Fri Jan 20 15:26:56 PST 2006
- Previous message: [Slony1-general] "Blueprints for High Availability"
- Next message: [Slony1-general] "Blueprints for High Availability"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Fri, Jan 20, 2006 at 04:47:01PM -0500, Andrew Sullivan wrote: > On Fri, Jan 20, 2006 at 04:21:15PM -0500, Christopher Browne wrote: > > Maximizing availability, which is what HA is forcibly and unambiguously > > about, may not be exactly the same thing as providing guarantees that > > committed transactions can never be lost. > > Right. And even banks are forced to make some compromises here. For > instance, nobody can do 2PC or any synchronous transaction > replication across WANs. So a perfect, up to the millisecond version > of the bank can't be online somewhere else. In a system I'm familiar > with, the transaction log is 2PCd somewhere else at transaction time, > but not live data. If the remote site had to come into use, you'd > have a few minutes of recovery time while you replayed and caught up. Sounds perfectly reasonable. Not being able to do credit-card auth for 5 minutes will piss a bunch of people off, but losing actual data would be *really* bad. It would be very, very cool if something like this was available for PostgreSQL. I suspect it's probably doable with 8.1, but unfortunately I'm not well versed enough in this stuff to know. But being able to show folks how they could setup HA that was guaranteed not to lose committed data... that would be a huge boost for the community. I'm pretty sure that every single sales call I've been on has brought this kind of thing up. > And remember, this is assuming total destruction of the primary > system -- all the disks and everything. If it matters slightly less > what order exactly transactions happen in, then you're ok. So the > mitigation trick here is to hold transactions above a certain dollar > value under certain very unlikely circumstances. Banks have all > sorts of provisions for this kind of thing; it's also why they hire > scores of risk-mitigation people. > > But would I use Slony as the _only_ wheel in my HA machine? Not on a > bet. Yeah, it would be damn nice if there was a stronger alternative. From what I've read I think Slony-II might fit the bill (though I can't remember if there's a guarantee that a changeset will exist at least somewhere else before COMMIT returns), but I suspect it wouldn't perform well over a WAN. -- Jim C. Nasby, Sr. Engineering Consultant jnasby at pervasive.com Pervasive Software http://pervasive.com work: 512-231-6117 vcard: http://jim.nasby.net/pervasive.vcf cell: 512-569-9461
- Previous message: [Slony1-general] "Blueprints for High Availability"
- Next message: [Slony1-general] "Blueprints for High Availability"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the Slony1-general mailing list