Description
Why?
Given James runs on data-center-1 AND connects in LOCAL_QUORUM and LOCAL_SERIAL to a 3 node cassandra cluster in data-center-1 AND cassandra live replicate itself to a backup DC in data-center-2 WHEN a disaster render data-center-1 unusable THEN I want to connect James to data-center-2
Doing so can be done by flipping local.dc in cassandra.properties
But uid/modseq monoticity can not be guarantied in the switch as dc2 is out of the quorum. This may result in email loss/failure to synchronise a given mail thus preventing a user to see it.
We are looking for an heuristic to prevent such inconsistencies
How?
Upon the switch add a defensive amount to all uids and modseq. This will prevent double allocation.
This can easdily be conffigured in cassandra.properties: uid.modseq.increment: an integer defaulting to 0 added to each uid / modseq
Definition of done
Unit tests showing that the configuration is well applied.
Attachments
Issue Links
- links to