If standby_disconnect_on_failover
is set to true
in
repmgr.conf
, in a failover situation repmgrd will forcibly disconnect
the local node's WAL receiver, and wait for the WAL receiver on all sibling nodes to be
disconnected, before making a failover decision.
standby_disconnect_on_failover
is available with PostgreSQL 9.5 and later.
Until PostgreSQL 14 this requires that the repmgr
database user is a superuser.
From PostgreSQL 15 a specific ALTER SYSTEM privilege can be granted to the repmgr
database
user with e.g. GRANT ALTER SYSTEM ON PARAMETER wal_retrieve_retry_interval TO repmgr
.
By doing this, it's possible to ensure that, at the point the failover decision is made, no nodes are receiving data from the primary and their LSN location will be static.
standby_disconnect_on_failover
must be set to the same value on
all nodes.
Note that when using standby_disconnect_on_failover
there will be a delay of 5 seconds
plus however many seconds it takes to confirm the WAL receiver is disconnected before
repmgrd proceeds with the failover decision.
repmgrd will wait up to sibling_nodes_disconnect_timeout
seconds (default:
30
) to confirm that the WAL receiver on all sibling nodes hase been
disconnected before proceding with the failover operation. If the timeout is reached, the
failover operation will go ahead anyway.
Following the failover operation, no matter what the outcome, each node will reconnect its WAL receiver.
If using standby_disconnect_on_failover
, we recommend that the
primary_visibility_consensus
option is also used.