|From:||Andrey Borodin <x4mmm(at)yandex-team(dot)ru>|
|To:||Bharath Rupireddy <bharath(dot)rupireddyforpostgres(at)gmail(dot)com>|
|Cc:||Laurenz Albe <laurenz(dot)albe(at)cybertec(dot)at>, PostgreSQL Hackers <pgsql-hackers(at)lists(dot)postgresql(dot)org>, SATYANARAYANA NARLAPURAM <satyanarlapuram(at)gmail(dot)com>|
|Subject:||Re: An attempt to avoid locally-committed-but-not-replicated-to-standby-transactions in synchronous replication|
|Views:||Raw Message | Whole Thread | Download mbox | Resend email|
> On 9 May 2022, at 14:20, Bharath Rupireddy <bharath(dot)rupireddyforpostgres(at)gmail(dot)com> wrote:
> On Tue, Apr 26, 2022 at 11:57 AM Laurenz Albe <laurenz(dot)albe(at)cybertec(dot)at> wrote:
>> While this may mitigate the problem, I don't think it will deal with
>> all the cases which could cause a transaction to end up committed locally,
>> but not on the synchronous standby. I think that only using the full
>> power of two-phase commit can make this bulletproof.
> Not sure if it's recommended to use 2PC in postgres HA with sync
> replication where the documentation says that "PREPARE TRANSACTION"
> and other 2PC commands are "intended for use by external transaction
> management systems" and with explicit transactions. Whereas, the txns
> within a postgres HA with sync replication always don't have to be
> explicit txns. Am I missing something here?
COMMIT PREPARED needs to be replicated as well, thus encountering the very same problem as usual COMMIT: if done during failover it can be canceled and committed data can be wrongfully reported durably written. 2PC is not a remedy to the fact that PG silently cancels awaiting of sync replication. The problem arise in presence of any "commit". And "commit" is there if transactions are there.
> On 9 May 2022, at 14:44, Dilip Kumar <dilipbalaut(at)gmail(dot)com> wrote:
> IMHO, making it wait for some amount of time, based on GUC is not a
> complete solution. It is just a hack to avoid the problem in some
Disallowing cancelation of locally committed transactions is not a hack. It's removing of a hack that was erroneously installed to make backend responsible to Ctrl+C (or client side statement timeout).
> On 26 Apr 2022, at 11:26, Laurenz Albe <laurenz(dot)albe(at)cybertec(dot)at> wrote:
> Is it worth adding additional complexity that is not a complete solution?
Its not additional complexity. It is removing additional complexity that made sync rep interruptible. (But I'm surely talking not about GUCs like synchronous_replication_naptime_before_cancel - wait of sync rep must be indefinite until synchrous_commit\synchronous_standby_names are satisfied )
And yes, we need additional complexity - but in some other place. Transaction can also be locally committed in presence of a server crash. But this another difficult problem. Crashed server must not allow data queries until LSN of timeline end is successfully replicated to synchronous_standby_names.
Best regards, Andrey Borodin.
|Next Message||Niyas Sait||2022-05-09 11:44:22||Re: [PATCH] Add native windows on arm64 support|
|Previous Message||Dagfinn Ilmari Mannsåker||2022-05-09 10:21:26||Re: Finer grain log timestamps|