On Thu, May 27, 2010 at 8:28 PM, Robert Haas <robertmh...@gmail.com> wrote: > On Thu, May 27, 2010 at 3:13 AM, Fujii Masao <masao.fu...@gmail.com> wrote: >> (1) most standard case: 1 master + 1 "sync" standby (near) >> When the master goes down, something like a clusterware detects that >> failure, and brings the standby online. Since we can ensure that the >> standby has all the committed transactions, failover doesn't cause >> any data loss. > > How do you propose to guarantee that? ISTM that you have to either > commit locally first, or send the commit to the remote first. Either > way, the two events won't occur exactly simultaneously.
Letting the transaction wait until the standby has received / flushed / replayed the WAL before it returns a "success" indicator to a client would guarantee that. This ensures that all transactions which a client knows as committed exist in the memory or disk of the standby. So we would be able to see those transactions from new master after failover. Regards, -- Fujii Masao NIPPON TELEGRAPH AND TELEPHONE CORPORATION NTT Open Source Software Center -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
