Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from ) id 1vvYsy-007wg0-0d for pgsql-hackers@arkaria.postgresql.org; Thu, 26 Feb 2026 10:46:24 +0000 Received: from localhost ([127.0.0.1] helo=malur.postgresql.org) by malur.postgresql.org with esmtp (Exim 4.96) (envelope-from ) id 1vvYsw-00Bs4e-3D for pgsql-hackers@arkaria.postgresql.org; Thu, 26 Feb 2026 10:46:23 +0000 Received: from makus.postgresql.org ([2001:4800:3e1:1::229]) by malur.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from ) id 1vvYsw-00Bs4Q-1n for pgsql-hackers@lists.postgresql.org; Thu, 26 Feb 2026 10:46:22 +0000 Received: from mail-ua1-x92c.google.com ([2607:f8b0:4864:20::92c]) by makus.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.98.2) (envelope-from ) id 1vvYst-00000001HSq-1e54 for pgsql-hackers@postgresql.org; Thu, 26 Feb 2026 10:46:21 +0000 Received: by mail-ua1-x92c.google.com with SMTP id a1e0cc1a2514c-94dd7178d63so421654241.3 for ; Thu, 26 Feb 2026 02:46:20 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1772102780; cv=none; d=google.com; s=arc-20240605; b=k1AQbPkSj424EzHlfFjoxD7eLA+l0RGBX8X39Ks597nH/lsedlyuw65mwksHAaP6nF aEyyTVHhy5delbiT2yWQw0MmLauVQPGMOvlZ1fd10XUx8VmnpbZuMzjVr41sjiZfvpwJ PQ4+u8QD50rHYtM/T0rtH141P64eECEOrCfmQTXAJPz2jKp7ms0Gq3zl6X0xq5QCtLCF +seLIxWy7cpGUUoaymr0GucpyNVd7h6bqqEed/3yiNwhu/kmr7bbRZKxF46O/qheSl8Y VNAKiMq9DkcOG8o1cl+3Ho/6z5TyMo9///Tmh5DRZk4MLtHbDYwDnAm+1r8KpWbUhnWt soCQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:dkim-signature; bh=dSv8BgT5ov0gi8JizCLPxhGqEOWOiPJv0enS7MrX1Sg=; fh=A7jy50QDpiNA2hOwJpm7fAtSEV1jtwANtkgLWykQD+Y=; b=fqNUFQyWNG8W1T49lCmW7M2RPk9bkcADlUrNjbpIpzxHRSFgZia8xpqqYF2A4Zk2U+ mqJha6T2afafOXqxHjW4vm2io49wTvJQfjQJHkODRpAMej7elktnyYR/HNt7q167eWgC jD3+LtI59hSTCNBDFx6cZnv/AWLu9+3uYFLQBnB4v62DBKR73qaEcowQKSiE0tmB2Jga Hu+BtyTv5EMXV9j8FcQFkRMIFshsRJ79ZBgiOQPYLpIj5FA0s8MI6UIKZumFwNayXDw2 LGbcLombIrFbYi0GkwZxF7O1pCfcCX2Pk9qgmHYS+7Ql9lHZV5rXFouJoypAaMTPzS9+ 1QdQ==; darn=postgresql.org ARC-Authentication-Results: i=1; mx.google.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1772102780; x=1772707580; darn=postgresql.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=dSv8BgT5ov0gi8JizCLPxhGqEOWOiPJv0enS7MrX1Sg=; b=B2TwBy3le/6W/eMrtQD1rrJsSx4GfKmxFaE9FQNm3P/r++rYiedlZAynyBURolH2Ky qk86by3+LjVRtPx+FLrGHU2TOVghW2TQOwMWVTQ3sYwdd07tG8ubRcJJTnQWMnjUTx8J 5G22fxUzCKUQAlX/iXQ5yHzP1nXmKYLWXINUT6uZhqULM7iw4n22Og4P3Z2pB6ZVkUnY ABeaazEpbb7nm6eEgG3CfVVzX4OnfPB741RL/jmAv0XEwARe7Ob/jkSEB+rXZA+qFhG6 tTAhBuEYyuBJpzYko7AosCxBN3r438jFfprgHKFKLRILLuw6kfd1em2KTeLvFqFToHOn Aipg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1772102780; x=1772707580; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-gg:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=dSv8BgT5ov0gi8JizCLPxhGqEOWOiPJv0enS7MrX1Sg=; b=ucNhxtgNElMbCjGVqKBazW+RdtMsld45XcEmuHdnKcy0xfZs92VO/bb9nKdx30uuX9 Rbu3XVSjQWzjLVAKsNlTp/XBpiZQoY+z0cqb7IA8vs1JZDBDS5XqRijOrtrbh5azP9dK /uOnUVbRWa8TUPL2gkLXRAI4SGQscEc2RCeghZN93kDOz5jjU9tMesOG75AGCQQnXG7w tOJWosATe2EMk09Fk7ZM1+kiELCgOxr0uXWoph97fqRUGInvTTH99ShQQFFN52DmOw3U QZeohSwRI7gi8urOfVFFIgSuqRuc6APM+Rj+8B5ttzjlWFieO4bNTNqcVwZ5v6dzmd6s Mb5w== X-Forwarded-Encrypted: i=1; AJvYcCVqO/p4ybpRzOMGBqUw6zWkESqKinnO3u+pGZnAS7T7WKWDcUY1Im6dm39tDMMgycJh9RtjEFNA1oO3AvI0@postgresql.org X-Gm-Message-State: AOJu0YxHwtJKvXVbMkEMTFNKGxj9Ocg/bayI3DOEywFYA9tghORNmCP5 pBJVn1xHIl4ZW3Hu0PuO51anya/vuptAAVeDDYtLde8te72OXFI5nIuebLJqqRq4AjVvidmha4X Khr2aOjY+LiK5jWpuIp+urO8UbX4Vb00= X-Gm-Gg: ATEYQzysQsg5apREMLRo82eYzZkqNR7OXOfXH5nwgpbBzgbKTc6uLOzj+qcYKTkm41C rxP5CyRKYI36noIqSlby6n3CEa75ttgzXV8jkIP9cEXQm5vnVNzpMIokHN4GOVbdprOD66mkfVi SSSwlX5YhHjCnfHXMcmRY1xUrrjiHxhuWgAY9RdhgbDKPWiW95DFdUba/nQhgAeOBwR8scDG89N 79BtPyIQ6+255mY64oNTiYpiHpNqh6JqH5P3T7KWT2VmQJ4N0+AKyhL49blU2T/kvUOM9oQ4jdE V4ULJJA= X-Received: by 2002:a05:6102:94d:b0:5e5:6eee:8adb with SMTP id ada2fe7eead31-5feb2e8f35emr9525150137.4.1772102779627; Thu, 26 Feb 2026 02:46:19 -0800 (PST) MIME-Version: 1.0 References: In-Reply-To: From: SATYANARAYANA NARLAPURAM Date: Thu, 26 Feb 2026 02:46:08 -0800 X-Gm-Features: AaiRm51qTe1xleznJGhaVn8SZ82aq-9xf5drUoRIRhuI3poOslDcCMqz0jKf7Eg Message-ID: Subject: Re: synchronized_standby_slots behavior inconsistent with quorum-based synchronous replication To: Ashutosh Sharma Cc: shveta malik , Amit Kapila , PostgreSQL-development , PostgreSQL Hackers Content-Type: multipart/alternative; boundary="000000000000af6d6a064bb7d4c0" List-Id: List-Help: List-Subscribe: List-Post: List-Owner: List-Archive: Archived-At: Precedence: bulk --000000000000af6d6a064bb7d4c0 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Hi Ashutosh, On Thu, Feb 26, 2026 at 1:11=E2=80=AFAM Ashutosh Sharma wrote: > Hi, > > On Thu, Feb 26, 2026 at 2:15=E2=80=AFPM shveta malik > wrote: > > > > On Thu, Feb 26, 2026 at 1:54=E2=80=AFPM SATYANARAYANA NARLAPURAM > > wrote: > > > > > > Hi Ashutosh, > > > > > > On Wed, Feb 25, 2026 at 11:42=E2=80=AFPM Ashutosh Sharma < > ashu.coek88@gmail.com> wrote: > > >> > > >> > > >> I don't think we should be comparing "synchronous_standby_names" wit= h > > >> "synchronized_standby_slots", even though they appear similar in > > >> purpose. All values listed in synchronous_standby_names represent > > >> synchronous standbys exclusively, whereas synchronized_standby_slots > > >> can hold values for both synchronous and asynchronous standbys. In > > >> other words, every server referenced by synchronous_standby_names is > > >> of the same type, but that may not be the case with > > >> synchronized_standby_slots. > > >> > > >> If a GUC can hold values of different types (sync vs. async), does i= t > > >> really make sense to use a qualifier like ANY 1 (val1, val2) when va= l1 > > >> and val2 are different in nature? For example, suppose val1 is a > > >> synchronous standby and val2 is an asynchronous standby, and we > > >> configure ANY 1 (val1, val2). It's possible for val2 to get ahead of > > >> val1 in terms of replication progress, which in turn could mean the > > >> logical replica is also ahead of val1. So if we were to fail over to > > >> val1 (since it's the only synchronous standby), we will not be able = to > > >> use the existing logical replication setup. > > > > > > > > > If the failover orchestrator cannot ensure standby1 to not get the > quorum committed WAL (from archive or standby2) then the setting ANY 1 > (val1, val2) is invalid. > > > This setup also has issues because in your scenario, standby2 is ahea= d > of the new primary (standby1) and standby2 requires now to rewind to be i= n > sync with the new primary. Additionally, it allowed readers to read data > that was lost at the end of the failover. We ideally need a mechanism to > not send WAL to async replicas before the sync replicas commit (honoring > syncrhnous_standby_names GUC) feature (similar to > synchronized_standby_slots). It could be a different thread on its own. > > > > > > +1 on the overall idea of the patch. > > I understand the concern raised above that one of the standbys in the > > quorum (synchronized_standby_slots) might lag behind the logical > > replica, and a user could potentially failover to such a standby. But > > I also agree with Amit that configuring failover correctly is > > ultimately the responsibility of failover-solution. And instructions > > in doc should be followed before deciding if a standby is > > failover-ready or not. > > > > As suggested in [1], IMO, it is a reasonably good idea for > > 'synchronized_standby_slots' to DEFAULT to the value of > > 'synchronous_standby_names'. That way, even if the user missed to > > configure 'synchronized_standby_slots' explicitly, we would still have > > reasonable protection in place. At the same time, if a user > > intentionally chooses not to configure it, a NULL/NONE value should > > remain a valid option. > > > > AFAIU, not all names listed in "synchronous_standby_names" are > necessarily synchronous standbys. Tools like pg_receivewal, for > example, can establish a replication connection to the primary and > appear in that list. Therefore, deriving "synchronized_standby_slots" > from "synchronous_standby_names", if not set by the user would cause > logical slots to be synchronized to whatever nodes those names > represent, including a host running pg_receivewal, which is certainly > not something the user would have intended to do. Therefore I feel > this might not just be the good choice. Agreed, not a good idea to have synchronized_standby_slots default to synchronous_standby_names because application_names and slot names are different as stated. Thanks, Satya --000000000000af6d6a064bb7d4c0 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Hi Ashutosh,

On Thu,= Feb 26, 2026 at 1:11=E2=80=AFAM Ashutosh Sharma <ashu.coek88@gmail.com> wrote:
Hi,

On Thu, Feb 26, 2026 at 2:15=E2=80=AFPM shveta malik <shveta.malik@gmail.com> wr= ote:
>
> On Thu, Feb 26, 2026 at 1:54=E2=80=AFPM SATYANARAYANA NARLAPURAM
> <sat= yanarlapuram@gmail.com> wrote:
> >
> > Hi Ashutosh,
> >
> > On Wed, Feb 25, 2026 at 11:42=E2=80=AFPM Ashutosh Sharma <ashu.coek88@gmail.co= m> wrote:
> >>
> >>
> >> I don't think we should be comparing "synchronous_st= andby_names" with
> >> "synchronized_standby_slots", even though they appe= ar similar in
> >> purpose. All values listed in synchronous_standby_names repre= sent
> >> synchronous standbys exclusively, whereas synchronized_standb= y_slots
> >> can hold values for both synchronous and asynchronous standby= s. In
> >> other words, every server referenced by synchronous_standby_n= ames is
> >> of the same type, but that may not be the case with
> >> synchronized_standby_slots.
> >>
> >> If a GUC can hold values of different types (sync vs. async),= does it
> >> really make sense to use a qualifier like ANY 1 (val1, val2) = when val1
> >> and val2 are different in nature? For example, suppose val1 i= s a
> >> synchronous standby and val2 is an asynchronous standby, and = we
> >> configure ANY 1 (val1, val2). It's possible for val2 to g= et ahead of
> >> val1 in terms of replication progress, which in turn could me= an the
> >> logical replica is also ahead of val1. So if we were to fail = over to
> >> val1 (since it's the only synchronous standby), we will n= ot be able to
> >> use the existing logical replication setup.
> >
> >
> > If the failover orchestrator cannot ensure standby1 to not get th= e quorum committed WAL (from archive or standby2) then the setting ANY 1 (v= al1, val2) is invalid.
> > This setup also has issues because in your scenario, standby2 is = ahead of the new primary (standby1) and standby2 requires now to rewind to = be in sync with the new primary. Additionally, it allowed readers to read d= ata that was lost at the end of the failover. We ideally need a mechanism t= o not send WAL to async replicas before the sync replicas commit=C2=A0 (hon= oring syncrhnous_standby_names GUC) feature (similar to synchronized_standb= y_slots). It could be a different thread on its own.
>
>
> +1 on the overall idea of the patch.
> I understand the concern raised above that one of the standbys in the<= br> > quorum (synchronized_standby_slots) might lag behind the logical
> replica, and a user could potentially failover to such a standby. But<= br> > I also agree with Amit that configuring failover correctly is
> ultimately the responsibility of failover-solution. And instructions > in doc should be followed before deciding if a standby is
> failover-ready or not.
>
> As suggested in [1], IMO, it is a reasonably good idea for
> 'synchronized_standby_slots' to DEFAULT to the value of
> 'synchronous_standby_names'. That way, even if the user missed= to
> configure 'synchronized_standby_slots' explicitly, we would st= ill have
> reasonable protection in place. At the same time, if a user
> intentionally chooses not to configure it, a NULL/NONE value should > remain a valid option.
>

AFAIU, not all names listed in "synchronous_standby_names" are necessarily synchronous standbys. Tools like pg_receivewal, for
example, can establish a replication connection to the primary and
appear in that list. Therefore, deriving "synchronized_standby_slots&q= uot;
from "synchronous_standby_names", if not set by the user would ca= use
logical slots to be synchronized to whatever nodes those names
represent, including a host running pg_receivewal, which is certainly
not something the user would have intended to do. Therefore I feel
this might not just be the good choice.

Agr= eed, not a good idea to have=C2=A0 synchronized_standby_slots default to sy= nchronous_standby_names because application_names and slot names are differ= ent as stated.

Thanks,
Satya=C2=A0
=
--000000000000af6d6a064bb7d4c0--