Mon Aug 15 17:16:53 PDT 2005
- Previous message: [Slony1-commit] By dpage: This patch adds an event library (copied from pegevent.dll in
- Next message: [Slony1-commit] By cbbrowne: Add "lag_interval" option to slon This allows a slon to
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Log Message: ----------- Add in discussion of what needs to be available in order to do automated FAIL OVER. Modified Files: -------------- slony1-engine/doc/adminguide: failover.sgml (r1.15 -> r1.16) -------------- next part -------------- Index: failover.sgml =================================================================== RCS file: /usr/local/cvsroot/slony1/slony1-engine/doc/adminguide/failover.sgml,v retrieving revision 1.15 retrieving revision 1.16 diff -Ldoc/adminguide/failover.sgml -Ldoc/adminguide/failover.sgml -u -w -r1.15 -r1.16 --- doc/adminguide/failover.sgml +++ doc/adminguide/failover.sgml @@ -143,9 +143,8 @@ node2.</para> </listitem> -<listitem> -<para> After the failover is complete and node2 accepts write -operations against the tables, remove all remnants of node1's +<listitem> <para> After the failover is complete and node2 accepts +write operations against the tables, remove all remnants of node1's configuration information with the <xref linkend="stmtdropnode"> command: @@ -155,6 +154,42 @@ </para> </listitem> </itemizedlist> + +</sect2> + +<sect2><title> Automating <command> FAIL OVER </command> </title> + +<para> If you do choose to automate <command>FAIL OVER </command>, it +is important to do so <emphasis>carefully.</emphasis> You need to have +good assurance that the failed node is well and truly failed, and you +need to be able to assure that the failed node will not accidentally +return into service, thereby allowing there to be two nodes out there +able to respond in a <quote>master</quote> role. </para> + +<para> When failover occurs, there needs to be a mechanism to forcibly +knock the failed node off the network. This could take place via +having an SNMP interface that does some combination of the following: + +<itemizedlist> + +<listitem><para> Turns off power on the failed server. </para> + +<para> If care is not taken, the server may reappear when system +administrators power it up. </para> + +</listitem> + +<listitem><para> Modify firewall rules or other network configuration +to drop the failed server's IP address from the network. </para> + +<para> If the server has multiple network interfaces, and therefore +multiple IP addresses, this approach allows the +<quote>application</quote> addresses to be dropped/deactivated, but +leave <quote>administrative</quote> addresses open so that the server +would remain accessible to system administrators. </para> </listitem> + +</itemizedlist> + </sect2> <sect2><title>After Failover, Reconfiguring node1</title>
- Previous message: [Slony1-commit] By dpage: This patch adds an event library (copied from pegevent.dll in
- Next message: [Slony1-commit] By cbbrowne: Add "lag_interval" option to slon This allows a slon to
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the Slony1-commit mailing list