Re: Hot Standby (v9d) - Mailing list pgsql-hackers

From Heikki Linnakangas
Subject Re: Hot Standby (v9d)
Date
Msg-id 4980BDC9.3000405@enterprisedb.com
Whole thread Raw
In response to Re: Hot Standby (v9d)  (Tom Lane <tgl@sss.pgh.pa.us>)
Responses Re: Hot Standby (v9d)
List pgsql-hackers
Tom Lane wrote:
> "Joshua D. Drake" <jd@commandprompt.com> writes:
>> On Wed, 2009-01-28 at 19:27 +0000, Simon Riggs wrote:
>>> On Wed, 2009-01-28 at 18:55 +0000, Gregory Stark wrote:
>>>> I still *strongly* feel the default has to be the
>>>> non-destructive conservative -1.
>>> I don't. Primarily, we must support high availability. It is much better
>>> if we get people saying "I get my queries cancelled" and we say RTFM and
>>> change parameter X, than if people say "my failover was 12 hours behind
>>> when I needed it to be 10 seconds behind and I lost a $1 million because
>>> of downtime of Postgres" and we say RTFM and change parameter X.
> 
>> If the person was stupid enough to configure it for such as thing they
>> deserve to the lose the money.
> 
> Well, those unexpectedly cancelled queries could have represented
> critical functionality too.  I think this argument calls the entire
> approach into question.  If there is no safe setting for the parameter
> then we need to find a way to not have the parameter.

We've gone through that already. Different ideas were hashed out around 
September. There's four basic feasible approaches to what to do when an 
incoming WAL record conflicts with a running read-only query:

1. Kill the query. (max_standby_delay=0)
2. Wait for the query to finish before continuing (max_standby_delay=-1)
3. Have a feedback loop from standby to master, feeding an OldestXmin to 
the master, preventing it from removing tuples that are still needed in 
the standby.
4. Allow the query to continue, knowing that it will return wrong results.

I don't consider 4 to be an option. Option 3 has its own set of 
drawbacks, as a standby can then cause bloat in the master, and in any 
case we're not going to have it in this release. And then there's some 
middle ground, like wait a while and then kill the query 
(max_standby_delay > 0).

I don't see any way around the fact that when a tuple is removed, it's 
gone and can't be accessed by queries. Either you don't remove it, or 
you kill the query.

I think the max_standby_delay setting is fairly easy to explain. It 
shouldn't be too hard for a DBA to set it correctly.

--   Heikki Linnakangas  EnterpriseDB   http://www.enterprisedb.com


pgsql-hackers by date:

Previous
From: Jeff Davis
Date:
Subject: Re: Hot Standby (v9d)
Next
From: "D'Arcy J.M. Cain"
Date:
Subject: Re: Output filter for psql