Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from ) id 1vvXPe-006rkt-30 for pgsql-hackers@arkaria.postgresql.org; Thu, 26 Feb 2026 09:12:03 +0000 Received: from localhost ([127.0.0.1] helo=malur.postgresql.org) by malur.postgresql.org with esmtp (Exim 4.96) (envelope-from ) id 1vvXPd-00BPWc-1I for pgsql-hackers@arkaria.postgresql.org; Thu, 26 Feb 2026 09:12:01 +0000 Received: from magus.postgresql.org ([2a02:c0:301:0:ffff::29]) by malur.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from ) id 1vvXPd-00BPWN-05 for pgsql-hackers@lists.postgresql.org; Thu, 26 Feb 2026 09:12:01 +0000 Received: from mail-dl1-x122c.google.com ([2607:f8b0:4864:20::122c]) by magus.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.98.2) (envelope-from ) id 1vvXPa-00000001Mfq-0KmF for pgsql-hackers@lists.postgresql.org; Thu, 26 Feb 2026 09:12:00 +0000 Received: by mail-dl1-x122c.google.com with SMTP id a92af1059eb24-1271195d2a7so342086c88.0 for ; Thu, 26 Feb 2026 01:11:58 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1772097117; cv=none; d=google.com; s=arc-20240605; b=BWq+t/fChcsEs7UHXcifG/7bbrIKSIErrgSpJbPX0HJ96ioEGQ4DIu23/XiRzce7ff 7DLDLp4PO/ttX+4oMbEMMGudlrtCbhbIfEig2wVft1Zx7VT1yseui+qdx0oNuJw64BAm xJOZdxRzEOg4yhBXyJMcbJXqrMmh5jXzgjyyGyUHfuVeaH5IqLsVVdnv2Su5/Jfd5SeL Vrser5u7qbu0ke3lFtxNyk1I1ENODYkX42LU5+OvodlP4pITV4wg8oHB/A7sNI802peF 0n8DabSKt463R/Xwtd3fVbXDlXt0IWrkpwQq5z2ca4AGBLC0gb3Q216+oO7AvVPGaexk 1H3Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=v4YOAOcjAcTok84M6ZXV012f/JTnqzrPU+9b9A11QZg=; fh=+doj2JvSHFN+tUz8A4WxBI3cxnIxVSQc7VIIVzuqPuc=; b=QqgU9gRZa4RAE4fYIL1ayuCf6GyOzTWnQVMM10ljt4FmyyNqhVZu5vUZ88UzkJ6foZ X9hXcxe9PkhWYYx4YVK8hDwWxNcrNDxUNs/A7afOhTjMpiIBRS+BEEichlQBKiceMSvn ZVjtpZ6oKE4m1zwRmMUXSgCvVXDv6A6RKMl1XrYYHv6EWmgIESGyGHjfcjzltEGgtYtR LYYE5cDf7ieADlL0xRS0gJ/YWORS+4RpBLvheyWmzeGpOEn97JDQk4BAFl0+CW2riPY3 vPoMwkD7Kh/eSisaCgSrewgfYgsgUIlWe88FjJNTfylHeNYDBzICytaD/jeNl0vM51z2 pA6A==; darn=lists.postgresql.org ARC-Authentication-Results: i=1; mx.google.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1772097117; x=1772701917; darn=lists.postgresql.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=v4YOAOcjAcTok84M6ZXV012f/JTnqzrPU+9b9A11QZg=; b=WYfwj70uWfFC7sHT/roINYhtyPHb2Yp8iFC9X+m2VwEqQdbLpyGSXa39BHJ7uBz9Kw T39k0soFL2aMfrxBhr58H4VlvqOAbnmvl9bcaFjbeKIgOH9FdL3b/T4CTjgBMPPNe7vv /JDUQD/BivlK1vOuM3R27ga0YG4tC90cey743J/t3fbO0GjVFR3vKF38YRlr7/a476H7 3I7vgoUzBXEXOzUmW2qlPLprvy4pAyu2flHHBBUtDM1V3JuJdPHaLsWtdiowzkzJ6qO9 pKVwn19K23TIj8FY+JEH4ION36wKbtw6qvd1K1MvGFSRJE42RefowBXxwXazEYvWRk3x 987Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1772097117; x=1772701917; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=v4YOAOcjAcTok84M6ZXV012f/JTnqzrPU+9b9A11QZg=; b=RVR63HwOeo0ObEEzT9myhIv75LaM4McIqMdtiXJjIAQbLsnXFwYqeOxE23UXtVgXKW ntgZ5rRZHnDTqsoQpirBvoje+RTiAOXn0+GYPb/0pXXtFERoXPQ+K03F0ZBxbY03nPVD kiBDHY3H1wFNZfCwNX4LkuU+gNSWcHBHAxLHw1xpemvvtP/c2TJa7Y6u3WmIfhEU5KOm ra0cYP/Z1fIzmvLbzMHZoQTFbWOJ05cVmviTMMqxoO8ec/wm7vQ1tvi82+A4yzvEECXI AzDU0a2ZgH33rU0uhPXb0q0ChKYGRnIcASdD6kf6Py0tx9pjqarkcnef0d3M8yc+awFL 7Vfg== X-Forwarded-Encrypted: i=1; AJvYcCX2duAhnNWwJpxYxnRnOzT/IEdgy9MzgZkD2IVb9XvqkXGJq4aAAG5rJR2wYbUnKZYz1X5h9NJljgyB32kB@lists.postgresql.org X-Gm-Message-State: AOJu0Yxum35u5NFyyLVd+HPmXwRYtKyHYtUB+I/ct6bRDG+RpJuzxmEU 5o3DVT1Uv5nif6wYj3Zr5kq1uouS6rqraxGK6ogyaXhKM0VNd5A9hTMoksdiuiI6sekVWWG8/BN QfmViqG6S/7UaiN6aZH7Usvm7RAunEQw= X-Gm-Gg: ATEYQzwz0g7BWkZgTY+vHgQ/0E1iXd8nivPuRaETFY48Xu75wBGFsQEfawPUGCJwoob 8fCpvySoK+J5aGDGdgYe9/GFTzBgYt1ClH0c5XYhN5Zkmd5XJP6gRsxawYeKcguGZs22uskcFDu DP4o2rQEpm63MLJ9EKT5t7RLSVAMcH9xnON9RhUkTY04zPBdNwUF0e79hOXjhImkOJ0uEN6hFnY aAH2rEfGLYDpVP8gkBGGZ1xoZIe0BMnUPWdHZpFg6NsqBo/8lCuli9Dw2zPRC8+ISZDw0m4LE4a lBjI4wa19jEfFPoLR9+V/0EnBUPaMMqwJvaXl+LP298yQlPeEEw= X-Received: by 2002:a05:7022:ba0:b0:11d:f440:b758 with SMTP id a92af1059eb24-12786990971mr1567427c88.25.1772097116485; Thu, 26 Feb 2026 01:11:56 -0800 (PST) MIME-Version: 1.0 References: In-Reply-To: From: Ashutosh Sharma Date: Thu, 26 Feb 2026 14:41:42 +0530 X-Gm-Features: AaiRm53Csno4VnaLlp_MLf4afecvtn2KllbSX5OCPXAn6WOfL04aMqKADUmJwSY Message-ID: Subject: Re: synchronized_standby_slots behavior inconsistent with quorum-based synchronous replication To: shveta malik Cc: SATYANARAYANA NARLAPURAM , Amit Kapila , PostgreSQL-development , PostgreSQL Hackers Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable List-Id: List-Help: List-Subscribe: List-Post: List-Owner: List-Archive: Archived-At: Precedence: bulk Hi, On Thu, Feb 26, 2026 at 2:15=E2=80=AFPM shveta malik wrote: > > On Thu, Feb 26, 2026 at 1:54=E2=80=AFPM SATYANARAYANA NARLAPURAM > wrote: > > > > Hi Ashutosh, > > > > On Wed, Feb 25, 2026 at 11:42=E2=80=AFPM Ashutosh Sharma wrote: > >> > >> > >> I don't think we should be comparing "synchronous_standby_names" with > >> "synchronized_standby_slots", even though they appear similar in > >> purpose. All values listed in synchronous_standby_names represent > >> synchronous standbys exclusively, whereas synchronized_standby_slots > >> can hold values for both synchronous and asynchronous standbys. In > >> other words, every server referenced by synchronous_standby_names is > >> of the same type, but that may not be the case with > >> synchronized_standby_slots. > >> > >> If a GUC can hold values of different types (sync vs. async), does it > >> really make sense to use a qualifier like ANY 1 (val1, val2) when val1 > >> and val2 are different in nature? For example, suppose val1 is a > >> synchronous standby and val2 is an asynchronous standby, and we > >> configure ANY 1 (val1, val2). It's possible for val2 to get ahead of > >> val1 in terms of replication progress, which in turn could mean the > >> logical replica is also ahead of val1. So if we were to fail over to > >> val1 (since it's the only synchronous standby), we will not be able to > >> use the existing logical replication setup. > > > > > > If the failover orchestrator cannot ensure standby1 to not get the quor= um committed WAL (from archive or standby2) then the setting ANY 1 (val1, v= al2) is invalid. > > This setup also has issues because in your scenario, standby2 is ahead = of the new primary (standby1) and standby2 requires now to rewind to be in = sync with the new primary. Additionally, it allowed readers to read data th= at was lost at the end of the failover. We ideally need a mechanism to not = send WAL to async replicas before the sync replicas commit (honoring syncr= hnous_standby_names GUC) feature (similar to synchronized_standby_slots). I= t could be a different thread on its own. > > > +1 on the overall idea of the patch. > I understand the concern raised above that one of the standbys in the > quorum (synchronized_standby_slots) might lag behind the logical > replica, and a user could potentially failover to such a standby. But > I also agree with Amit that configuring failover correctly is > ultimately the responsibility of failover-solution. And instructions > in doc should be followed before deciding if a standby is > failover-ready or not. > > As suggested in [1], IMO, it is a reasonably good idea for > 'synchronized_standby_slots' to DEFAULT to the value of > 'synchronous_standby_names'. That way, even if the user missed to > configure 'synchronized_standby_slots' explicitly, we would still have > reasonable protection in place. At the same time, if a user > intentionally chooses not to configure it, a NULL/NONE value should > remain a valid option. > AFAIU, not all names listed in "synchronous_standby_names" are necessarily synchronous standbys. Tools like pg_receivewal, for example, can establish a replication connection to the primary and appear in that list. Therefore, deriving "synchronized_standby_slots" from "synchronous_standby_names", if not set by the user would cause logical slots to be synchronized to whatever nodes those names represent, including a host running pg_receivewal, which is certainly not something the user would have intended to do. Therefore I feel this might not just be the good choice. -- With Regards, Ashutosh Sharma.