ivankelly commented on issue #774: Open should run recovery by default URL: https://github.com/apache/bookkeeper/pull/774#issuecomment-347140907 @jvrao > non-recovery: default > If the caller doesn't know what they are doing, the ledger may never get sealed. > What is the down side of that? Replicator will seal it if it needs to, but until then last > fragment may stay under replicatated. > > @ivankelly Am I missing anything on the down side of non-recover default? > Now consider the logging/streaming/message case. What will happen if the caller doesn't know what they're doing. A writer fails so another writer wants to take over. They do a non-recovery open on the last ledger in the stream, read all the entries, and then start writing to the next ledger in the stream. There'll be a couple of issues here. <JV> This is not valid case IMO. In the case of failover, the application need to know what exactly it <JV>is doing. It MUST open in recovery mode. At leaset that is my view. 1. They will lose messages, because they will not see the last entries in previous ledger. 2. Anyone tailing the log will not move to the new ledger as the previous ledger will not be closed. 3. If the previous writer didn't really fail, and comes back, there's nothing to stop it writing more messages to the ledger. And none of these problems will be immediately obvious until they've happened. By this point data will be lost/corrupted. Contrast this to how it will work if recovery is default. If a user uses this incorrectly, their system will break early and loudly, which is much better IMO.
---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
