Andrew Sullivan wrote:
> On Sat, Sep 27, 2003 at 09:13:27AM -0300, Marc G. Fournier wrote:
> >
> > I think it was Andrew that suggested it ... when the slave timesout, it
> > should "trigger" a READ ONLY mode on the slave, so that when/if the master
> > tries to start to talk to it, it can't ...
> >
> > As for the master itself, it should be smart enough that if it times out,
> > it knows to actually abandom the slave and not continue to try ...
>
> Yes, but now we're talking as though this is master-slave
> replication. Actually, "master" and "slave" are only useful terms in
> a transaction for 2PC. So every machine is both a master and a
> slave.
>
> It seems that one way out is just to fall back to "read only" as soon
> as a single failure happens. That's the least graceful but maybe
> safest approach to failure, analogous to what fsck does to your root
> filesystem at boot time. Of course, since there's no "read only"
> mode at the moment, this is all pretty hand-wavy on my part :-/
Yes, but that affects all users, not just the transaction we were
working on. I think we have to get beyond the idea that this can be made
failure-proof, and just outline the behaviors for failure, and it has to
be configurable by the administrator.
-- Bruce Momjian | http://candle.pha.pa.us pgman@candle.pha.pa.us | (610)
359-1001+ If your life is a hard drive, | 13 Roberts Road + Christ can be your backup. | Newtown Square,
Pennsylvania19073
