On 2/15/2011 2:44 PM, Jan Wieck wrote: > This is NOT possible given the Slony-I design. > > Slony-I is an asynchronous replication system. That means that changes > to the origin are replicated some time AFTER they have been committed. > That means that if the origin goes down unexpectedly, you have no chance > of knowing what changes did not propagate to the replica before it crashed. > > The only way to solve this situation is to actually do a hard FAILOVER, > abandoning the old origin and rebuilding it from scratch. > > To illustrate, think about a simple foreign key constraint, t2.fk > references t1.pk. There currently are no rows in t2 referencing a > certain t1.pk, so node:1 will allow to DELETE it. Node:1 crashes before > the DELETE can propagate to node:2. You failover to node:2 and since it > still has the t1 row, it will happily allow you to INSERT references to > it into t1. Now you bring back node:1 and ... how exactly do you get the
into t2, of course. > two to agree what is right? Will you forcefully remove the rows, node:2 > inserted into t2 or will you recreate the t1 row in node:1 so that the > INSERT's can propagate from node:2 to node:1? > > > Jan > -- Anyone who trades liberty for security deserves neither liberty nor security. -- Benjamin Franklin _______________________________________________ Slony1-general mailing list [email protected] http://lists.slony.info/mailman/listinfo/slony1-general
