From: | pgsql(at)mohawksoft(dot)com |
---|---|
To: | "Tom Lane" <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
Cc: | "Christopher Kings-Lynne" <chriskl(at)familyhealth(dot)com(dot)au>, "Kouber Saparev" <postgresql(at)saparev(dot)com>, pgsql-hackers(at)postgresql(dot)org |
Subject: | Re: Help me recovering data |
Date: | 2005-02-16 16:08:29 |
Message-ID: | 16624.24.91.171.78.1108570109.squirrel@mail.mohawksoft.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
> pgsql(at)mohawksoft(dot)com writes:
>> Maybe I'm missing something, but shouldn't the prospect of data loss
>> (even
>> in the presense of admin ignorance) be something that should be
>> unacceptable? Certainly within the realm "normal PostgreSQL" operation.
>
> [ shrug... ] The DBA will always be able to find a way to shoot himself
> in the foot. We've seen several instances of people blowing away
> pg_xlog and pg_clog, for example, because they "don't need log files".
> Or how about failing to keep adequate backups? That's a sure way for an
> ignorant admin to lose data too.
There is a difference between actively doing something stupid and failing
to realize a maintenence task is required.
PostgreSQL should stop working. When the admin tries to understand why,
they can read a troubleshooting FAQ and say "oops, I gotta run this vacuum
thingy." That is a whole lot better than falling off a cliff you didn't
even know was there.
>
> Once autovacuum gets to the point where it's used by default, this
> particular failure mode should be a thing of the past, but in the
> meantime I'm not going to panic about it.
I don't know how to say this without sounding like a jerk, (I guess that's
my role sometimes) but would you go back and re-read this sentence?
To paraphrase: "I know this causes a catestrophic data loss, and we have
plans to fix it in the future, but for now, I'm not going panic about it."
What would you do if the FreeBSD group or Linux kernel group said this
about a file system? If you failed to run fsck after 100 mounts, you loose
your data?
I thought PostgreSQL was about "protecting your data." How many times have
we smugly said, "yea, you can use MySQL if you don't care about your
data." Any data loss caused by postgresql should be seen as unacceptable.
It's funny, while I've known about this for a while, and it has always
seemed a sort of distant edge condition that is easily avoided. However,
with todays faster machines and disks, it is easier to reach this
limitation than ever before. All PostgreSQL needs is one or two VERY UPSET
mainstream users who lose data to completely reverse the momemntum that it
is gaining.
No amount of engineering discussion about it not being the fault of
postgresql will be lost, and rightfully so, IMHO.
Sorry.
From | Date | Subject | |
---|---|---|---|
Next Message | Stephan Szabo | 2005-02-16 16:24:02 | Re: Help me recovering data |
Previous Message | Tom Lane | 2005-02-16 15:31:05 | Re: Help me recovering data |