PostgreSQL Architecture

Pigsty High Available Architecture


Primary Failure RTO ≈ 30s~1min, RPO < 10MB, Replica Failure RTO≈0 (reset current conn)

Pigsty creates a HA PostgreSQL cluster by default. Pigsty can automatic failover, and read-only business traffic is not affected; the impact of reading and write traffic depends on the specific configuration and load, usually in a few seconds to tens of seconds.

By default, Pigsty deploys clusters in availability first mode. When the primary goes down, data not replicated to the replica part may be lost (generally about a few hundred KB, no more than 10 MB); you can refer to Sync Standby and use consistency first mode, RPO = 0 in this mode.

Pigsty’s HA is achieved using Patroni + HAProxy, with the former failing over and the latter switching over traffic.

Patroni uses DCS service for heartbeat preservation, and the primary will register a 15-second lease by default and renew it periodically. When the primary fails to renew the lease, the lease is released, and a new primary election round is triggered. Usually, the one with the lowest delay is elected as the new primary. The cluster enters a new timeline, and all other clusters, including the old primary, re-follow the new primary.

HAProxy automatically detects the state of the instances and distributes the traffic correctly. Haproxy is stateless and deployed uniformly on each node/instance. All HAProxy can act as service access for the cluster. For example, the Primary service on port 5433 will use HTTP GET ip:8008/primary health check to get information from all Patroni in the cluster, find out the primary, and distribute traffic to the primary.

Last modified 2022-06-04: fii en docs batch 2 (61bf601)