From ba5f034c08413a1bbcf4be4cb998cbca72617cde Mon Sep 17 00:00:00 2001 From: Andi Skrgat Date: Fri, 2 May 2025 08:07:56 +0200 Subject: [PATCH] Document failovering to sync replicas only --- pages/clustering/high-availability.mdx | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) diff --git a/pages/clustering/high-availability.mdx b/pages/clustering/high-availability.mdx index 9c4b7fc4..45bd10f8 100644 --- a/pages/clustering/high-availability.mdx +++ b/pages/clustering/high-availability.mdx @@ -384,6 +384,30 @@ server that coordinator instances use for communication. Flag `--instance-health check the status of the replication instance to update its status. Flag `--instance-down-timeout-sec` gives the user the ability to control how much time should pass before the coordinator starts considering the instance to be down. + + + + + + + + + + + + + +Users can also choose whether failovering to async replica is allowed by using the following query: + +``` +SET COORDINATOR SETTING 'sync_failover_only' TO 'true'/'false' ; +``` + +By the default the value is true which means that only sync replicas are candidates in the election. When the value is set to false, async replica is also considered but +there is then an additional risk of experiencing a data loss. However, failovering to async replica may be necessary when other sync replicas are down and you want to +manually perform a failover. + + Consider the instance to be down only if several consecutive pings fail because a single ping can fail because of a large number of different reasons in distributed systems.