patroni icon indicating copy to clipboard operation
patroni copied to clipboard

Published 20 hours ago verified publisher icon zalando

Split-brain possible on simple configuration mistake

Open kmoppel opened this issue 4 years ago • 0 comments

Currently Patroni will happily launch a 2nd primary if the "member" name is by accident a duplicate of the current leader.

Sure it's an operator error...but I think would be relatively easy to avoid it by first checking the current leader's (if exists) role directly over the Patroni API.

This situation won't happen on new setups as there's seems to be a check against that (although the message "released leader key voluntarily as data dir empty and currently leader" hints that the new duplicate node still grabbed the key), but rather with a "takeover" of some old Postgres clusters where the PGDATA exists.

To Reproduce

  1. Start the 1st node as leader.
  2. Start a 2nd node that will be bootstrapped as replica.
  3. Change the replica config so that the member name (name) matches the leader's name.
  4. Restart Patroni on 2nd node

kmoppel avatar Dec 31 '20 10:12 kmoppel