Funding Cyrus High Availability

David Lang david.lang at digitalinsight.com
Sun Sep 19 18:48:49 EDT 2004 

On Sun, 19 Sep 2004, David Carter wrote:

> On Sun, 19 Sep 2004, David Lang wrote:
>
>> 5. Active/Active
>> 
>> designate one of the boxes as primary and identify all items in the 
>> datastore that absolutly must not be subject to race conditions between 
>> the two boxes (message UUID for example). In addition to implementing the 
>> replication needed for #1 modify all functions that need to update these 
>> critical pieces of data to update them on the master and let the master 
>> update the other box.
>
> We may be talking at cross purposes (and its entirely likely that I've
> got the wrong end of the stick!), but I consider active-active to be
> the case where there is no primary: users can make changes to either
> system, and if the two systems lose touch with each other they have
> to resolve their differences when contact is reestablished.
>
> UUIDs aren't a problem (each machine in a cluster owns its own fraction of 
> the address space). Message UIDs are a big problem. I guess in the case of 
> conflict, you could bump the UIDvalidity value on a mailbox and reassign UIDs 
> for all the messages, using timestamps determine the eventual ordering of 
> messages. Now that I think about it, maybe that's not a totally absurd idea. 
> It would involve a lot of work though.

the problem is that when they are both up you have to have one of them 
allocate the message UID's or you have to change the UIDVALIDITY for every 
new message that arrives.

here is the problem.
   you have a new message created on both servers at the same time. how do 
you allocate the UID without any possibility of stepping on each other?

the only way to do this is to have some sort of locking so that only one 
machine at a time can allocate UID's. you can shuffle this responsibility 
back and forth between machines, but there's a significant amount of 
overhead in doing this so the useual answer is just to have one machine 
issue the numbers and the other ask the first for a number when it needs 
it.

changing UIDVALIDITY while recovering from  a split-brain is probably 
going to be needed.

but as you say it's a lot of work (which is why I'm advocating the simpler 
options get released first :-)

>>  Pro:
>>   best use of available hardware as the load is split almost evenly 
>> between the boxes.
>> 
>> best availability becouse if there is a failure half of the clients won't 
>> see it at all
>
> Actually this is what I do right now by having two live mailstores. Half the 
> mailboxes on each system are active, the remainder are passive.

right, but what this would allow is sharing the load on individual 
mailboxes

useually this won't matter, but I could see it for shared mailboxes

David Lang

> -- 
> David Carter                             Email: David.Carter at ucs.cam.ac.uk
> University Computing Service,            Phone: (01223) 334502
> New Museums Site, Pembroke Street,       Fax:   (01223) 334679
> Cambridge UK. CB2 3QH.
> ---
> Cyrus Home Page: http://asg.web.cmu.edu/cyrus
> Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
> List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
>

-- 
There are two ways of constructing a software design. One way is to make it so simple that there are obviously no deficiencies. And the other way is to make it so complicated that there are no obvious deficiencies.
  -- C.A.R. Hoare
---
Cyrus Home Page: http://asg.web.cmu.edu/cyrus
Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html

More information about the Info-cyrus mailing list