On Wed, 2021-06-30 at 17:28 +0500, Andrey Borodin wrote:
> > My patch also covers the backend termination case. Is there a
> > reason
> > you left that case out?
>
> Yes, backend termination is used by HA tool before rewinding the
> node.
Can't you just disable sync rep first (using ALTER SYSTEM SET
synchronous_standby_names=''), which will unstick the backend, and then
terminate it?
If you don't handle the termination case, then there's still a chance
for the transaction to become visible to other clients before its
replicated.
> There is one more caveat we need to fix: we should prevent instant
> recovery from happening.
That can already be done with the restart_after_crash GUC.
Regards,
Jeff Davis
