| From: | Simon Riggs <simon(at)2ndQuadrant(dot)com> |
|---|---|
| To: | Florian Pflug <fgp(dot)phlo(dot)org(at)gmail(dot)com> |
| Cc: | Robert Haas <robertmhaas(at)gmail(dot)com>, Heikki Linnakangas <heikki(dot)linnakangas(at)enterprisedb(dot)com>, Hiroyuki Yamada <yamada(at)kokolink(dot)net>, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Peter Eisentraut <peter_e(at)gmx(dot)net>, pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: alpha3 release schedule? |
| Date: | 2009-12-22 12:21:45 |
| Message-ID: | 1261484505.7442.4850.camel@ebony |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Tue, 2009-12-22 at 12:32 +0100, Florian Pflug wrote:
> On 22.12.09 9:34 , Simon Riggs wrote:
> > If you are saying being able to start Hot Standby from a shutdown
> > checkpoint is an important feature for you, then say so, and why.
>
> I think it's not so much an important feature but more the removal of a
> footgun.
>
> Image a reporting database where all transactions but a few daily bulk
> imports are read-only. To spread the load, you do your bulk loads on the
> master, but run the reporting queries against a read-only HS slave. Now
> you take the master down for maintenance. Since all clients but the bulk
> loader use the slave already, and since the bulk loads can be deferred
> until after the maintenance window closes again, you don't actually do a
> fail-over.
>
> Now you're already pointing at your foot with the gun. All it takes to
> ruin your day is *some* reason for the slave to restart. Maybe due to a
> junior DBA's typo, or maybe due to a bug in postgres. Anway, once the
> slave is down, it won't come up until you manage to get the master up
> and running again. And this limitation is pretty surprising, since one
> would assume that if the slave survives a *crash* of the master, it'd
> certainly survive a simple *shutdown*.
Well, you either wait for master to come up again and restart, or you
flip into normal mode and keep running queries from there. You aren't
prevented from using the server, except by your own refusal to failover.
That's not enough for me to raise the priority for this feature.
But it was already on the list and remains there now. If someone does
add this, it will require careful thought about how to avoid introducing
further subtle ways to break HS, all of which will need testing and
re-testing to avoid regression.
So I'm not personally going to be working on it, for this release and
likely the next also, nor will I encourage others to do so, for anyone
looking to assist. There are more important things for us to do, IMHO.
--
Simon Riggs www.2ndQuadrant.com
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Simon Riggs | 2009-12-22 12:25:11 | Re: alpha3 release schedule? |
| Previous Message | Greg Stark | 2009-12-22 12:20:46 | Re: Tuplestore should remember the memory context it's created in |