Обсуждение: Capacitors, etc., in hard drives and SSD for DBMS machines...
Why all this concern about how long a disk (or SSD) drive can stay up after a power failure? It seems to me that anyone interested in maintaining an important database would have suitable backup power on their entire systems, including the disk drives, so they could coast over any power loss. I do not have any database that important, but my machine has an APC Smart-UPS that has 2 1/2 hours of backup time with relatively new batteries in it. It is so oversize because my previous computer used much more power than this one does. And if my power company has a brown out or black out of over 7 seconds, my natural gas fueled backup generator picks up the load very quickly. Am I overlooking something? -- .~. Jean-David Beyer Registered Linux User 85642. /V\ PGP-Key:166D840A 0C610C8B Registered Machine 1935521. /( )\ Shrewsbury, New Jersey http://linuxcounter.net ^^-^^ 06:15:01 up 36 days, 12:17, 2 users, load average: 4.16, 4.26, 4.30
On 08/07/2016 13:23, Jean-David Beyer wrote:
> Why all this concern about how long a disk (or SSD) drive can stay up
> after a power failure?
>
> It seems to me that anyone interested in maintaining an important
> database would have suitable backup power on their entire systems,
> including the disk drives, so they could coast over any power loss.
>
> I do not have any database that important, but my machine has an APC
> Smart-UPS that has 2 1/2 hours of backup time with relatively new
> batteries in it. It is so oversize because my previous computer used
> much more power than this one does. And if my power company has a brown
> out or black out of over 7 seconds, my natural gas fueled backup
> generator picks up the load very quickly.
>
> Am I overlooking something?
>
UPS-es can fail too ... :)
And so many things could be happen ... once I plugged out the power cord
from the UPS which powered the database server (which was a production
server) ... I thought powering something else :)
but lucky me ... the controller was flash backed
--
Levi
On Fri, Jul 8, 2016 at 12:23 PM, Jean-David Beyer <jeandavid8@verizon.net> wrote:
-- Why all this concern about how long a disk (or SSD) drive can stay up
after a power failure?
It seems to me that anyone interested in maintaining an important
database would have suitable backup power on their entire systems,
including the disk drives, so they could coast over any power loss.
I do not have any database that important, but my machine has an APC
Smart-UPS that has 2 1/2 hours of backup time with relatively new
batteries in it. It is so oversize because my previous computer used
much more power than this one does. And if my power company has a brown
out or black out of over 7 seconds, my natural gas fueled backup
generator picks up the load very quickly.
Am I overlooking something?
Each added protection help, and cover some of the possible failure
modes one may encounter.
Most datacenters shouldn't lose power, and when they do, ups or
equivalent systems should pick up, and then generators.
Yet poweroffs happens. every element between the power
source and the disk drives storing the database have chances
of failure too. (including those two 'end' elements)
Most servers shouldn't be powered off but it happens, alimentation
cables may be moved, pdu may shutoff, electrical protections
may trigger, someone may press one of the power buttons...
Ideally you want protections on each level, or at least
closest to the data (so that there are fewer potential elements
to consider for failure cases)
Thomas SAMSON
On 7/8/2016 05:23, Jean-David Beyer wrote:
Never had a power supply fail, have you? Or (accidentally) pull the wrong cord? :)Why all this concern about how long a disk (or SSD) drive can stay up after a power failure?
Yep -- Murphy. And he's a bastard.It seems to me that anyone interested in maintaining an important database would have suitable backup power on their entire systems, including the disk drives, so they could coast over any power loss. I do not have any database that important, but my machine has an APC Smart-UPS that has 2 1/2 hours of backup time with relatively new batteries in it. It is so oversize because my previous computer used much more power than this one does. And if my power company has a brown out or black out of over 7 seconds, my natural gas fueled backup generator picks up the load very quickly. Am I overlooking something?
Вложения
Op 7/8/2016 om 12:23 PM schreef Jean-David Beyer: > Why all this concern about how long a disk (or SSD) drive can stay up > after a power failure? > > It seems to me that anyone interested in maintaining an important > database would have suitable backup power on their entire systems, > including the disk drives, so they could coast over any power loss. > As others have mentioned; *any* link in the power line can fail, from the building's power to the plug literaly falling out of the harddisk itself. Using multiple power sources, UPS, BBU etc reduce the risk, but the internal capacitors of an SSD are the only thing that will *always* provide power to the disk, no matter what caused the power to fail. It's like having a small UPS in the disk itself, with near-zero chance of failure.
> Why all this concern about how long a disk (or SSD) drive can stay up
> after a power failure?
When we're discussing SSD power loss protection, it's not a question of how long the drive can stay up but whether data
atrest or data in flight are going to be lost/corrupted in the event of a power loss.
There are a couple big reasons for this.
1. NAND write latency is actually somewhat poor.
SSDs are comprised of NAND chips, DRAM for cache, and the controller. If the SSD disabled its disk cache, the write
latenciesunder moderate load would move from the sub 100 microseconds range to the 1-10 milliseconds range. This is due
tohow the SSD writes to NAND. A single write operation takes a fairly large amount of time but large blocks cans be
writtenas a single operation.
2. Garbage Collection
If you're not familiar with GC, I definitely recommend reading up as it's one of the defining characteristics of SSDs
(andnow SMR HDDs). The basic principle is that SSDs don't support a modification to a page (8KB). Instead, the contents
wouldneed to be erased then written. Additionally, the slice of the chip that can be read, written, or erased are not
thesame size for each operation. Erase Blocks are much bigger than the page (eg: 2MB vs 8KB). This means that to modify
an8KB page, the entire 2MB erase block needs to be read to the disk cache, erased, then written with the new 8KB page
alongwith the rest of the existing data in the 2MB erase block.
This operation needs to be power loss protected (it's the operation that the Crucial drives protect against). If it's
not,then the data that is read to cache could be lost or corrupted if power is lost during the operation. The data in
theerase block is not necessarily related to the page being modified and could be anywhere else in the filesystem.
*IMPORTANT:This is data at rest that may have been written years prior. It is not just new data that may be lost if a
GCoperation can not complete.*
TL;DR: Many SSDs will not disable disk cache even if you give the command to do so. Full Power Loss Protection at the
drivelevel should be a requirement for any Enterprise or Data Center application to ensure no data loss or corruption
ofdata at rest.
This is why there is so much concern with the internals to specific SSDs regarding behavior in a power loss event. It
canhave large impacts on the reliability of the entire system.
Wes Vaske | Senior Storage Solutions Engineer
Micron Technology
________________________________________
From: pgsql-performance-owner@postgresql.org <pgsql-performance-owner@postgresql.org> on behalf of Levente Birta
<blevi.linux@gmail.com>
Sent: Friday, July 8, 2016 5:36 AM
To: pgsql-performance@postgresql.org
Subject: Re: [PERFORM] Capacitors, etc., in hard drives and SSD for DBMS machines...
On 08/07/2016 13:23, Jean-David Beyer wrote:
> Why all this concern about how long a disk (or SSD) drive can stay up
> after a power failure?
>
> It seems to me that anyone interested in maintaining an important
> database would have suitable backup power on their entire systems,
> including the disk drives, so they could coast over any power loss.
>
> I do not have any database that important, but my machine has an APC
> Smart-UPS that has 2 1/2 hours of backup time with relatively new
> batteries in it. It is so oversize because my previous computer used
> much more power than this one does. And if my power company has a brown
> out or black out of over 7 seconds, my natural gas fueled backup
> generator picks up the load very quickly.
>
> Am I overlooking something?
>
UPS-es can fail too ... :)
And so many things could be happen ... once I plugged out the power cord
from the UPS which powered the database server (which was a production
server) ... I thought powering something else :)
but lucky me ... the controller was flash backed
--
Levi
--
Sent via pgsql-performance mailing list (pgsql-performance@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-performance
On 07/08/2016 07:44 AM, vincent wrote: > > > Op 7/8/2016 om 12:23 PM schreef Jean-David Beyer: >> Why all this concern about how long a disk (or SSD) drive can stay up >> after a power failure? >> >> It seems to me that anyone interested in maintaining an important >> database would have suitable backup power on their entire systems, >> including the disk drives, so they could coast over any power loss. >> > As others have mentioned; *any* link in the power line can fail, from > the building's power > to the plug literaly falling out of the harddisk itself. Using multiple > power sources, > UPS, BBU etc reduce the risk, but the internal capacitors of an SSD are > the only thing > that will *always* provide power to the disk, no matter what caused the > power to fail. > > It's like having a small UPS in the disk itself, with near-zero chance > of failure. > > Thank you for all the responses. The only time I had a power supply fail in a computer was in a 10 year old computer. When storm Sandy came by, the power went out and the computer had plenty of time to do a controlled shutdown. But when the power was restored about a week later, the power flipped on and off at just the right rate to fry the power supply, before the system even started up enough to shut down again. So I lost no data. All I had to do is buy a new computer and restore from the backup tape. Of course, those capacitors in the disk itself could fail. Fortunately, there have been giant improvements in capacitor manufacture reliability since I had to study reliability of large electronic systems for a military contract way back then. -- .~. Jean-David Beyer Registered Linux User 85642. /V\ PGP-Key:166D840A 0C610C8B Registered Machine 1935521. /( )\ Shrewsbury, New Jersey http://linuxcounter.net ^^-^^ 10:50:01 up 36 days, 16:52, 2 users, load average: 4.95, 5.23, 5.18