[sheepdog-users] is --nohalt dangerous?

Arnold Krille arnold at arnoldarts.de
Wed Jul 18 20:14:30 CEST 2012 

On Wednesday 18 July 2012 16:50:07 Liu Yuan wrote:
> On 07/18/2012 04:43 PM, Dietmar Maurer wrote:
> >>> No, it can't.
> >>> 
> >>> 0       1      2     3
> >>> +       -      -     + <-- lost the updates.
> >>> +  -->  + -->  - --> #
> >>> +       +      -     # <-- permanently down.
> >>> 
> >>>         ^
> >>>      
> >>>      These two nodes has the latest data.
> > 
> > I still do not really understand that behavior. I think
> > any write/read operation should require 'quorum'.
> > 
> > (i.e. if you have copies=3, at least 2 nodes need to be online).
> > 
> > That would completely prevent those errors?
> 
> IUUC, quorum algorithm is used to the context such eventual data
> consistency, where we need quorum to read the latest data.
> 
> Theoretically for Sheepdog, because of strong consistency
> implementation, we actually can run the cluster even with one node left
> with 3 copies set without any problem, just run in a high chances to
> lose the data if this node is permanently down. With 3 nodes, we get the
> lower chances that all 3 nodes are permanently down at the same time.

But you do get problems when you write to the last remaining node, that node 
dies (non-recoverable) and you bring back the other nodes. These node don't 
have a chance of knowing they have invalid data. Well they can know, because 
they might be shut down uncleanly. But then the remaining nodes know that they 
have invalid data, so what? You can't go on with that and have to bring in the 
backup you don't have...
For data consistency it would have been better if the cluster stopped writing 
after more then half of the copies died. And thus forced the admins to fix the 
nodes well before that even occures.

Setting a copy-value of more then one probably meant something for the admin 
regarding data-security. So its safe to assume that he wants to protect 
himself against the scenario of the last node dying with the last consistent 
data on it.

So, please give sheepdog real quorum calculation when there are more then two 
copies wanted.

Have fun,

Arnold
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.wpkg.org/pipermail/sheepdog-users/attachments/20120718/3c421f1a/attachment.pgp>

More information about the sheepdog-users mailing list