[jira] [Created] (CASSANDRA-9655) Consider reverting CASSANDRA-7801

Fri, 26 Jun 2015 02:43:54 -0700 

Sylvain Lebresne created CASSANDRA-9655:
-------------------------------------------

             Summary: Consider reverting CASSANDRA-7801
                 Key: CASSANDRA-9655
                 URL: https://issues.apache.org/jira/browse/CASSANDRA-9655
             Project: Cassandra
          Issue Type: Bug
            Reporter: Sylvain Lebresne
             Fix For: 2.1.x


Quoting myself from CASSANDRA-9649:
{quote}
Due to the conjonction of CASSANDRA-7801 and CASSANDRA-5667, if a node has its 
clock in the future, other nodes might "synchronize" themselves on that clock 
through Paxos operations. While this is probably ok for small drift (this may 
even be considered a good thing), this could be rather problematic if a node 
ends up with a clock far in the future (even temporarily, due to an operator 
error for instance). This is a risk for our Paxos by design, but CASSANDRA-7801 
makes the consequences potentially affect other operation as well. This makes 
me nervous and while I still think CASSANDRA-7801 is theoretically a good idea, 
I'm starting to think that it might not be worth the risk and so I wanted to 
float the idea of reversing it.
{quote}

And when I say "revert", I'm talking of committing something like 
[this|https://github.com/pcmanus/cassandra/commit/6ad4bbd3e8bfc968e58a44a23b2435a9b41f7cff]
 (which is on top of CASSANDRA-9649).

I'll note that an alternative to "reverting" CASSANDRA-7801 could be to rely on 
CASSANDRA-6680, that is rely on detecting big clock skew and not starting 
up/crashing in that case, thus working around the potential problem. That said, 
while we definitively should implement CASSANDRA-6680, I'm not sure how much 
we're willing to strongly rely on it to protect us, and hence reverting 
CASSANDRA-7801 could still be the safe option even with CASSANDRA-6680.

I'm personally conflicted on what is the best course of action: I do think 
CASSANDRA-7801 is a nice to have so I'm tempted to keep it in provided we 
prioritize CASSANDRA-6680 somewhat, but I also don't fully trust the latter to 
be a bullet proof protection. Thus my asking of other opinions.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to