Re: beta testing version - Mailing list pgsql-hackers

From Hannu Krosing
Subject Re: beta testing version
Date
Msg-id 3A24D922.1D4CC36E@tm.ee
Whole thread Raw
In response to Re: beta testing version  (The Hermit Hacker <scrappy@hub.org>)
List pgsql-hackers
xuyifeng wrote:
> 
> NO, I just tested how solid PgSQL  is,  I run a program busy inserting record into PG table,  when I
> suddenly pulled out power from my machine and  restarted PG, I can not insert any record into database
> table,  all backends are dead without any respone (not core dump), note that I am using FreeBSD 4.2,
> it's rock solid,  it's not OS crash, it just losted power.  We use WindowsNT and MSSQL on our production
> server,  before we accept MSSQL, we use this method to test if MSSQL can endure this kind of strik,
> it's OK, all databases are safely recovered, we can continue our work.

The only way to safely recover them after a major crash would be
manual/supervised recovery from backups + logs

As not even NTFS is safe from power failures (I have lost an NTFS file
system a few times due to not 
having an UPS) it is irrelevant if MSSQL is. Even if MSSQL is "crash
proof" (tm), how can you _prove_ 
your customers/superiors that the last N minutes of transactions were
not lost ? 

If the DB is able to "continue your work" after the crash, you can of
course cover up the fact that the 
crash even happened and blame the lost transactions on someone else when
they surface at the next audit ;)

Or just claim thet computer technology is so complicated that losing a
few transactions is normal - but 
you could go on working ;) :~) ;-p

What you want for mission-critical data is replicated databases or at
least off-site logging, not "crash 
recovery" at some arbitrarily chosen layer. You will need to recover
from the crash even if it destroys 
the whole computer.

May I suggest another test for your NT/MSSQL setup - dont pull the plug
but change the input voltage 
to 10 000 VAC, if this goes well, test vith 100 000 VAC ;)
This is also a scenario much less likely to be protected by an UPS than
power loss.

> we are a stock exchange company,
> our server are storing millilion $ finance number, we don't hope there are any problems in this case,
> we are using UPS,  but UPS is not everything,  it you bet everything on UPS, you must be idiot.

So are you, if you bet everything on hoping that DB will do crash
recovery from any type of crash.

A common case of "crash" that may need to be recovered from is also a
human error , like typing drop database 
at the wrong console;

> I know you must be an avocation of PG, but we are professional customer, corporation user, we store critical
> data into database, not your garbage data.

Then you'd better have a crash recovery infrastructure/procedures in
place and not hope that DB server 
will do that automatically for you

--------------------
Hannu


pgsql-hackers by date:

Previous
From: Zeugswetter Andreas SB
Date:
Subject: AW: beta testing version
Next
From: "Magnus Naeslund\(f\)"
Date:
Subject: Re: Please advise features in 7.1 (SUMMARY)