Add Patroni recovery control option documentation

- Documents features of Patroni both existing and targeted for addition in GitLab 13.7 that control Patroni's behavior when the primary node resumes operation and rejoins the database cluster. Related https://gitlab.com/gitlab-org/omnibus-gitlab/-/issues/5746 Related https://gitlab.com/gitlab-org/omnibus-gitlab/-/issues/5759 Closes https://gitlab.com/gitlab-org/gitlab/-/issues/290999Signed-off-by: Robert Marshall <rmarshall@gitlab.com>

Add Patroni recovery control option documentation
- Documents features of Patroni both existing and targeted for addition in GitLab 13.7 that control Patroni's behavior when the primary node resumes operation and rejoins the database cluster. Related https://gitlab.com/gitlab-org/omnibus-gitlab/-/issues/5746 Related https://gitlab.com/gitlab-org/omnibus-gitlab/-/issues/5759 Closes https://gitlab.com/gitlab-org/gitlab/-/issues/290999Signed-off-by: Robert Marshall <rmarshall@gitlab.com>
e52e4b53 · Robert Marshall · Achilleas Pipinellis · 2ea22821 · e52e4b53
Commit e52e4b53 authored Dec 22, 2020 by Robert Marshall Committed by Achilleas Pipinellis Dec 22, 2020
Hide whitespace changes
Inline Side-by-side

Showing with 37 additions and 0 deletions

doc/administration/postgresql/replication_and_failover.md doc/administration/postgresql/replication_and_failover.md +37 -0

No files found.
--- a/doc/administration/postgresql/replication_and_failover.md
+++ b/doc/administration/postgresql/replication_and_failover.md
@@ -757,6 +757,43 @@ functional or does not have a leader, Patroni and by extension PostgreSQL will n
 API which can be accessed via its [default port](https://docs.gitlab.com/omnibus/package-information/defaults.html#patroni)
 on each node.

+### Selecting the appropriate Patroni replication method
+
+[Review the Patroni documentation carefully](https://patroni.readthedocs.io/en/latest/SETTINGS.html#postgresql)
+before making changes as **_some of the options carry a risk of potential data
+loss if not fully understood_**. The [replication mode](https://patroni.readthedocs.io/en/latest/replication_modes.html)
+configured determines the amount of tolerable data loss.
+
+WARNING:
+Replication is not a backup strategy! There is no replacement for a well-considered and tested backup solution.
+
+Omnibus GitLab defaults [`synchronous_commit`](https://www.postgresql.org/docs/11/runtime-config-wal.html#GUC-SYNCHRONOUS-COMMIT) to `on`.
+
+```ruby
+postgresql['synchronous_commit'] = 'on'
+gitlab['geo-postgresql']['synchronous_commit'] = 'on'
+```
+
+#### Customizing Patroni failover behavior
+
+Omnibus GitLab exposes several options allowing more control over the [Patroni restoration process](#recovering-the-patroni-cluster).
+
+Each option is shown below with its default value in `/etc/gitlab/gitlab.rb`.
+
+```ruby
+patroni['use_pg_rewind'] = true
+patroni['remove_data_directory_on_rewind_failure'] = false
+patroni['remove_data_directory_on_diverged_timelines'] = false
+```
+
+[The upstream documentation will always be more up to date](https://patroni.readthedocs.io/en/latest/SETTINGS.html#postgresql), but the table below should provide a minimal overview of functionality.
+
+|Setting|Overview|
+|-|-|
+|`use_pg_rewind`|Try running `pg_rewind` on the former cluster leader before it rejoins the database cluster.|
+|`remove_data_directory_on_rewind_failure`|If `pg_rewind` fails, remove the local PostgreSQL data directory and re-replicate from the current cluster leader.|
+|`remove_data_directory_on_diverged_timelines`|If `pg_rewind` cannot be used and the former leader's timeline has diverged from the current one, then delete the local data directory and re-replicate from the current cluster leader.|
+
 ### Database authorization for Patroni

 Patroni uses Unix socket to manage PostgreSQL instance. Therefore, the connection from the `local` socket must be trusted.