explained/ch15.html
https://aphyr.com/tags/jepsen is a good read on database consistency generally.
В списке pgsql-admin по дате отправления: