<div dir="ltr"><div>Hi Ishii-San,</div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Sat, Aug 17, 2019 at 1:00 PM Tatsuo Ishii <<a href="mailto:ishii@sraoss.co.jp">ishii@sraoss.co.jp</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">> Hi Ishii-San<br>
> <br>
> <br>
> On Thu, Aug 15, 2019 at 11:42 AM Tatsuo Ishii <<a href="mailto:ishii@sraoss.co.jp" target="_blank">ishii@sraoss.co.jp</a>> wrote:<br>
> <br>
>> Hi Usama,<br>
>><br>
>> When number of Pgpool-II nodes is even, it seems consensus based<br>
>> failover occurs if n/2 Pgpool-II agrees on the failure. For example,<br>
>> if there are 4 nodes of Pgpool-II, 2 nodes agree on the failure,<br>
>> failover occurs. Is there any reason behind this? I am asking because<br>
>> it could easily lead to split brain, because 2 nodes could agree on<br>
>> the failover while other 2 nodes disagree. Actually other HA software,<br>
>> for example etcd, requires n/2+1 vote to gain consensus.<br>
>><br>
>><br>
>> <a href="https://github.com/etcd-io/etcd/blob/master/Documentation/faq.md#what-is-failure-tolerance" rel="noreferrer" target="_blank">https://github.com/etcd-io/etcd/blob/master/Documentation/faq.md#what-is-failure-tolerance</a><br>
>><br>
>> With n/2+1 vote requirements, there's no possibility of split brain.<br>
>><br>
>><br>
> Yes, your observation is spot on. The original motivation to consider the<br>
> exact n/2 votes for consensus rather (n/2 +1)<br>
> was to ensure the working of 2 node Pgpool-II clusters.<br>
> My understanding was that most of the users use 2 Pgpool-II nodes in their<br>
> setup, so I wanted<br>
> to make sure that in the case when one of the Pgpool-II nodes goes down (<br>
> In 2 node) cluster the consensus<br>
> should still be possible.<br>
> But your point is also valid that makes the system prone to split-brain. So<br>
> what are your suggestions on that?<br>
> I think we can introduce a new configuration parameter to enable/disable<br>
> n/2 node consensus.<br>
<br>
If my understanding is correct, current behavior for 2 node Pgpool-II<br>
clusters there's no difference whether failover_when_quorum_exists is<br>
on or off. That means for 2 node Pgpool-II clusters even if we change<br>
n/2 node consensus to n/2+1 consensus, 2 node users could keep the<br>
existing behavior by turning off failover_when_quorum_exists. If this<br>
is correct, we don't need to introduce the new switch for 4.1, just<br>
change n/2 node consensus to n/2+1 consensus. What do you think?<br></blockquote><div><br></div><div>Yes, that's true, turning off the failover_when_quorum_exists will effectively give us the</div><div>same behaviour for 2 nodes cluster.</div><div><br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<br>
The only concern is 4 node Pgpool-II clusters. I doubt there's 4 node<br>
users in the field though.<br></blockquote><div><br></div><div>Yes, you are right there wouldn't be many users who would deploy 4 nodes cluster. But somehow we need</div><div>to keep the behaviour and configurations consistent for all possible scenarios.</div><div><br></div><div>Also, the decision of considering either n/2 or (n/2 +1) as a valid consensus for voting is not only limited to</div><div>the backend node failover. Pgpool-II also considers the valid consensus with n/2 votes when deciding the</div><div>watchdog master. And currently, the behaviour of watchdog master elections and backend node failover consensus</div><div>building is consistent. So If we want to revisit this we might need to consider the behaviour in both cases. </div><div><br></div><div><br></div><div>Thanks</div><div>Best Regards</div><div>Muhammad Usama</div><div><br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<br>
Best regards,<br>
--<br>
Tatsuo Ishii<br>
SRA OSS, Inc. Japan<br>
English: <a href="http://www.sraoss.co.jp/index_en.php" rel="noreferrer" target="_blank">http://www.sraoss.co.jp/index_en.php</a><br>
Japanese:<a href="http://www.sraoss.co.jp" rel="noreferrer" target="_blank">http://www.sraoss.co.jp</a><br>
</blockquote></div></div>