[pgpool-general: 2556] Preventing split-brain
Theron Luhn
theron at luhn.com
Mon Feb 10 23:17:40 JST 2014
I'm in charge of setting up a highly-available Postgres database. To do
this, I've set up master-standby nodes behind two master-master PgPool
instances with watchdog enabled, distributed across multiple datacenters.
Here's an illustration of what this looks like:
Datacenter A: PgPool A ---- Postgres master
| \/
| /\
Datacenter B: PgPool B ---- Postgres standby
But there's a glaring problem: split-brain. Let's say either datacenter
loses internet connectivity. PgPool B will promote the standby, thinking
the master is down. PgPool A will continue to send queries to the old
master, not aware that the standby was promoted, since PgPool B was not
able to communicate the promotion to A.
Virtual IP, I believe, is supposed to help with problem, by allowing for
only a single PgPool master. However, this isn't an available option. I
could emulate VIP by updating the configuration of the clients to point to
the new PgPool. However, this would be fruitless: If PgPool B can't
communicate with PgPool A, it very well may not be able to communicate with
a client in the same datacenter as PgPool A.
This seems like a very difficult problem to solve, but it cannot be an
uncommon one. Can anybody share some insight?
-- Theron
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.sraoss.jp/pipermail/pgpool-general/attachments/20140210/8b657273/attachment.html>
More information about the pgpool-general
mailing list