RE: Postgres failover implementation

Hi,

What you'll really want is a disk array that is shared by 2 machines. The
primary database is allowed to modify the data in the array. When it dies,
the secondary database machine is allowed write access to it. This
basically how Oracle does things like this. Don't know if FreeBSD allows
you to do things like this though.

This probably wont work without some twiddling. You probably can't have
both postmasters running at the same time because of caching issues.
However, a detection mechanism that checks whether the primary postmaster
is still running and starts the secondary if the primary dies should be
possible.

You'd also want some way of switching the IP-address of the machines so
that the whole fail-over is transparent to clients.

Maarten

On 13/12/2000 17:30:31 Schmidt, Peter wrote:

>-----Original Message-----
>From: Tom Lane [mailto:tgl@sss.pgh.pa.us]
>Sent: Tuesday, December 12, 2000 10:10 AM
>
>>Performance across an NFS mount will doubtless suck badly.
>
>It's a fact of life at this point. I'm hoping performance won't suck that
>much with 1 GB ethernet and NAS/RAID. In any case, we can't run
postmaster
>on NFS mount machine.
>
>> Seems like this still means a single point of failure, ie the NFS box.
So
>what's the point?

>"Peter Schmidt" <peterjs@home.com> writes:
>> My company is looking for a way to implement failover w/Postgres.
>> I've determined that two postmasters running on different machines
>(FreeBSD)
>> can share a single $PGDATA directory(NFS mount) as long as only one
>> postmaster is running at a time.
>
>Performance across an NFS mount will doubtless suck badly.  That might
>be acceptable as an emergency backup mode of operation ... but if the
>machine with the disk is up, you might as well be running the postmaster
>there.
>
>It sounds like you intend to have both the primary and secondary
>database servers access an NFS server.  Seems like this still means a
>single point of failure, ie the NFS box.  So what's the point?
>
>> Originally I thought I might be able to use
>> postmaster.pid to lock out the second postmaster, but the pid file is
>> overwritten by the second postmaster when it starts.
>
>The lockfile code assumes that if the PID in the file doesn't belong to
>a live process *on the local machine*, then it's left over from a
>crashed postmaster.  You could remove that check, perhaps, but then
>you'd have to remove the PID file manually anytime you had a postmaster
>crash.  (However, postmaster crashes are rare, so this might be OK.)


----

Maarten Boekhold, maarten.boekhold@reuters.com

Reuters Consulting
Entrada 308
1096 ED Amsterdam
The Netherlands
tel: +31 (0)20-6601000 (switchboard)
      +31 (0)20-6601066 (direct)
      +31 (0)20-6601005 (fax)
      +31 (0)651585137 (mobile)


-----------------------------------------------------------------
        Visit our Internet site at http://www.reuters.com

Any views expressed in this message are those of  the  individual
sender,  except  where  the sender specifically states them to be
the views of Reuters Ltd.