On Tue, Feb 26, 2013 at 4:23 PM, Jean-Daniel Cryans <[EMAIL PROTECTED]>wrote:
> Well the rest of the logic is part of the replication code, so
> logically I think it needs to be disabled too if you kill replication.
> It leaves us with the choice of keeping the logs around or not. If you
> think the former is dangerous then we should do the latter.
That's a good point. I guess it comes down to the question of what the
purpose of stop_replication is. Should it be a temporary pause where one
can (and should) resume shortly thereafter and hope to continue with the
logs? Or should it be a shutdown mechanism to try to disable all the
replication functionality to revert to safe local (to the cluster)
operations only, as long as you keep it shut off. It seems that right now
it may not be succeeding very well at either, because it already states you
are likely to lose edits once shut off, but it's also risky to leave it off
for a long time. Since 0.94 has the mechanism to disable peers (that will
pause replication in a way that is safe to resume, correct?) I think it
makes sense to make stop_replication a fail safe to halt replication
behavior in a durably safe manner, with no guarantees about data that
hadn't already been replication before shutting it off.