The Computer Wants to Lose Your Data

Transcript

1. The computer wants to lose your data sinjo.dev

2. None

3. INSERT INTO products VALUES ("sunglasses", 27.99); SELECT * FROM products;

   id | name | price ------------------------ 1 | sunglasses | 27.99

4. INSERT INTO products VALUES ("sunglasses", 27.99); SELECT * FROM products;

   id | name | price ------------------------ 1 | sunglasses | 27.99

5. INSERT INTO products VALUES ("sunglasses", 27.99); SELECT * FROM products;

   id | name | price ------------------------ 1 | sunglasses | 27.99 ? ? ?

6. Front-end API Database Filesystem Deep in the stack

7. Deep in the stack API Database Filesystem Front-end

8. Deep in the stack API Database Filesystem Front-end

9. Hi

10. sinjo.dev

11. sinjo.dev

12. Infra Engineer

13. None

14. PostgreSQL

15. I ❤ database (most of the time)

16. INSERT INTO products VALUES ("sunglasses", 27.99);

17. None
18. None

19. Case studies - MySQL: doublewrite bu ff er - Postgres:

    fsyncgate - Disk: write-through caches

20. Case studies - MySQL: doublewrite bu ff er - Postgres:

    fsyncgate - Disk: write-through caches

21. Case studies - MySQL: doublewrite bu ff er - Postgres:

    fsyncgate - Disk: write-through caches

22. Case studies - MySQL: doublewrite bu ff er - Postgres:

    fsyncgate - Disk: write-back caches

23. Caveats

24. I am not a: - Hardware engineer - Filesystem engineer

    - Database engine engineer

25. I am not a: - Hardware engineer - Filesystem engineer

    - Database engine engineer

26. I am not a: - Hardware engineer - Filesystem engineer

    - Database engine engineer

27. I am not a: - Hardware engineer - Filesystem engineer

    - Database storage engineer

28. Someone who cares a lot about database reliability

29. Simplifying lies ahead

30. Do your own research

31. Case 1 MySQL doublewrite bu ff er

32. The promise BEGIN; INSERT INTO products VALUES ("sunglasses", 27.99); INSERT

    INTO products VALUES ("jorts", 10.99); COMMIT; SELECT * FROM products; id | name | price ------------------------ 1 | sunglasses | 27.99 2 | jorts | 10.99

33. The promise BEGIN; INSERT INTO products VALUES ("sunglasses", 27.99); INSERT

    INTO products VALUES ("jorts", 10.99); COMMIT; SELECT * FROM products; id | name | price ------------------------ 1 | sunglasses | 27.99 2 | jorts | 10.99

34. The promise BEGIN; INSERT INTO products VALUES ("sunglasses", 27.99); INSERT

    INTO products VALUES ("jorts", 10.99); COMMIT; SELECT * FROM products; id | name | price ------------------------ 1 | sunglasses | 27.99 2 | jorts | 10.99 Data must be durable

35. BEGIN; INSERT INTO products VALUES ("sunglasses", 27.99); INSERT INTO products

    VALUES ("jorts", 10.99); COMMIT; SELECT * FROM products; id | name | price ------------------------ 1 | sunglasses | 27.99 2 | jorts | 10.99 The promise Data must be durable All or nothing

36. Table id name price BEGIN; INSERT ("sunglasses", 27.99); INSERT ("jorts",

    10.99); COMMIT; SQL

37. Table id name price 1 sunglasses 27.99 BEGIN; INSERT ("sunglasses",

    27.99); INSERT ("jorts", 10.99); COMMIT; SQL

38. Table id name price 1 sunglasses 27.99 2 jorts 10.99

    BEGIN; INSERT ("sunglasses", 27.99); INSERT ("jorts", 10.99); COMMIT; SQL

39. Table id name price 1 sunglasses 27.99 2 jorts 10.99

    BEGIN; INSERT ("sunglasses", 27.99); INSERT ("jorts", 10.99); COMMIT; SQL

40. Table id name price 1 sunglasses 27.99 2 💥 💥

    BEGIN; INSERT ("sunglasses", 27.99); INSERT ("jorts", 10.99); COMMIT; SQL

41. Table id name price 1 sunglasses 27.99 2 BEGIN; INSERT

    ("sunglasses", 27.99); INSERT ("jorts", 10.99); COMMIT; SQL Now what?

42. Write-Ahead Logs

43. Table id name price SQL WAL BEGIN; INSERT ("sunglasses", 27.99);

    INSERT ("jorts", 10.99); COMMIT;

44. Table id name price SQL WAL BEGIN TX 1 INS

    1 (1, ”sunglasses", 27.99) INS 1 (2, "jorts", 10.99) COMMIT TX 1 BEGIN; INSERT ("sunglasses", 27.99); INSERT ("jorts", 10.99); COMMIT;

45. Table id name price 1 sunglasses 27.99 BEGIN; INSERT ("sunglasses",

    27.99); INSERT ("jorts", 10.99); COMMIT; SQL WAL BEGIN TX 1 INS 1 (1, "sunglasses", 27.99) INS 1 (2, "jorts", 10.99) COMMIT TX 1

46. Table id name price 1 sunglasses 27.99 2 jorts 10.99

    BEGIN; INSERT ("sunglasses", 27.99); INSERT ("jorts", 10.99); COMMIT; SQL WAL BEGIN TX 1 INS 1 (1, "sunglasses", 27.99) INS 1 (2, "jorts", 10.99) COMMIT TX 1

47. Table id name price 1 sunglasses 27.99 2 jorts 10.99

    BEGIN; INSERT ("sunglasses", 27.99); INSERT ("jorts", 10.99); COMMIT; SQL WAL BEGIN TX 1 INS 1 (1, "sunglasses", 27.99) INS 1 (2, "jorts", 10.99) COMMIT TX 1

48. Table id name price 1 sunglasses 27.99 2 💥 💥

    BEGIN; INSERT ("sunglasses", 27.99); INSERT ("jorts", 10.99); COMMIT; SQL WAL BEGIN TX 1 INS 1 (1, "sunglasses", 27.99) INS 1 (2, "jorts", 10.99) COMMIT TX 1

49. Table id name price WAL BEGIN TX 1 INS 1

    (1, "sunglasses", 27.99) INS 1 (2, "jorts", 10.99) COMMIT TX 1 Never committed No partial data

50. All good! Right?

51. All good! Right?

52. That is where the neat, theoretical version stops… …but real

    computers are more complicated

53. That is where the neat, theoretical version stops… …but real

    computers are more complicated

54. Table id name price 1 sunglasses 27.99 2 jorts 10.99

    Up-to-date version of data WAL BEGIN TX 1 INS 1 (1, "sunglasses", 27.99) INS 1 (2, "jorts", 10.99) COMMIT TX 1 Log of every operation

55. id name price 1 sunglasses 27.99 2 jorts 10.99 Logical

56. . . . 16kB 16kB vs id name price 1

    sunglasses 27.99 2 jorts 10.99 16kB 16kB Logical Physical

57. Atomic writes All or Nothing

58. 16kB 4kB 4kB 4kB 4kB 16kB 4kB 4kB 4kB 4kB

    RAM SSD Pages vs Sectors

59. Old HDD 16kB 4kB 4kB 4kB 4kB 16kB 4kB 4kB

    4kB 4kB RAM SSD 512b Pages vs Sectors

60. 16kB 4kB 4kB 4kB 4kB 16kB 4kB 4kB 4kB 4kB

    RAM SSD Pages vs Sectors

61. 16kB 4kB 4kB 4kB 4kB 16kB 4kB 4kB 4kB 4kB

    RAM SSD Pages vs Sectors

62. 16kB 4kB 4kB 4kB 4kB 16kB 4kB 4kB 4kB 4kB

    RAM SSD Pages vs Sectors

63. 16kB 4kB 4kB 4kB 4kB 16kB 4kB 4kB 4kB 4kB

    RAM SSD Pages vs Sectors

64. 16kB 4kB 4kB 4kB 4kB 16kB 4kB 4kB 4kB 4kB

    RAM SSD Pages vs Sectors 💥

65. 4kB 4kB 4kB 4kB SSD Pages vs Sectors

66. Torn Write

67. Write-ahead logs only work if table data isn't corrupted

68. 16kB 4kB 4kB 4kB 4kB 16kB 4kB 4kB 4kB 4kB

    RAM SSD Pages vs Sectors

69. 16kB 4kB 4kB 4kB 4kB 16kB 4kB 4kB 4kB 4kB

    RAM Buf Doublewrite bu ff er 4kB 4kB 4kB 4kB 4kB 4kB 4kB 4kB Table

70. 16kB 4kB 4kB 4kB 4kB 16kB 4kB 4kB 4kB 4kB

    RAM Buf Doublewrite bu ff er 4kB 4kB 4kB 4kB 4kB 4kB 4kB 4kB Table

71. 16kB 4kB 4kB 4kB 4kB 16kB 4kB 4kB 4kB 4kB

    RAM Buf Doublewrite bu ff er 4kB 4kB 4kB 4kB 4kB 4kB 4kB 4kB Table

72. 16kB 4kB 4kB 4kB 4kB 16kB 4kB 4kB 4kB 4kB

    RAM Buf Doublewrite bu ff er 4kB 4kB 4kB 4kB 4kB 4kB 4kB 4kB Table

73. 16kB 4kB 4kB 4kB 4kB 16kB 4kB 4kB 4kB 4kB

    RAM Buf Doublewrite bu ff er 4kB 4kB 4kB 4kB 4kB 4kB 4kB 4kB Table

74. 16kB 4kB 4kB 4kB 4kB 16kB 4kB 4kB 4kB 4kB

    RAM Buf Doublewrite bu ff er 4kB 4kB 4kB 4kB 4kB 4kB 4kB 4kB Table

75. 16kB 4kB 4kB 4kB 4kB 16kB 4kB 4kB 4kB 4kB

    RAM Buf Doublewrite bu ff er 4kB 4kB 4kB 4kB 4kB 4kB 4kB 4kB Table

76. 16kB 4kB 4kB 4kB 4kB 16kB 4kB 4kB 4kB 4kB

    RAM Buf Doublewrite bu ff er 4kB 4kB 4kB 4kB 4kB 4kB 4kB 4kB Table

77. 16kB 4kB 4kB 4kB 4kB 16kB 4kB 4kB 4kB 4kB

    RAM Buf Doublewrite bu ff er 4kB 4kB 4kB 4kB 4kB 4kB 4kB 4kB Table

78. 16kB 4kB 4kB 4kB 4kB 16kB 4kB 4kB 4kB 4kB

    RAM Buf Doublewrite bu ff er 4kB 4kB 4kB 4kB 4kB 4kB 4kB 4kB Table 💥

79. 16kB 4kB 4kB 4kB 4kB 16kB 4kB 4kB 4kB 4kB

    RAM Buf Doublewrite bu ff er 4kB 4kB 4kB 4kB 4kB 4kB 4kB 4kB Table

80. 16kB 4kB 4kB 4kB 4kB 16kB 4kB 4kB 4kB 4kB

    RAM Buf Doublewrite bu ff er 4kB 4kB 4kB 4kB 4kB 4kB 4kB 4kB Table 💥

81. 16kB 4kB 4kB 4kB 4kB 16kB 4kB 4kB 4kB 4kB

    RAM Buf Doublewrite bu ff er 4kB 4kB 4kB 4kB 4kB 4kB 4kB 4kB Table

82. Checksums 16kB Table data Checksum

83. On restart: - Read doublewrite bu ff er pages -

    Copy to table if checksum good - Ignore if checksum bad

84. On restart: - Read doublewrite bu ff er pages -

    Copy to table if checksum good - Ignore if checksum bad

85. On restart: - Read doublewrite bu ff er pages -

    Copy to table if checksum good - Ignore if checksum bad

86. On restart: - Read doublewrite bu ff er pages -

    Copy to table if checksum good - Ignore if checksum bad

87. Postgres equivalent: full_page_writes

88. That's a lot of work!

89. Can we skip it?

90. Fancy fi lesystems or Fancy disks

91. Fancy fi lesystems or Fancy disks

92. None

93. ZFS Custom atomic write size

94. 16kB 16kB 16kB RAM ZFS (16kB recordsize) 4kB 4kB 4kB

    4kB 4kB 4kB 4kB 4kB SSD 16kB ZFS

95. Problem: We still pay in performance to do it in

    software

96. Fancy fi lesystems or Fancy disks

97. Fancy disks 16kB 4kB 4kB 4kB 4kB 16kB 4kB 4kB

    4kB 4kB RAM SSD

98. Fancy disks 16kB 16kB 16kB 16kB RAM SSD

99. https://nvmexpress.org/speci fi cation/nvm-command-set-speci fi cation/

100. https://nvmexpress.org/speci fi cation/nvm-command-set-speci fi cation/

101. https://nvmexpress.org/speci fi cation/nvm-command-set-speci fi cation/

102. On Linux $ sudo nvme id-ctrl /dev/nvme0n1 | grep awupf

     awupf : 0

103. On Linux $ sudo nvme id-ctrl /dev/nvme0n1 | grep awupf

     awupf : 0 $ # Not a fancy drive $ # 1 sector -> 4kB atomicity $

104. On Linux $ sudo nvme id-ctrl /dev/nvme0n1 | grep awupf

     awupf : 3 $ # Fancy drive :D $ # 4 sectors -> 16kB atomicity $

105. It is possible to turn o ff the doublewrite bu

     ff er safely, but...

106. Caveat If you're wrong, the computer might lose your data

107. Case 2 Postgres fsyncgate (2018)

108. fsync In a nutshell

109. man 2 fsync fsync(2) System Calls Manual fsync(2) NAME fsync,

     fdatasync - synchronize a file's in-core state with storage device DESCRIPTION fsync() transfers ("flushes") all modified in-core data of (i.e., modified buffer cache pages for) the file referred to by the file descriptor fd to the disk device (or other perma ‐ nent storage device) so that all changed information can be retrieved even if the system crashes or is rebooted. This in ‐ cludes writing through or flushing a disk cache if present. The call blocks until the device reports that the transfer has completed.

110. man 2 fsync (simpli fi ed) fsync(2) System Calls Manual

     fsync(2) NAME fsync, fdatasync - synchronize a file's in-core state with storage device DESCRIPTION fsync() transfers all modified data of the file to the disk device so that all changed information can be retrieved even if the system crashes or is rebooted. The call blocks until the device reports that the transfer has completed.

111. 4kB 4kB 4kB 4kB 4kB 4kB 4kB 4kB RAM SSD

     fsync 16kB 16kB

112. 4kB 4kB 4kB 4kB 4kB 4kB 4kB 4kB RAM SSD

     fsync 8kB 8kB 8kB 8kB

113. 4kB 4kB 4kB 4kB 4kB 4kB 4kB 4kB RAM SSD

     fsync 8kB 8kB 8kB 8kB

114. 4kB 4kB 4kB 4kB 4kB 4kB 4kB 4kB RAM SSD

     fsync fsync 8kB 8kB 8kB 8kB

115. fsync pseudocode file = File.open("/data/base") file.write("some data") file.fsync

116. Postgres mailing list From: Craig Ringer <craig(at)2ndquadrant(dot)com> To: PostgreSQL Hackers

     <pgsql-hackers(at)postgresql(dot)org> Subject: PostgreSQL's handling of fsync() errors is unsafe and risks data loss at least on XFS Date: 2018-03-28 02:23:46 Message-ID: CAMsr+YHh+5Oq4xziwwoEfhoTZgr07vdGG+hu=1adXx59aTeaoQ@mail.gmail.com Lists: pgsql-hackers Hi all Some time ago I ran into an issue where a user encountered data corruption after a storage error. PostgreSQL played a part in that corruption by allowing checkpoint what should've been a fatal error. TL;DR: Pg should PANIC on fsync() EIO return. Retrying fsync() is not OK at least on Linux. When fsync() returns success it means "all writes since the last fsync have hit disk" but we assume it means "all writes since the last SUCCESSFUL fsync have hit disk". ...

117. Postgres mailing list From: Craig Ringer <craig(at)2ndquadrant(dot)com> To: PostgreSQL Hackers

     <pgsql-hackers(at)postgresql(dot)org> Subject: PostgreSQL's handling of fsync() errors is unsafe and risks data loss at least on XFS Date: 2018-03-28 02:23:46 Message-ID: CAMsr+YHh+5Oq4xziwwoEfhoTZgr07vdGG+hu=1adXx59aTeaoQ@mail.gmail.com Lists: pgsql-hackers Hi all Some time ago I ran into an issue where a user encountered data corruption after a storage error. PostgreSQL played a part in that corruption by allowing checkpoint what should've been a fatal error. TL;DR: Pg should PANIC on fsync() EIO return. Retrying fsync() is not OK at least on Linux. When fsync() returns success it means "all writes since the last fsync have hit disk" but we assume it means "all writes since the last SUCCESSFUL fsync have hit disk". ...
118. None
119. None

120. man 2 fsync fsync(2) System Calls Manual fsync(2) ERRORS The

     fsync() system call will fail if: ... [EIO] An error occurred during synchronization. This error may relate to data written to some other file descriptor on the same file. ...

121. Postgres mailing list From: Craig Ringer <craig(at)2ndquadrant(dot)com> To: PostgreSQL Hackers

     <pgsql-hackers(at)postgresql(dot)org> Subject: PostgreSQL's handling of fsync() errors is unsafe and risks data loss at least on XFS Date: 2018-03-28 02:23:46 Message-ID: CAMsr+YHh+5Oq4xziwwoEfhoTZgr07vdGG+hu=1adXx59aTeaoQ@mail.gmail.com Lists: pgsql-hackers Hi all Some time ago I ran into an issue where a user encountered data corruption after a storage error. PostgreSQL played a part in that corruption by allowing checkpoint what should've been a fatal error. TL;DR: Pg should PANIC on fsync() EIO return. Retrying fsync() is not OK at least on Linux. When fsync() returns success it means "all writes since the last fsync have hit disk" but we assume it means "all writes since the last SUCCESSFUL fsync have hit disk". ...

122. fsync pseudocode file = File.open("/data/base") file.write("some data") file.fsync

123. fsync pseudocode file = File.open("/data/base") file.write("some data") err = file.fsync

     # Mark the data for a retry if !err.nil? && err.type == EIO file.mark_for_retry end

124. 4kB 4kB 4kB 4kB 4kB 4kB 4kB 4kB RAM SSD

     fsync 8kB 8kB 8kB 8kB

125. 4kB 4kB 4kB 4kB 4kB 4kB 4kB 4kB RAM SSD

     fsync 8kB 8kB 8kB 8kB

126. 4kB 4kB 4kB 4kB 4kB 4kB 4kB 4kB RAM SSD

     fsync 8kB 8kB 8kB 8kB

127. 4kB 4kB 4kB 4kB 4kB 4kB 4kB 4kB RAM SSD

     fsync 8kB 8kB 8kB 8kB

128. 4kB 4kB 4kB 4kB 4kB 4kB 4kB 4kB RAM SSD

     fsync 8kB 8kB 8kB 8kB

129. 4kB 4kB 4kB 4kB 4kB 4kB 4kB 4kB RAM SSD

     fsync 8kB 8kB 8kB 8kB 💥fsync💥

130. 4kB 4kB 4kB 4kB 4kB 4kB 4kB 4kB RAM SSD

     fsync 8kB 8kB 8kB 8kB 💥fsync💥

131. fsync pseudocode file = File.open("/data/base") file.write("some data") err = file.fsync

     # Mark the data for a retry if !err.nil? && err.type == EIO file.mark_for_retry end

132. 4kB 4kB 4kB 4kB 4kB 4kB 4kB 4kB RAM SSD

     fsync 8kB 8kB 8kB 8kB 💥fsync💥

133. 4kB 4kB 4kB 4kB 4kB 4kB 4kB 4kB RAM SSD

     fsync 8kB 8kB 8kB 8kB 💥fsync💥

134. 4kB 4kB 4kB 4kB 4kB 4kB 4kB 4kB RAM SSD

     fsync 8kB 8kB 8kB 8kB 💥fsync💥

135. 4kB 4kB 4kB 4kB 4kB 4kB 4kB 4kB RAM SSD

     fsync 8kB 8kB 8kB 8kB 💥fsync💥

136. 4kB 4kB 4kB 4kB 4kB 4kB 4kB 4kB RAM SSD

     fsync 8kB 8kB 8kB 8kB 💥fsync💥

137. 4kB 4kB 4kB 4kB 4kB 4kB 4kB 4kB RAM SSD

     fsync 8kB 8kB 8kB 8kB 💥fsync💥 fsync

138. Postgres mailing list From: Craig Ringer <craig(at)2ndquadrant(dot)com> To: PostgreSQL Hackers

     <pgsql-hackers(at)postgresql(dot)org> Subject: PostgreSQL's handling of fsync() errors is unsafe and risks data loss at least on XFS Date: 2018-03-28 02:23:46 Message-ID: CAMsr+YHh+5Oq4xziwwoEfhoTZgr07vdGG+hu=1adXx59aTeaoQ@mail.gmail.com Lists: pgsql-hackers Hi all Some time ago I ran into an issue where a user encountered data corruption after a storage error. PostgreSQL played a part in that corruption by allowing checkpoint what should've been a fatal error. TL;DR: Pg should PANIC on fsync() EIO return. Retrying fsync() is not OK at least on Linux. When fsync() returns success it means "all writes since the last fsync have hit disk" but we assume it means "all writes since the last SUCCESSFUL fsync have hit disk". ...
139. None

140. – Many messages on that thread “The Linux kernel is

     wrong”

141. “It should retry” or “It should persist the errors”

142. “It should retry” or “It should persist the errors”

143. “It should retry” or “It should persist the errors”

144. None

145. Postgres needs to run on the real kernel... ...not a

     hypothetical one

146. Sometimes the right answer is for software to crash

147. Postmaster Worker Postgres Worker Worker

148. Postmaster Worker Postgres Worker Worker 💥fsync💥

149. Postmaster 💥Worker💥 Postgres Worker Worker 💥fsync💥

150. Postmaster Postgres Worker Worker

151. Postmaster Postgres

152. Postmaster Worker Postgres Worker Worker

153. Table id name price 1 sunglasses 27.99 2 jorts 10.99

     BEGIN; INSERT ("sunglasses", 27.99); INSERT ("jorts", 10.99); COMMIT; SQL WAL BEGIN TX 1 INS 1 (1, "sunglasses", 27.99) INS 1 (2, "jorts", 10.99) COMMIT TX 1
154. None

155. But the kernel did have a part to play...

156. Process Kernel Process Process FD FD FD File

157. Process Kernel Process Process FD FD FD File 💥fsync💥

158. Process Kernel Process Process FD FD FD File 💥fsync💥 fsync

159. Process Kernel Process Process FD FD FD File 💥fsync💥 💥fsync💥

160. Process Kernel Process Process FD FD FD File

161. Process Kernel Process Process FD FD FD File Process FD

162. Process Kernel Process Process FD FD FD File Process FD

     fsync??

163. Process Kernel Process Process FD FD FD File Process FD

     fsync

164. Process Kernel Process Process FD FD FD File Process FD

     💥fsync💥

165. Kernel versions: 4.13 - 4.17

166. 4kB 4kB 4kB 4kB 4kB 4kB 4kB 4kB RAM SSD

     fsync 8kB 8kB 8kB 8kB 💥fsync💥 fsync

167. Other databases - MySQL - MongoDB - ...?

168. None
169. None

170. Doing extra work to save your data... ...can make the

     computer lose your data

171. Doing extra work to save your data... ...can make the

     computer lose your data

172. Case 3 Hardware disk caches

173. Hardware disk caches Kernel (Filesystem) Disk

174. Hardware disk caches Kernel (Filesystem) Disk Volatile cache

175. - Reduce latency - Handle spikes - Batch writes Hardware

     disk caches

176. - Reduce latency - Handle spikes - Batch writes Hardware

     disk caches

177. write("some data") write("some more data") write("yet more data") Disk operations

     Latency

178. write("some data") write("some more data") write("yet more data") flush() Latency

     Disk operations

179. - Reduce latency - Handle spikes - Batch writes Hardware

     disk caches

180. Write Speed (MB/s) Time Write spikes 500 1000

181. - Reduce latency - Handle spikes - Write reordering Hardware

     disk caches

182. Write reordering 1 4 2 5 3 6 P1 P2

183. Write reordering 1 4 2 5 3 6 P1 P2

     1 4 2 5 3 6
184. None
185. None
186. None

187. A cynical reason: to look good on bad benchmarks

188. A cynical reason: to look good on bad benchmarks

189. What does this mean for fsync?

190. fsync pseudocode file = File.open("/data/base") file.write("some data") file.write("some more data")

     file.write("yet more data") file.fsync

191. fsync pseudocode file = File.open("/data/base") file.write("some data") file.write("some more data")

     file.write("yet more data") file.fsync Flush to disk here

192. - (S)ATA: FLUSH CACHE EXT - SCSI: SYNCHRONIZE CACHE -

     NVMe: FLUSH Flush commands

193. https://brad.livejournal.com/2116715.html

194. Tl;dr: diskchecker.pl Server Client Writes

195. Tl;dr: diskchecker.pl Server Client ❌

196. Tl;dr: diskchecker.pl Server Client “Did I lose data?”

197. Tl;dr: diskchecker.pl Server Client “Yes!” “Did I lose data?”

198. Fix for bad drives # Disable write-back caching # #

     Might fix flush on a bad drive, # but ruin performance hdparm -W 0 /dev/sda

199. https://brad.livejournal.com/2116715.html

200. https://web.archive.org/web/20220221094231/https://twitter.com/ xenadu02/status/1495694090796941314

201. https://web.archive.org/web/20220221094654/https://twitter.com/ xenadu02/status/1495695209958895618

202. https://web.archive.org/web/20220221094654/https://twitter.com/ xenadu02/status/1495695209958895618

203. 😌

204. Telling lies breaking promises without

205. RAID Controllers with BBU and Drives with Capacitors

206. RAID Controllers with BBU and Drives with Capacitors

207. None
208. None

209. 🔋 72 hours

210. 🪫 1-10 hours

211. RAID Controllers with BBU and Drives with Capacitors

212. None

213. Database Filesystem Disk controller Disk All of this is your

     responsibility

214. The computer might reward you... ...by losing your data

215. Before we wrap up An aside

216. None

217. Datacentres/AZs Primary Replica Replica A B C

218. Datacentres/AZs 💥 Replica Replica A B C

219. Datacentres/AZs Primary Replica A B C

220. Datacentres/AZs Primary Replica A B C Replica

221. Datacentres/AZs Primary Replica A B C Replica ?

222. Datacentres/AZs Primary Replica A B C Replica ⚠︎

223. Datacentres/AZs A B C ⚠︎ Primary Replica Replica

224. Replication doesn't save us from thinking about crash safety

225. We need both

226. Case Studies

227. - Storage is unforgiving - Higher layers can't fi x

     lower ones - Slower is easier Lessons

228. The APIs are confusing and The stakes are high

229. - Storage is unforgiving - Higher layers can't fi x

     lower ones - Slower is easier Lessons

230. Database Filesystem Disk controller Disk If these tell lies...

231. Database Filesystem Disk controller Disk If these tell lies... ...then

     these won't know

232. - Storage is unforgiving - Higher layers can't fi x

     lower ones - Slower is easier Lessons

233. You can: - Enable doublewrite - Disable caches

234. Fast & Safe is hard(er)

235. Database Filesystem Disk controller Disk Choose your own adventure

236. Database Filesystem Disk controller Disk Choose your own adventure

237. Database Filesystem Disk controller Disk Choose your own adventure

238. Database Filesystem Disk controller Disk Choose your own adventure

239. None

240. Thank you ✌❤ @PlanetScale sinjo.dev

241. Image credits • Twemoji Floppy Disk Emoji - CC-BY -

     https://github.com/twitter/twemoji/blob/ d94f4cf793e6d5ca592aa00f58a88f6a4229ad43/assets/svg/1f4be.svg • Hard Disk Guts - CC-BY - https://www. fl ickr.com/photos/mattandkim/97533589/ • Yellow Slippery Road Signage - CC0 - https://www.pexels.com/photo/sign-slippery-wet- caution-4341/ • Black and Green Circuit board - CC0 - https://www.pexels.com/photo/black-and-green- circuit-board-2644597/ • Corsair ForceGT 180GB - CC-BY - https://www. fl ickr.com/photos/ruocaled/8173124575/

242. Image credits • High Performance NVMe SSD on Gray Surface

     - CC0 - https://www.pexels.com/photo/ high-performance-nvme-ssd-on-gray-surface-28666524/ • Server Guts - CC-BY - https://www. fl ickr.com/photos/chrisdag/2142582850 • Ceramic capacitors mounted on a PCB - CC-BY - https://commons.wikimedia.org/w/ index.php?curid=113868467 • NOIRLab HQ Server Racks - CC-BY - https://commons.wikimedia.org/wiki/ File:NOIRLab_HQ_Server_Racks_(6V6A0402-CC).jpg

243. Questions? ✌❤ @PlanetScale sinjo.dev