Re: Data loss, vacuum, transaction wrap-around

From: pgsql(at)mohawksoft(dot)com
To: "Tom Lane" <tgl(at)sss(dot)pgh(dot)pa(dot)us>
Cc: pgsql(at)mohawksoft(dot)com, "Russell Smith" <mr-russ(at)pws(dot)com(dot)au>, pgsql-hackers(at)postgresql(dot)org
Subject: Re: Data loss, vacuum, transaction wrap-around
Date: 2005-02-19 14:15:14
Message-ID: 16634.24.91.171.78.1108822514.squirrel@mail.mohawksoft.com
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

> pgsql(at)mohawksoft(dot)com writes:
>> I think there should be a 100% no data loss fail safe.

OK, maybe I was overly broad in my statement, but I assumed a context that
I guess you missed. Don't you think that in normal operations, i.e. with
no hardware of OS failure, we should see any data loss as unacceptable?

If a bug causes data loss, it is a big deal right?
>
> Possibly we need to recalibrate our expectations here. The current
> situation is that PostgreSQL will not lose data if:
>
> 1. Your disk drive doesn't screw up (eg, lie about write complete,
> or just plain die on you).
> 2. Your kernel and filesystem don't screw up.
> 3. You follow the instructions about routine vacuuming.
> 4. You don't hit any bugs that we don't know about.
>

See, here is where I strongly disagree.Items (1) and (2) are completely
out of our control and no one would blame PostgreSQL.

Item (4) is an issue with all software, every now and then people hit bugs
and the bug is reported and assumed to get fixed.

Item (3) is just nasty, RTFM or else sucka! I think it is a very user
hostile stance.

> I agree that it's a nice idea to be able to eliminate assumption #3 from
> our list of gotchas, but the big picture is that it's hard to believe
> that doing this will make for a quantum jump in the overall level of
> reliability. I think I listed the risks in roughly the right order of
> severity ...

Sometimes the edge conditions of a problem are not so obscure. I think (3)
is a huge issue, iamgine I'm in this meeting:

DBA: We can't use PostgreSQL, if we forget to do normal maintenence we'll
lose all our data.

ME: Well, there is an amount of truth in that, but we just won't forget.

DBA: Sorry, I don't trust it.

CTO: Mark, I think joe has some serious issues that need to be resolved
before we can move on this.

Boom!! Lost.

>
> I'm willing to fix this for 8.1 (and am already in process of drafting a
> patch), especially since it ties into some other known problems such as
> the pg_pwd/pg_group files not being properly reconstructed after PITR
> recovery. But I think that a "Chinese fire drill" is not called for,
> and backpatching a significant but poorly tested change falls into that
> category IMHO.
>
> regards, tom lane
>
> ---------------------------(end of broadcast)---------------------------
> TIP 7: don't forget to increase your free space map settings
>

In response to

Browse pgsql-hackers by date

  From Date Subject
Next Message Abhijit Menon-Sen 2005-02-19 16:08:56 postgres crashing on a seemingly good query
Previous Message Thomas Hallgren 2005-02-19 10:07:51 Re: SPI_finish and RegisterExprContextCallback