Hi all, > > I think PITR would be a much better option to protect against this, > since you could probably recover up to the exact point of failover. > > When it comes to the actual failover, take a look at the HA-linux > project. They've got some stuff you could probably use (such as the > heartbeat program). Another really good idea is to give the backup > machine to kill the power to the primary machine, and not have either > machine mount the shared storage at bootup. As I am using carp on OpenBSD to setup HA cluster, I am very comfortable with ucarp, the userland implementation for Linux. at boot up the default mount of the database files is readonly and having the database not running, then starting ucarp, and then only in case this machine becomes master, it remounts the postgres data and shall start the database. And I thought about that killing the power of the "lost" master after a takeover too, to make sure hte machine will not come back unconditionally later. kind regards Sebastian
