On Mon, 29 Jan 2001, Dave Ihnat wrote:
> On Mon, Jan 29, 2001 at 07:03:06AM -0500, Mike Burger wrote:
> > That's bunk.
>
> Gently, gently.
> > You can expect power to fail, because power supply facilities and delivery
> > facilities are not 100% foolproof. Lines go down, etc.
>
> I believe what was meant is that if a system is, in fact, considered
> production in a professional environment, there _must_ be some form
> of UPS. This isn't outrageous--a very decent UPS can be had for
> marginal cost. To run a production system without this is irresponsible.
>
> Once you include a UPS in the equation, the _probability_ of power
> failure-- as seen by the computer--becomes so marginal, and the
> _probability_ of disk corruption so marginal (since the system can be
> notified by the UPS to shut down cleanly), that most people then find the
> overhead of the journaling file system, in its current form, excessive.
>
UPS systems can and do fail. At my location we have a room full of
batteries and a diesel generator with fuel for 10 days. Both of which get
exercised regularly. Still the system that switches to batteries failed
last month and we were without power for almost a minute.
A properly implemented journaling file system has negligible performance
overhead.
> > A system is a production system because you have it in every day
> > use, performing whatever tasks you have designated for it to do. Whether
> > or not you may have a power failure has nothing, whatsoever, to do with a
> > systems designation as a production system.
>
> In the most strict sense, perhaps. But if you say "production",
> you're implying a "real" installation; to rely on a journaling file
> system to the exclusion of a UPS is irresponsible and unprofessional,
> and a false economy.
>
To rely on a UPS to the exclusion of a journaling filesystem is IMHO just
as irresponsible and unprofessional in a truly mission critical production
enviroment. I have many terabytes of disk. The type of failure mentioned
above...I don't even want to think about how long it would take to fsck
all of that. When you're looking at availability there is also the quality
of resilience, or decreased time to recovery. Which is what a journaling
filesystem buys you.
Needless to say, none of the terabytes of mission critical disk are on a
Linux filesystem. After the event mentioned above, all of my systems were
back online with no intervention in under five minutes. Except for the
Linux machines, each of which required fsck by hand, though they had a
fraction of the data and I/O on them the commercial Unices had.
To become accepted in mission critical enterprise computing Linux needs an
industrial strength filesystem that the distributions install by default.
ext2 is simply unacceptable. To deny this issue as I've seen many Linux
advocates do makes Linux look bad and makes it harder for fans like myself
to further its usage in production enviroments.
Regards,
Chris
_______________________________________________
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list
