Priority: Major - P3
Affects Version/s: None
Fix Version/s: 5.0 Required
WT-4065 describes the results of some ad hoc testing to determine how WT currently behaves when it runs out of storage space.
In order to more rigorously test WT in out-of-space failures, we need to define the expected behavior in this scenario.
I propose the following requirements as a starting point.
- ENOSPC errors should always be reported to the application that is using WiredTiger; WiredTiger should not fail with no explanation.
- After resolving the out-of-space condition (e.g., by freeing some storage space, growing the file system, or copying the files to someplace with more capacity), WT should be able to recover and operate correctly.
- Without resolving the out-of-space condition, WT should be able to access all of its data in read-only mode.
- All operations and transactions that successfully completed before the out-of-space condition should be present as expected after recovery. I.e., if we would expect an update to be durable after a power loss, it should be durable after an out-of-space event at the same point.
After some informal testing, we appear to meet #1 and #2 already, and #3 in most cases (see
WT-4065). #4 is untested.