Loading...

中文 日本語
By: Dylan

What is automatic failover PostgreSQL?

Automatic failover in PostgreSQL refers to the process of automatically promoting a standby database to primary when the current primary node becomes unavailable.

Having an automatic failover method for PostgreSQL is necessary for database high availability. In the event of a data disaster, cyber-attack, or system crash, it can effectively ensure your business continuity and minimize downtime.

While PostgreSQL provides robust replication capabilities, it does not include built-in automatic failover orchestration. So, DBAs need to detect the failure, verify node status, and promote standby manually, which can increase downtime and leave room for human error.

Key challenges of PostgreSQL failover

Knowing the challenge of failover is necessary for choosing a reliable and suitable automatic failover method.

  • Split-brain: Without proper coordination, multiple nodes may assume they are the primary, causing data inconsistency and corruption.
  • Replication lag: Delays between primary and standby can result in lost transactions after failover.
  • Failure detection complexity: Distinguishing between a real failure and a temporary network issue is not easy. Incorrect detection can trigger unnecessary failovers. For example, network blips or temporary unresponsiveness may trigger an unnecessary failover
  • Application Connection Management: Even after failover, applications must reconnect to the new primary. Without a connection layer (like a proxy or load balancer), this can break services.

Next, we will introduce the most popular and common tools for automatic PostgreSQL failover and switchover.

Automatic Failover with pg_auto_failover

This is an open-source PostgreSQL extension and provide HA by automating failover. It’s ideal for teams looking for a relatively simple setup with minimal dependencies.

It uses a monitor node to track the health of primary and standby nodes. If the primary fails, the monitor promotes the standby automatically. It is an excellent choice for teams seeking straightforward HA without the complexity of distributed consensus systems

Step 1. Installing pg_au_failover

Add the official package repo and install:

For Ubuntu/Debian

apt install -y postgresql-14 pg-auto-failover

For RHEL/CentOS:

yum install -y pg-auto-failover

Step 2. Create and run the monitor node

The monitor node manages cluster state and failover decisions.

pg_autoctl create monitor --pgdata /var/lib/pgsql/14/monitor
pg_autoctl run monitor

Step 3. Initialize the primary node

pg_autoctl create postgres \
 --pgdata /var/lib/pgsql/14/data \
 --monitor postgres://monitor-ip:5432/pg_auto_failover \
 --name node-primary
pg_autoctl run

Step 4. Add a standby node

On the second server, register as a hot standby

pg_autoctl create postgres \
  --pgdata /var/lib/pgsql/14/data \
  --monitor postgres://monitor-ip:5432/pg_auto_failover \
  --name node-standby
pg_autoctl run

Step 5. Verify cluster status

pg_autoctl status
pg_autoctl events

The cluster automatically enables streaming replication and prepares for PostgreSQL automatic failover.

Patroni

Patroni is one of the most popular tools for PostgreSQL HA. It uses a distributed configuration store (like etcd or Consul) to manage leader election and failover.

How It Works:

  • Each node runs Patroni
  • A distributed store maintains cluster state
  • Patroni handles failover automatically based on consensus

Step 1. Deploy a 3-node etcd cluster

etcd provides distributed consensus to prevent split-brain.

# Install etcd

yum install -y etcd

# Configure and start etcd on all nodes

systemctl enable --now etcd

Step 2. Install Patroni & dependencies

内容内容

pip3 install patroni python-etcd psycopg2-binary

Step 3. Crete Patroni config (patroni.yml)

scope: postgres-ha
namespace: /service/
name: node1

restapi:
 listen: 0.0.0.0:8008
 listen: 0.0.0.0:8008

etcd:
  host: node1-ip:2379

postgresql:
  listen: 0.0.0.0:5432
  connect_address: node1-ip:5432
  data_dir: /var/lib/pgsql/14/data
  pgpass: /tmp/pgpass
  replication:
    username: replicator
password: secure-password

Step 4. Start Patroni service

patroni /etc/patroni.yml

Step 5. View cluster status

patronictl -c /etc/patroni.yml list

Patroni automatically manages primary promotion, replication, and PostgreSQL automatic failover.

Repmgr (lightweight failover management)

repmgr is a simpler tool focused on replication management and failover automation. It is often used with custom scripts for full automation. It is a good choice for simpler environment.

How It Works:

  • Tracks replication cluster metadata
  • Provides commands to promote standby nodes
  • Supports daemon mode for automatic failover

Below are the steps of how to implement repgmgr for postgreSQL automatic failover.

Step 1. Install repmgr

sudo apt install repmgr

Step 2: Configure repmgr.conf

node_id=1
node_name=node1
conninfo='host=node1 user=repmgr dbname=repmgr'
data_directory='/var/lib/postgresql/data'

Step 3: Register Primary Node

repmgr primary register

Step 4: Clone Standby Node

repmgr standby clone
repmgr standby register

Step 5: Enable Automatic Failover

repmgrd -f /etc/repmgr.conf

i2Availability: Near-zero downtime, high availability solution

i2Availability is an enterprise high availability designed to achieve near-zero downtime, minimal data loss, and predictable recovery under all failure scenarios.

Key features of i2Availability:

  • Near-zero data loss: i2Availability ensures near zero RPO via synchronous replication and real-time data copy, with sub-second failure detection and VIP drifting to achieve second RTO.
  • No External DCS Needed: i2Availability avoids split-brain using a quorum/witness arbitration system, redundant heartbeats, and resource locking. During network splits, only the node connected to the arbiter remains active; the other is blocked from service, ensuring a single primary and consistent data.
  • Seamless Automatic Failback: After the original primary recovers, it automatically rejoins as a standby with incremental data synchronization, requiring no manual reconfiguration or scripting for self-healing clusters.
  • Centralized Web Management: The intuitive web console offers real-time monitoring of replication status and node health, centralized policy configuration, batch agent deployment, and comprehensive audit logs for easy compliance and troubleshooting.
  • Multi-DC & Cross-Region Support: It natively supports synchronous replication across data centers with network optimization, bandwidth control, and hybrid cloud compatibility, ideal for global enterprise deployments and multi-site disaster recovery.
FREE Trial for 60-Day

FAQs: Common PostgreSQL Automatic Failover Challenges & Solutions

This section addresses the most critical pain points database teams encounter when implementing PostgreSQL automatic failover, with clear, actionable solutions tailored to each toolset.

Q1: How to Avoid Split-Brain in PostgreSQL Automatic Failover?

Split-brain occurs when two nodes claim primary status, leading to data corruption.

  • Patroni/Stolon: Rely on a distributed consensus store (DCS like etcd) for quorum voting. Ensure a 3-node DCS cluster to avoid a single point of failure.
  • repmgr: Use a witness node—a lightweight instance that votes without storing data—to maintain quorum.
  • pg_auto_failover: Leverage its central monitor node and state-machine logic to enforce a single primary.
  • i2Availability: Utilize dual-quorum arbitration (node + storage health checks) for robust protection without external DCS.

Q2: What Is Replication Lag, and How Does It Impact Failover?

Replication lag is the delay between a primary’s write and its standby’s confirmation.

  • Risk: Asynchronous replication may lose recent transactions on failover; synchronous replication prevents this but adds latency.
  • Solutions:
    • Choose synchronous replication for zero-data-loss requirements (default in i2Availability).
    • Set lag thresholds in pg_auto_failover to avoid promoting standbys with excessive lag.
    • Monitor lag via Patroni’s metrics, i2Availability’s dashboard, or Prometheus/Grafana.

Q3: How to Recover the Old Primary After a Failover?

After failover, the old primary must rejoin as a standby to avoid inconsistency.

  • Patroni: Automatically reinitializes the old node via pg_rewind once it reconnects.
  • repmgr: Run repmgr rejoin to clone the new primary and reattach the node.
  • pg_auto_failover: Use pg_autoctl rejoin to register the recovered node with the monitor.
  • i2Availability: Triggers automatic re-synchronization via real-time data copy once the node recovers, requiring no manual steps.

Q4: Which Tool Should I Choose for My PostgreSQL Cluster?

Tool selection depends on scale, expertise, and requirements:

  • Enterprise, zero-data-loss, multi-DC: i2Availability (centralized control, dual arbitration, no DCS).
  • Cloud/K8s, large production: Patroni (mature, widely adopted, K8s-native).
  • Simple, fast setup, no DCS: pg_auto_failover (minimalist, monitor-based).
  • Small on-prem clusters: repmgr (lightweight, no external dependencies).
  • HA + pooling + load balancing: Pgpool-II (all-in-one middleware).

Q5: How to Troubleshoot Common Failover Deployment Failures?

  • Node communication issues: Verify firewalls, NTP, and pg_hba.conf access; test SSH/network connectivity between nodes.
  • Replication setup errors: Check WAL settings (wal_level, max_wal_senders); ensure standbys can stream from the primary.
  • DCS/monitor failures: For Patroni/Stolon, restart etcd/Consul and check logs; for pg_auto_failover, validate monitor node health.
  • i2Availability issues: Use the web console’s audit logs to check node heartbeat/storage status; verify agent installation and VIP allocation.

Conclusion

Implementing reliable PostgreSQL automatic failover is essential for building resilient, production-grade database clusters that minimize downtime, protect critical data, and ensure continuous business operations. From open-source tools like Patroni, repmgr, and pg_auto_failover to enterprise-grade platforms, each option fits different needs depending on cluster scale, operational complexity, and availability requirements.

For small to mid-sized environments, lightweight open-source solutions can deliver basic high availability with a relatively simple setup. However, for mission-critical systems—where zero data loss, simplified operations, and strong fault isolation are required—i2Availability from Info2Soft offers a more complete, enterprise-ready approach. Features such as dual-arbitration split-brain protection, automatic failback, a centralized web console, and native multi-data center support help eliminate many of the challenges associated with DCS-dependent architectures.

Whether deployed on-premises, in the cloud, or in hybrid environments, a well-designed automatic failover strategy ensures your PostgreSQL cluster remains available, consistent, and recoverable under any failure scenario. By choosing the right solution and following proven best practices, organizations can achieve near-zero RTO and strong data integrity guarantees for their most critical workloads.

{{ author_info.name }}
{{author_info.introduction || "No brief introduction for now"}}

More Related Articles

{{item.title}}
{{item.excerpt}}
Read Article
Table of Contents:
Stay Updated on Latest Tips
Subscribe to our newsletter for the latest insights, news, exclusive content. You can unsubscribe at any time.
Subscribe
Ready to Enhance Business Data Security?
Start a 60-day free trial or view demo to see how Info2Soft protects enterprise data.
Free Trial Contact Sales
Table of Contents:
{{ country.name }}
Please fill out the form and submit it, our customer service representative will contact you soon.
By submitting this form, I confirm that I have read and agree to the Privacy Notice.
{{ isSubmitting ? 'Submitting...' : 'Submit' }}