Prerequisites

Before configuring a Failover Manager cluster, you must satisfy the prerequisites described below.

Install Java 1.8 (or later)

Before using Failover Manager, you must first install Java (version 1.8 or later). Failover Manager is tested with OpenJDK, and we strongly recommend installing that version of Java. Installation instructions for Java are platform specific.

Provide an SMTP Server

You can receive notifications from Failover Manager as specified by a user-defined notification script, by email, or both.

  • If you are using email notifications, an SMTP server must be running on each node of the Failover Manager scenario.
  • If you provide a value in the script.notification property, you can leave the user.email field blank; an SMTP server is not required.

If an event occurs, Failover Manager invokes the script (if provided), and sends a notification email to any email addresses specified in the user.email parameter of the cluster properties file. For more information about using an SMTP server, visit:

https://access.redhat.com/site/documentation

Configure Streaming Replication

Failover Manager requires that PostgreSQL streaming replication be configured between the Master node and the Standby node or nodes. Failover Manager does not support other types of replication.

On database versions 11 (or prior), unless specified with the -sourcenode option, a recovery.conf file is copied from a random standby node to the stopped master during switchover. You should ensure that the paths within the recovery.conf file on your standby nodes are consistent before performing a switchover. For more information about the -sourcenode option, please see Promoting a Failover Manager Node.

On database version 12, the primary_conninfo, restore_command, and promote_trigger_file properties are copied to the stopped master during switchover (unless otherwise specified with the -sourcenode option.

Please note that Failover Manager does not support automatic reconfiguration of the standby databases after a failover if you use replication slots to manage your WAL segments. If you use replication slots, you should set the auto.reconfigure parameter to false, and manually reconfigure the standby servers in the event of a failover.

Modify the pg_hba.conf File

You must modify the pg_hba.conf file on the Master and Standby nodes, adding entries that allow communication between the all of the nodes in the cluster. The following example demonstrates entries that might be made to the pg_hba.conf file on the Master node:

# access for itself
host fmdb efm 127.0.0.1/32 md5
# access for standby
host fmdb efm 192.168.27.1/32 md5
# access for witness
host fmdb efm 192.168.27.34/32 md5

Where:

efm specifies the name of a valid database user.

fmdb specifies the name of a database to which the efm user may connect.

By default, the pg_hba.conf file resides in the data directory, under your Postgres installation. After modifying the pg_hba.conf file, you must reload the configuration file on each node for the changes to take effect. You can use the following command:

# systemctl reload edb-as-x

Where x specifies the Postgres version.

Using Autostart for the Database Servers

If a Master node reboots, Failover Manager may detect the database is down on the Master node and promote a Standby node to the role of Master. If this happens, the Failover Manager agent on the (rebooted) Master node will not get a chance to write the recovery.conf file; the recovery.conf file prevents the database server from starting. If this happens, the rebooted Master node will return to the cluster as a second Master node.

To prevent this, start the Failover Manager agent before starting the database server. The agent will start in idle mode, and check to see if there is already a master in the cluster. If there is a master node, the agent will verify that a recovery.conf or standby.signal file exists, and the database will not start as a second master.

Ensure Communication Through Firewalls

If a Linux firewall (i.e. iptables) is enabled on the host of a Failover Manager node, you may need to add rules to the firewall configuration that allow tcp communication between the Failover Manager processes in the cluster. For example:

# iptables -I INPUT -p tcp --dport 7800:7810 -j ACCEPT
/sbin/service iptables save

The command shown above opens a small range of ports (7800 through 7810). Failover Manager will connect via the port that corresponds to the port specified in the cluster properties file.

Ensure that the Database user has Sufficient Privileges

The database user specified by the db.user property in the efm.properties file must have sufficient privileges to invoke the following functions on behalf of Failover Manager:

pg_current_wal_lsn()

pg_last_wal_replay_lsn()

pg_wal_replay_resume()

pg_reload_conf()

For detailed information about each of these functions, please see the PostgreSQL core documentation

The user must also have permissions to read the values of configuration variables; a database superuser can use the PostgreSQL GRANT command to provide the permissions needed:

GRANT pg_read_all_settings TO user_name;

For more information about pg_read_all_settings, please see the PostgreSQL core documentation