cassandra-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Sylvain Lebresne (JIRA)" <>
Subject [jira] [Created] (CASSANDRA-9655) Consider reverting CASSANDRA-7801
Date Fri, 26 Jun 2015 09:43:04 GMT
Sylvain Lebresne created CASSANDRA-9655:

             Summary: Consider reverting CASSANDRA-7801
                 Key: CASSANDRA-9655
             Project: Cassandra
          Issue Type: Bug
            Reporter: Sylvain Lebresne
             Fix For: 2.1.x

Quoting myself from CASSANDRA-9649:
Due to the conjonction of CASSANDRA-7801 and CASSANDRA-5667, if a node has its clock in the
future, other nodes might "synchronize" themselves on that clock through Paxos operations.
While this is probably ok for small drift (this may even be considered a good thing), this
could be rather problematic if a node ends up with a clock far in the future (even temporarily,
due to an operator error for instance). This is a risk for our Paxos by design, but CASSANDRA-7801
makes the consequences potentially affect other operation as well. This makes me nervous and
while I still think CASSANDRA-7801 is theoretically a good idea, I'm starting to think that
it might not be worth the risk and so I wanted to float the idea of reversing it.

And when I say "revert", I'm talking of committing something like [this|]
(which is on top of CASSANDRA-9649).

I'll note that an alternative to "reverting" CASSANDRA-7801 could be to rely on CASSANDRA-6680,
that is rely on detecting big clock skew and not starting up/crashing in that case, thus working
around the potential problem. That said, while we definitively should implement CASSANDRA-6680,
I'm not sure how much we're willing to strongly rely on it to protect us, and hence reverting
CASSANDRA-7801 could still be the safe option even with CASSANDRA-6680.

I'm personally conflicted on what is the best course of action: I do think CASSANDRA-7801
is a nice to have so I'm tempted to keep it in provided we prioritize CASSANDRA-6680 somewhat,
but I also don't fully trust the latter to be a bullet proof protection. Thus my asking of
other opinions.

This message was sent by Atlassian JIRA

View raw message