Re: data_checksums enabled by default (was: Move --data-checksums to common options in initdb --help)

Greetings,

* Andres Freund (andres(at)anarazel(dot)de) wrote:
> On 2021-01-06 13:01:59 -0500, Stephen Frost wrote:
> > * Andres Freund (andres(at)anarazel(dot)de) wrote:
> > > > imv, enabling page checksums is akin to having fsync enabled by default.
> > > > Does it impact performance? Yes, surely quite a lot, but it's also the
> > > > safe and sane choice when it comes to defaults.
> > >
> > > Oh for crying out loud.
> >
> > Not sure what you're hoping to gain from such comments, but it doesn't
> > do anything to change my opinion.
>
> It seems so facetious to compare fsync=off (will cause corruption) with
> data_checksums=off (will not cause corruption) that I find the
> comparison to be insulting.

Having fsync off won't actually cause corruption unless you have an OS
crash or don't sync the disks when you reboot the system though- so it's
a hedge against certain failure conditions, as is checksums. Yes,
having fsync off on a system and then rebooting it (ungracefully..) will
likely cause corruption and, no, having data checksums turned off won't
cause corruption in that way or at all in its own right- but there's a
decent chance that if there does end up being latent corruption that
it'll at least be detected, which is why so many (including, apparently,
the popular cloud providers) enable it and why we should have it on by
default.

I don't agree that they are so different as you make them out to be. I
do appreciate that the chances of a random reboot happening are higher
than the chance of a disk failure being detected by a PG checksum (and
not something else first).

Thanks,

Stephen