Hi, On Tue, Apr 02, 2002 at 04:24:16PM -0500, Bill Antoniadis wrote: > Many warm thank yous to Bill Rugolsky Jr. and Stephen Tweedie for their help on > this one. Both pointed out that since the file system is journaled, if the > primary box (nas1) were to crash, the secondary box should mount the ext3 file > system without any problems. Depending on the nature of the journal (metadata > journaling and/or data journaling), we may have little or no data loss. More than that --- think of the failover as a simple system crash. The only difference is that the "reboot" involves bringing up the filesystem on a different node, rather than the original node. Thinking about it this way makes data integrity much easier to visualise. Any time you want to make data persistent over a reboot at a certain point in your application, it's up to your application to ensure that it tells the filesystem so by calling fsync() or by using synchronised IO. The result of the fsync is *exactly* the same regardless of whether you are doing a single-node reboot or a two-node failover. Unix performs universal write-behind data caching for local disk writes, so any application which assumes data integrity on disk without asking for that explicitly is simply broken. Cheers, Stephen
