| 1 |
On Mon, Dec 20, 2021 at 2:52 PM Wols Lists <antlists@××××××××××××.uk> wrote: |
| 2 |
> |
| 3 |
> And it might also mean blocking writes, which is why you don't want it |
| 4 |
> on spinning rust. But it also means that it is (almost) guaranteed to |
| 5 |
> get to permanent storage, which is why you do want it for mail, |
| 6 |
> databases, etc. |
| 7 |
> |
| 8 |
|
| 9 |
The reason that mail/databases/etc use synchronous behavior isn't |
| 10 |
because it is "almost" guaranteed to make it to storage. The reason |
| 11 |
they use it is because you have multiple hosts, and each host can |
| 12 |
guarantee non-loss of data internally, but synchronous behavior is |
| 13 |
necessary to ensure that data is not lost on a handoff. |
| 14 |
|
| 15 |
Take a mail server. If your SMTP connection goes down for any reason |
| 16 |
before the server communicates that the mail was accepted then the |
| 17 |
sender will assume the mail was not delivered, and will try again. So |
| 18 |
if the network goes down, or the SMTP server crashes, then the client |
| 19 |
will cache the mail and try again. Most mail servers will have the |
| 20 |
data already on-disk before even attempting to deliver mail, so even |
| 21 |
if all the computers involved go down during this handoff nothing is |
| 22 |
lost as it is still in the client cache on-disk. |
| 23 |
|
| 24 |
On the other hand, once the server confirms delivery then |
| 25 |
responsibility is handed off and the client can forget about the mail. |
| 26 |
It is important that the mail server not communicate that the mail was |
| 27 |
received until it can guarantee that it won't lose the mail. That is |
| 28 |
usually accomplished by the server syncing the mail file to the |
| 29 |
on-disk spool and blocking until that is successful before |
| 30 |
communicating back to the client that the mail was delivered. |
| 31 |
|
| 32 |
Database transactions behave similarly. |
| 33 |
|
| 34 |
If the userspace application either does a write on a file opened with |
| 35 |
O_SYNC or does an fsync system call on the file, and the system call |
| 36 |
returns, then the data is present on-disk and will be persistent even |
| 37 |
if the power is lost at the very next moment. It is acceptable for a |
| 38 |
filesystem to return the call if the data is in a persistent journal, |
| 39 |
which is what the ZIL is, as long as it is flushed to disk. |
| 40 |
|
| 41 |
Of course, you can still accept mail or implement a database |
| 42 |
asynchronously, but you lose a number of data protections that are |
| 43 |
otherwise designed into the software (well, assuming you're not |
| 44 |
storing your data in MyISAM...). :) |
| 45 |
|
| 46 |
-- |
| 47 |
Rich |
Archives