On Wed, 2009-01-28 at 11:33 -0800, Joshua D. Drake wrote:
> On Wed, 2009-01-28 at 19:27 +0000, Simon Riggs wrote:
> > On Wed, 2009-01-28 at 18:55 +0000, Gregory Stark wrote:
>
> > Agreed. As explained when I published that patch it is deliberately
> > severe to allow testing of conflict resolution and feedback on it.
> >
> > > I still *strongly* feel the default has to be the
> > > non-destructive conservative -1.
> >
> > I don't. Primarily, we must support high availability. It is much better
> > if we get people saying "I get my queries cancelled" and we say RTFM and
> > change parameter X, than if people say "my failover was 12 hours behind
> > when I needed it to be 10 seconds behind and I lost a $1 million because
> > of downtime of Postgres" and we say RTFM and change parameter X.
>
> If the person was stupid enough to configure it for such as thing they
> deserve to the lose the money.
It was never intended to be 0, that was just for testing, as I said. But
a smallish integer number of seconds, say 10, 60, 300 or at most 600 is
reasonable.
Crash barriers can be moved, falling off a cliff is permanent. It's easy
to change the parameter if you don't like it, and too late to change it
if we set the default wrong.
My name is on the patch and I take responsibility for such failures. I'm
not going to turn round and say "but Josh said", kinda like Stan Laurel,
if it fails. I've never called any user stupid and never will, not while
they use Postgres, at least... If we get the default wrong then its down
to us.
Never cancelling queries is definitely a wrong default choice for an HA
server.
-- Simon Riggs www.2ndQuadrant.comPostgreSQL Training, Services and Support