On Oct 5, 2006, at 1:41 PM, Andrew Sullivan wrote:
On Thu, Oct 05, 2006 at 04:24:17AM -0000, Sebastian Reitenbach wrote:
I just have one data center, no remote far away replication is
needed.
If it is at all feasible with your budget, I'd think _very strongly_
about replicating using Slony inside your data centre _too_. The
shared storage answer is nice, but it is _really really really_ easy
to shoot yourself in the foot with a rocket propelled grenade with
that arrangement. Very careful administration might prevent it, but
there is a reason that none of the corporate people will guarantee
two machines will never accidentally mount the same file system at
once: in a shared-disc-only system, it's impossible to be 100%
certain that the other machine really is dead and not coming back.
Very tricky scripts could of course lower the risk.
Isn't it entirely possible that if the master gets trashed it would
start sending garbage to the Slony slave as well?
I think PITR would be a much better option to protect against this,
since you could probably recover up to the exact point of failover.
When it comes to the actual failover, take a look at the HA-linux
project. They've got some stuff you could probably use (such as the
heartbeat program). Another really good idea is to give the backup
machine to kill the power to the primary machine, and not have either
machine mount the shared storage at bootup.
If you're interested in paying someone to help setting this up, I
know that we (EnterpriseDB) have folks that have done this before. I
suspect that some of the other folks listed on the commercial support
page have done this as well (likely Command Prompt and Varlena).
--
Jim Nasby jimn@xxxxxxxxxxxxxxxx
EnterpriseDB http://enterprisedb.com 512.569.9461 (cell)
