ignite-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ivan Rakov <ivan.glu...@gmail.com>
Subject Re: Reconsider default WAL mode: we need something between LOG_ONLY and FSYNC
Date Tue, 20 Mar 2018 13:00:08 GMT
Val,

> If a storage is in
> corrupted state, does it mean that it needs to be completely removed and
> cluster needs to be restarted without data?

Yes, there's a chance that in LOG_ONLY all local data will be lost, but 
only in *power loss**/ OS crash* case.
kill -9, JVM crash, death of critical system thread and all other cases 
that usually take place are variations of *process crash*. All WAL modes 
(except NONE, of course) ensure corruption-safety in case of process crash.

> If so, I'm not sure any mode
> that allows corruption makes much sense to me.
It depends on performance impact of enforcing power-loss corruption 
safety. Price of full protection from power loss is high - FSYNC is way 
slower (2-10 times) than other WAL modes. The question is whether 
ensuring weaker guarantees (corruption can't happen, but loss of last 
updates can) will affect performance as badly as strong guarantees. I'll 
share benchmark results soon.

Best Regards,
Ivan Rakov

On 20.03.2018 5:09, Valentin Kulichenko wrote:
> Guys,
>
> What do we understand under "data corruption" here? If a storage is in
> corrupted state, does it mean that it needs to be completely removed and
> cluster needs to be restarted without data? If so, I'm not sure any mode
> that allows corruption makes much sense to me. How am I supposed to use a
> database, if virtually any failure can end with complete loss of data?
>
> In any case, this definitely should not be a default behavior. If user ever
> switches to corruption-unsafe mode, there should be a clear warning about
> this.
>
> -Val
>
> On Fri, Mar 16, 2018 at 1:06 AM, Ivan Rakov <ivan.glukos@gmail.com> wrote:
>
>> Ticket to track changes: https://issues.apache.org/jira/browse/IGNITE-7754
>>
>> Best Regards,
>> Ivan Rakov
>>
>>
>> On 16.03.2018 10:58, Dmitriy Setrakyan wrote:
>>
>>> On Fri, Mar 16, 2018 at 12:55 AM, Ivan Rakov <ivan.glukos@gmail.com>
>>> wrote:
>>>
>>> Vladimir,
>>>> Unlike BACKGROUND, LOG_ONLY provides strict write guarantees unless power
>>>> loss has happened.
>>>> Seems like we need to measure performance difference to decide whether do
>>>> we need separate WAL mode. If it will be invisible, we'll just fix these
>>>> bugs without introducing new mode; if it will be perceptible, we'll
>>>> continue the discussion about introducing LOG_ONLY_SAFE.
>>>> Makes sense?
>>>>
>>>> Yes, this sounds like the right approach.
>>>


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message