It's amazing how much the Jepsen posts have raised the bar around distributed database testing. "Passes Jepsen" seems to be rapidly becoming required for open-source distributed databases. It's a great improvement, and I hope Kyle is really proud of the influence he has had. A big part of the success is that the writing itself was engaging, entertaining and accessible without being patronizing.
Having said that, Jepsen is far from a full exercise of all of the safety properties of a distributed database. There are many kinds of bugs (both protocol bugs and implementation bugs) that wouldn't be detected by these kinds of tests. Passing Jepsen is necessary, but not sufficient. Even without covering truly Byzantine behaviors, real-world networks have many failure modes that Jepsen doesn't address.
7 comments
[ 3.5 ms ] story [ 20.2 ms ] threadSo I'm delighted by http://lucidworks.com/blog/call-maybe-solrcloud-jepsen-flaky... … but tbh "may get a successful response for a document that is lost" is actually a CP failure.
-- https://twitter.com/aphyr/status/542820272626491392
https://twitter.com/aphyr/status/543547826756530176
Having said that, Jepsen is far from a full exercise of all of the safety properties of a distributed database. There are many kinds of bugs (both protocol bugs and implementation bugs) that wouldn't be detected by these kinds of tests. Passing Jepsen is necessary, but not sufficient. Even without covering truly Byzantine behaviors, real-world networks have many failure modes that Jepsen doesn't address.
The whole set (in reverse chronological order) is available at http://aphyr.com/tags/jepsen