[198] in Athena_Backup_System
"cleanly"
daemon@ATHENA.MIT.EDU (dkk@MIT.EDU)
Thu Feb 22 19:36:07 1996
From: dkk@MIT.EDU
Date: Thu, 22 Feb 1996 19:36:00 -0500
To: athena-backup@MIT.EDU
Cc: jis@MIT.EDU, tytso@MIT.EDU
After discussions among Brian, Ted, Jeff and myself, we have a
description of what it means to "recover cleanly" after an
interruption of service.
After FILESYSTEM DAMAGE on the master:
- It *IS* acceptable that the DB need to be restored from backup
before the backup system can be used safely.
After any other failure on the master (a panic, the "kill -9" of any
process, a power hit, or anything else which crashes the backup system
without damaging the filesystem), any failure on a slave, or such
failures on any combination of master and slaves:
- It is *NOT* acceptable that the DB need to be restored from backup
before the backup system can be used safely.
In either case:
- It is *NOT* acceptable that the DB become available for use
(e.g. after a reboot) while its consistency is still in doubt (i.e.
before some sort of consistency checker is run).
- It *IS* acceptable that administrative intervention be required to
return the backup system to an operational state.
--
David Krikorian, dkk@mit.edu, KA1NAP; MIT/IS/DCNS/Ops, APO, LSC, SIPB
