[SERVER-16166] With wiredtiger we should not fail to start from unclean shutdown Created: 14/Nov/14  Updated: 09/Jul/16  Resolved: 22/Dec/14

Status: Closed
Project: Core Server
Component/s: Storage
Affects Version/s: 2.8.0-rc0
Fix Version/s: None

Type: Bug Priority: Major - P3
Reporter: Scott Hernandez (Inactive) Assignee: Daniel Pasette (Inactive)
Resolution: Done Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Attachments: File wt_nojournal_fsync.js     File wt_nojournal_repl.js    
Backwards Compatibility: Fully Compatible
Operating System: ALL
Participants:

 Description   

WiredTiger storage engine may lose up to the last checkpoint but will not be inconsistent nor corrupt. We should warn but not error.

This is in the case of journaling off, of course.



 Comments   
Comment by Githook User [ 15/Jan/15 ]

Author:

{u'name': u'Dan Pasette', u'email': u'dan@10mongodb.com'}

Message: SERVER-16166 some jstests verifying interaction of journaling and checkpoints
Branch: master
https://github.com/mongodb/mongo/commit/96dd1cbd431fad71104db62aaeb3704c04d9eeb3

Comment by Daniel Pasette (Inactive) [ 22/Dec/14 ]

added a test for standalone too. was going to add these (reviewed versions) to regression suite as "fix"

Comment by Scott Hernandez (Inactive) [ 22/Dec/14 ]

I'm not sure what the best user experience is here. We should probably note somewhere that the storage engine found unclean/extra data due to the kill, but recovered. Does wiredtiger expose or log any such thing? Is there even any persisted artifact indicating this state?

I'd also be interested in finding out what changed from RC0 to "fix" this behavior.

Comment by Daniel Pasette (Inactive) [ 22/Dec/14 ]

Scott, did you want to make a startup warning when running without journal or did you want to warn if you recover from an unclean shutdown without journaling? The latter is non-trivial.

Comment by Daniel Pasette (Inactive) [ 22/Dec/14 ]

attaching a test script.

Comment by Daniel Pasette (Inactive) [ 21/Dec/14 ]

That's how I'm testing it. Works fine in every case I've tried. Will close unless you have evidence to the contrary.

Comment by Scott Hernandez (Inactive) [ 18/Dec/14 ]

How are you testing? And what?

Case is that you kill -9 a wired tiger instance without journaling on.

Comment by Daniel Pasette (Inactive) [ 18/Dec/14 ]

scotthernandez, this has been working fine in my testing. Have you seen a case where it is not?

Comment by Eliot Horowitz (Inactive) [ 16/Nov/14 ]

We should test this more.
If it really is totally safe, then we can document as a really nice perf optimization.
What it means is you can lose 60 seconds of mods to that server, but it'll cleanly replicate them from another replica, just like journaling does now.
So it makes --nojournal with "w:majority" a very very safe and nice option.

Generated at Thu Feb 08 03:40:10 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.