Detection

If the database instance goes into read-only mode, the following foreground operations will return the error status on all subsequent calls -

  • , DB::Put, DB::Delete, DB::SingleDelete, DB::DeleteRange, DB::Merge
  • DB::IngestExternalFile
  • DB::CompactFiles
  • DB::Flush
  1. Status::Severity::kSoftError - Errors of this severity do not prevent writes to the DB, but it does mean that the DB is in a degraded mode. Background compactions and flush may not be able to run in a timely manner.
  2. Status::Severity::kHardError - The DB is in read-only mode, but it can be transitioned back to read-write mode once the cause of the error has been addressed.
  3. - The DB is in read-only mode. The only way to recover is to close the DB, remedy the underlying cause of the error, and then re-open the DB.
  4. Status::Severity::kUnrecoverableError - This is the highest severity and indicates a corruption in the database. It may be possible to close and re-open the DB, but the contents of the database may no longer be correct.

In addition to the above, a notification callback EventListener::OnBackgroundError will be called as soon as the background error is encountered.

Recovery

  1. Call DB::Resume() to manually resume the DB and put it in read-write mode. This function will flush memtables for all the column families, clear the error, purge any obsolete files, and restart background flush and compaction operations.
  2. Automatic recovery from background errors. This is done by polling the system to ensure the underlying error condition is resolved, and then following the same steps as DB::Resume() to restore write capability. Notification callbacks EventListener::OnErrorRecoveryBegin and EventListener::OnErrorRecoveryCompleted are called at the start and end of the recovery process respectively, to inform the user of the status. The retry behavior can be controlled by setting max_bgerror_resume_count and bgerror_resume_retry_interval in DBOptions.

Auto Recovery Situations

At present, the automatic recovery is supported in the following scenarios -

  1. ENOSPC error from the filesystem
  2. IO errors reported by the FileSystem as retryable (typically transient errors such as network outages). When WAL is not in use, the database will continue to buffer writes in the memtable (i.e the database remains in read-write mode). Writes may eventually stall once memtables are accumulated.
  3. Errors during WAL sync, recovery is done only if 2PC is not in use.