Re: Patch to improve reliability of postgresql on linux nfs - Mailing list pgsql-hackers

From Florian Pflug
Subject Re: Patch to improve reliability of postgresql on linux nfs
Date
Msg-id AD4A13A5-8778-4D94-BBB5-AB6C13BF752A@phlo.org
Whole thread Raw
In response to Patch to improve reliability of postgresql on linux nfs  (George Barnett <gbarnett@atlassian.com>)
Responses Re: Patch to improve reliability of postgresql on linux nfs
List pgsql-hackers
[CC'ing to the list again - I assume you omitted pgsql-hackers from the
recipient list by accident]

On Sep13, 2011, at 03:00 , George Barnett wrote:
> On 12/09/2011, at 11:39 PM, Florian Pflug wrote:
>> Also, non-interruptible IO primitives are by no means "right". At best, they're
>> a compromise between complexity and functionality for I/O devices with rather
>> short (and bounded) communication timeouts - because in that case, processes are
>> only blocked un-interruptibly for a short while.
>
> Just to expand on that - I'm now in the situation where I can run my nfs mounts
> 'nointr' and postgres will work, but that means if I lose a storage unit I have
> a number of stuck processes, effectively meaning I need to reboot all my frontend
> servers before I can fail over to backup nfs stores.
>
> However, if I run the mounts with intr, then if a storage unit fails, I can fail
> over to a backup node (taking a minor loss of data hit I'm willing to accept) but
> postgres breaks under a moderate insert load.
>
> With the patch I supplied though, I'm able to have most of my cake and eat it.
>
> I'd be very interested in moving this forward - is there something I can change
> in the patch to make it more acceptable for a merge?

Here are a few comments

Tom already remarked that if we do that for write()s, we ought to do it for read()s
also which I agree with. All other primitives like lseek, close, ... should be taken
care of by SA_RESTART, but I'd be a good idea to verify that.

Also, I don't think that POSIX mandates that errno be reset to 0 if a function returns
successfully, making that "returnCode == 0 && errno == 0" check pretty dubious. I'm not
sure of this was what Tom was getting at with his remark about the ENOSPC handling being
wrong in the retry case.

And I also think that if we do this, we might as well handle EINTR correctly, even if
our use of SA_RESTART should prevent us from ever seeing that. The rules surrounding
EINTR and SA_RESTART for read/write are quite subtle...

If we retry, shouldn't be do CHECK_FOR_INTERRUPTS? Otherwise, processes waiting for
a vanished NFS server would be killable only with SIGKILL, not SIGTERM or SIGINT.
But I'm not sure if it's safe to put that into a generic function like pg_write_nointr.

Finally, WriteAll() seems like a poor name for that function. How about pg_write_nointr()?

Here's my suggested implementation for pg_write_nointr. pg_read_nointr should be similar
(but obviously without the ENOSPC handling)

int pg_write_nointr(int fd, const void *bytes, Size amount)
{ int written = 0;
 while (amount > 0) {   int ret;
   ret = write(fd, bytes, amount);   if ((ret < 0) && (errno == EINTR))   {     /* interrupted by signal before first
bytewas written. Retry */     /* XXX: Is it safe to call CHECK_FOR_INTERRUPTS here? */     CHECK_FOR_INTERRUPTS();
continue;  }   else if (ret < 0)   {     /* error occurred. Abort */     return -1;   }   else if (ret == 0)   {     /*
outof disk space. Abort */     return written;   } 
   /* made progress */
   /* XXX: Is it safe to call CHECK_FOR_INTERRUPTS here? */   CHECK_FOR_INTERRUPTS();
   written += ret;   amount -= ret;   bytes = (const char *) bytes + ret; }
}

best regards,
Florian Pflug




pgsql-hackers by date:

Previous
From: Jeff Davis
Date:
Subject: Re: Range Types
Next
From: Florian Pflug
Date:
Subject: Re: Patch to improve reliability of postgresql on linux nfs