Failback: Ensure we have 2+ working secondaries in Azure
During the failover, we only shutdown the primary in Azure while keeping Azure secondaries running. I believe the repmgr failover will make the Azure secondaries follow the new GCP primary.
This is going to be a problem for failback: If we failback to the Azure primary and have to rebuild all Azure secondaries, we're going to be down while waiting for the rebuild to complete and until we have at least 2 secondaries. That is, the primary cannot cope with all the load on its own.
Can we make sure the Azure secondaries are not following the GCP failover?
We can shutdown postgres on the Azure secondaries prior to shutting down the Azure primary and provoking the failover.
Optional (I'm not sure if this is required): For extra safety regarding the failback, we might want to unregister the Azure secondaries from the cluster and re-register during the failback (reason here is that we want the Azure secondaries to follow the Azure primary at all times).