Baoding-FenShuaJiang
/
Green_GoodERP18_FSJ_Standard
Bevaka 1
Stjärnmärk 0
Wiki 捐赠
gooderp18绿色标准版
Du kan inte välja fler än 25 ämnen Ämnen måste starta med en bokstav eller siffra, kan innehålla bindestreck ('-') och vara max 35 tecken långa.
Träd: 0f75e31513
Grenar Taggar
${ item.name }
Skapa branchen ${ searchTerm }
från '0f75e31513'
${ noResults }
Green_GoodERP18_FSJ_Standard/PostgreSQL/doc/postgresql/html/wal-reliability.html

161 lines
14KB
Blame Historik 

  1. <?xml version="1.0" encoding="UTF-8" standalone="no"?>

  2. <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>29.1. Reliability</title><link rel="stylesheet" type="text/css" href="stylesheet.css" /><link rev="made" href="pgsql-docs@lists.postgresql.org" /><meta name="generator" content="DocBook XSL Stylesheets V1.79.1" /><link rel="prev" href="wal.html" title="Chapter 29. Reliability and the Write-Ahead Log" /><link rel="next" href="wal-intro.html" title="29.2. Write-Ahead Logging (WAL)" /></head><body><div xmlns="http://www.w3.org/TR/xhtml1/transitional" class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="5" align="center">29.1. Reliability</th></tr><tr><td width="10%" align="left"><a accesskey="p" href="wal.html" title="Chapter 29. Reliability and the Write-Ahead Log">Prev</a> </td><td width="10%" align="left"><a accesskey="u" href="wal.html" title="Chapter 29. Reliability and the Write-Ahead Log">Up</a></td><th width="60%" align="center">Chapter 29. Reliability and the Write-Ahead Log</th><td width="10%" align="right"><a accesskey="h" href="index.html" title="PostgreSQL 12.4 Documentation">Home</a></td><td width="10%" align="right"> <a accesskey="n" href="wal-intro.html" title="29.2. Write-Ahead Logging (WAL)">Next</a></td></tr></table><hr></hr></div><div class="sect1" id="WAL-RELIABILITY"><div class="titlepage"><div><div><h2 class="title" style="clear: both">29.1. Reliability</h2></div></div></div><p>

  3.    Reliability is an important property of any serious database

  4.    system, and <span class="productname">PostgreSQL</span> does everything possible to

  5.    guarantee reliable operation. One aspect of reliable operation is

  6.    that all data recorded by a committed transaction should be stored

  7.    in a nonvolatile area that is safe from power loss, operating

  8.    system failure, and hardware failure (except failure of the

  9.    nonvolatile area itself, of course).  Successfully writing the data

  10.    to the computer's permanent storage (disk drive or equivalent)

  11.    ordinarily meets this requirement.  In fact, even if a computer is

  12.    fatally damaged, if the disk drives survive they can be moved to

  13.    another computer with similar hardware and all committed

  14.    transactions will remain intact.

  15.   </p><p>

  16.    While forcing data to the disk platters periodically might seem like

  17.    a simple operation, it is not. Because disk drives are dramatically

  18.    slower than main memory and CPUs, several layers of caching exist

  19.    between the computer's main memory and the disk platters.

  20.    First, there is the operating system's buffer cache, which caches

  21.    frequently requested disk blocks and combines disk writes. Fortunately,

  22.    all operating systems give applications a way to force writes from

  23.    the buffer cache to disk, and <span class="productname">PostgreSQL</span> uses those

  24.    features.  (See the <a class="xref" href="runtime-config-wal.html#GUC-WAL-SYNC-METHOD">wal_sync_method</a> parameter

  25.    to adjust how this is done.)

  26.   </p><p>

  27.    Next, there might be a cache in the disk drive controller; this is

  28.    particularly common on <acronym class="acronym">RAID</acronym> controller cards. Some of

  29.    these caches are <em class="firstterm">write-through</em>, meaning writes are sent

  30.    to the drive as soon as they arrive. Others are

  31.    <em class="firstterm">write-back</em>, meaning data is sent to the drive at

  32.    some later time. Such caches can be a reliability hazard because the

  33.    memory in the disk controller cache is volatile, and will lose its

  34.    contents in a power failure.  Better controller cards have

  35.    <em class="firstterm">battery-backup units</em> (<acronym class="acronym">BBU</acronym>s), meaning

  36.    the card has a battery that

  37.    maintains power to the cache in case of system power loss.  After power

  38.    is restored the data will be written to the disk drives.

  39.   </p><p>

  40.    And finally, most disk drives have caches. Some are write-through

  41.    while some are write-back, and the same concerns about data loss

  42.    exist for write-back drive caches as for disk controller

  43.    caches.  Consumer-grade IDE and SATA drives are particularly likely

  44.    to have write-back caches that will not survive a power failure.  Many

  45.    solid-state drives (SSD) also have volatile write-back caches.

  46.   </p><p>

  47.    These caches can typically be disabled; however, the method for doing

  48.    this varies by operating system and drive type:

  49.   </p><div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem"><p>

  50.         On <span class="productname">Linux</span>, IDE and SATA drives can be queried using

  51.         <code class="command">hdparm -I</code>; write caching is enabled if there is

  52.         a <code class="literal">*</code> next to <code class="literal">Write cache</code>.  <code class="command">hdparm -W 0</code>

  53.         can be used to turn off write caching.  SCSI drives can be queried

  54.         using <a class="ulink" href="http://sg.danny.cz/sg/sdparm.html" target="_top"><span class="application">sdparm</span></a>.

  55.         Use <code class="command">sdparm --get=WCE</code> to check

  56.         whether the write cache is enabled and <code class="command">sdparm --clear=WCE</code>

  57.         to disable it.

  58.       </p></li><li class="listitem"><p>

  59.         On <span class="productname">FreeBSD</span>, IDE drives can be queried using

  60.         <code class="command">atacontrol</code> and write caching turned off using

  61.         <code class="literal">hw.ata.wc=0</code> in <code class="filename">/boot/loader.conf</code>;

  62.         SCSI drives can be queried using <code class="command">camcontrol identify</code>,

  63.         and the write cache both queried and changed using

  64.         <code class="command">sdparm</code> when available.

  65.       </p></li><li class="listitem"><p>

  66.         On <span class="productname">Solaris</span>, the disk write cache is controlled by

  67.         <code class="command">format -e</code>.

  68.         (The Solaris <acronym class="acronym">ZFS</acronym> file system is safe with disk write-cache

  69.         enabled because it issues its own disk cache flush commands.)

  70.       </p></li><li class="listitem"><p>

  71.         On <span class="productname">Windows</span>, if <code class="varname">wal_sync_method</code> is

  72.         <code class="literal">open_datasync</code> (the default), write caching can be disabled

  73.         by unchecking <code class="literal">My Computer\Open\<em class="replaceable"><code>disk drive</code></em>\Properties\Hardware\Properties\Policies\Enable write caching on the disk</code>.

  74.         Alternatively, set <code class="varname">wal_sync_method</code> to

  75.         <code class="literal">fsync</code> or <code class="literal">fsync_writethrough</code>, which prevent

  76.         write caching.

  77.       </p></li><li class="listitem"><p>

  78.         On <span class="productname">macOS</span>, write caching can be prevented by

  79.         setting <code class="varname">wal_sync_method</code> to <code class="literal">fsync_writethrough</code>.

  80.       </p></li></ul></div><p>

  81.    Recent SATA drives (those following <acronym class="acronym">ATAPI-6</acronym> or later)

  82.    offer a drive cache flush command (<code class="command">FLUSH CACHE EXT</code>),

  83.    while SCSI drives have long supported a similar command

  84.    <code class="command">SYNCHRONIZE CACHE</code>.  These commands are not directly

  85.    accessible to <span class="productname">PostgreSQL</span>, but some file systems

  86.    (e.g., <acronym class="acronym">ZFS</acronym>, <acronym class="acronym">ext4</acronym>) can use them to flush

  87.    data to the platters on write-back-enabled drives.  Unfortunately, such

  88.    file systems behave suboptimally when combined with battery-backup unit

  89.    (<acronym class="acronym">BBU</acronym>) disk controllers.  In such setups, the synchronize

  90.    command forces all data from the controller cache to the disks,

  91.    eliminating much of the benefit of the BBU.  You can run the

  92.    <a class="xref" href="pgtestfsync.html" title="pg_test_fsync"><span class="refentrytitle"><span class="application">pg_test_fsync</span></span></a> program to see

  93.    if you are affected.  If you are affected, the performance benefits

  94.    of the BBU can be regained by turning off write barriers in

  95.    the file system or reconfiguring the disk controller, if that is

  96.    an option.  If write barriers are turned off, make sure the battery

  97.    remains functional; a faulty battery can potentially lead to data loss.

  98.    Hopefully file system and disk controller designers will eventually

  99.    address this suboptimal behavior.

  100.   </p><p>

  101.    When the operating system sends a write request to the storage hardware,

  102.    there is little it can do to make sure the data has arrived at a truly

  103.    non-volatile storage area. Rather, it is the

  104.    administrator's responsibility to make certain that all storage components

  105.    ensure integrity for both data and file-system metadata.

  106.    Avoid disk controllers that have non-battery-backed write caches.

  107.    At the drive level, disable write-back caching if the

  108.    drive cannot guarantee the data will be written before shutdown.

  109.    If you use SSDs, be aware that many of these do not honor cache flush

  110.    commands by default.

  111.    You can test for reliable I/O subsystem behavior using <a class="ulink" href="https://brad.livejournal.com/2116715.html" target="_top"><code class="filename">diskchecker.pl</code></a>.

  112.   </p><p>

  113.    Another risk of data loss is posed by the disk platter write

  114.    operations themselves. Disk platters are divided into sectors,

  115.    commonly 512 bytes each.  Every physical read or write operation

  116.    processes a whole sector.

  117.    When a write request arrives at the drive, it might be for some multiple

  118.    of 512 bytes (<span class="productname">PostgreSQL</span> typically writes 8192 bytes, or

  119.    16 sectors, at a time), and the process of writing could fail due

  120.    to power loss at any time, meaning some of the 512-byte sectors were

  121.    written while others were not.  To guard against such failures,

  122.    <span class="productname">PostgreSQL</span> periodically writes full page images to

  123.    permanent WAL storage <span class="emphasis"><em>before</em></span> modifying the actual page on

  124.    disk. By doing this, during crash recovery <span class="productname">PostgreSQL</span> can

  125.    restore partially-written pages from WAL.  If you have file-system software

  126.    that prevents partial page writes (e.g., ZFS),  you can turn off

  127.    this page imaging by turning off the <a class="xref" href="runtime-config-wal.html#GUC-FULL-PAGE-WRITES">full_page_writes</a> parameter. Battery-Backed Unit

  128.    (BBU) disk controllers do not prevent partial page writes unless

  129.    they guarantee that data is written to the BBU as full (8kB) pages.

  130.   </p><p>

  131.    <span class="productname">PostgreSQL</span> also protects against some kinds of data corruption

  132.    on storage devices that may occur because of hardware errors or media failure over time,

  133.    such as reading/writing garbage data.

  134.    </p><div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem"><p>

  135.       Each individual record in a WAL file is protected by a CRC-32 (32-bit) check

  136.       that allows us to tell if record contents are correct. The CRC value

  137.       is set when we write each WAL record and checked during crash recovery,

  138.       archive recovery and replication.

  139.      </p></li><li class="listitem"><p>

  140.       Data pages are not currently checksummed by default, though full page images

  141.       recorded in WAL records will be protected; see <a class="link" href="app-initdb.html#APP-INITDB-DATA-CHECKSUMS"><span class="application">initdb</span></a>

  142.       for details about enabling data page checksums.

  143.      </p></li><li class="listitem"><p>

  144.       Internal data structures such as <code class="filename">pg_xact</code>, <code class="filename">pg_subtrans</code>, <code class="filename">pg_multixact</code>,

  145.       <code class="filename">pg_serial</code>, <code class="filename">pg_notify</code>, <code class="filename">pg_stat</code>, <code class="filename">pg_snapshots</code> are not directly

  146.       checksummed, nor are pages protected by full page writes. However, where

  147.       such data structures are persistent, WAL records are written that allow

  148.       recent changes to be accurately rebuilt at crash recovery and those

  149.       WAL records are protected as discussed above.

  150.      </p></li><li class="listitem"><p>

  151.       Individual state files in <code class="filename">pg_twophase</code> are protected by CRC-32.

  152.      </p></li><li class="listitem"><p>

  153.       Temporary data files used in larger SQL queries for sorts,

  154.       materializations and intermediate results are not currently checksummed,

  155.       nor will WAL records be written for changes to those files.

  156.      </p></li></ul></div><p>

  157.   </p><p>

  158.    <span class="productname">PostgreSQL</span> does not protect against correctable memory errors

  159.    and it is assumed you will operate using RAM that uses industry standard

  160.    Error Correcting Codes (ECC) or better protection.

  161.   </p></div><div class="navfooter"><hr /><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left"><a accesskey="p" href="wal.html">Prev</a> </td><td width="20%" align="center"><a accesskey="u" href="wal.html">Up</a></td><td width="40%" align="right"> <a accesskey="n" href="wal-intro.html">Next</a></td></tr><tr><td width="40%" align="left" valign="top">Chapter 29. Reliability and the Write-Ahead Log </td><td width="20%" align="center"><a accesskey="h" href="index.html">Home</a></td><td width="40%" align="right" valign="top"> 29.2. Write-Ahead Logging (<acronym class="acronym">WAL</acronym>)</td></tr></table></div></body></html>
上海开阖软件有限公司 沪ICP备12045867号-1