On 02/16/2011 08:44 AM, Philip Martin wrote:
So if the timing is just right it's possible for one Apache process to start writing the transaction, for that process to stop, and for another process to take over the commit. WANdisco observed problems on FSFS where the transaction is synced at the end of the commit, not for each http request. What ends up in the transaction probably depends on the details of the kernel memory and disk caching, the system load, the underlying OS filesystem, etc.
This is a concern when the repository is hosted on an NFS or other network attached storage? If all the Apache processes are on the same system, then I wouldn't expect any issues.
In my testing with squid I have not managed to produce a corrupt commit, but I suspect that under the right conditions it would happen. I think that getting mod_dav_svn to sync before acknowledging each http request is a non-starter, for performance reasons. Can mod_dav_svn detect that the connection has changed? It's too late to get the old process to sync, but perhaps we could abort the commit? Some valid commits would fail, but it would avoid the small risk of a corrupt commit.
I think an fsfs.conf option to say that you want everything fsync()ed would be an acceptable solution, for people that deploy on NFS.
Blair
