On Sat, May 27, 2017 at 12:56 PM, Andres Freund <and...@anarazel.de> wrote: > On 2017-05-27 19:48:24 +0300, Vladimir Borodin wrote: >> Well, actually clean shutdown of master with exit code 0 from `pg_ctl >> stop -m fast` guarantees that all WAL has been replicated to standby. > > It does not. It makes it likely, but the connection to the standby > could be not up just then, you could run into walsender timeout, and a > bunch of other scenarios.
Amen. >> And if something would go wrong in above logic, postgres will not let you >> attach old master as a standby of new master. So it is highly probable not a >> setup problem. > > There's no such guarantee. There's a bunch of checks that'll somewhat > likely trigger, but nothing more than that. Yes. Take for example the case where the host with a primary is plugged off, and another host with a standby is promoted. If at next restart you add directly for the old primary a recovery.conf and attempt to use it as a standby to the new primary it may be able to connect and to begin replication. That will result in a corrupted standby. -- Michael -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
