On Fri, Jan 8, 2010 at 7:41 PM, Heikki Linnakangas <heikki.linnakan...@enterprisedb.com> wrote: > Thinking more clearly, my comment above about the trigger file logic > being backwards was bollocks; if the master is shut down, standby waits > for the trigger file to appear, not to go away. And creating the trigger > file during replication causes it to finish, and failover to happen. > > Nevertheless, let's make the default "no failover" if no trigger file > location is configured, and remove the notion that normal shutdown of > master stops recovery.
You dropped CheckForStandbyTrigger() called at the end of recovery. I think that this would be problem when an invalid record is found before we reaches a streaming recovery state. The standby would be out-of-control of the clusterware, and be brought up. Which might cause a split-brain syndrome. We should need something to prevent such unexpected activation? Regards, -- Fujii Masao NIPPON TELEGRAPH AND TELEPHONE CORPORATION NTT Open Source Software Center -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
