Skip to content

Guard Repository#getRepositoryData for exception throw #50970

Closed
albertzaharovits wants to merge 4 commits intoelastic:masterfrom
albertzaharovits:get-repository-exception
Closed

Guard Repository#getRepositoryData for exception throw #50970
albertzaharovits wants to merge 4 commits intoelastic:masterfrom
albertzaharovits:get-repository-exception

Conversation

@albertzaharovits
Copy link
Copy Markdown
Contributor

@albertzaharovits albertzaharovits commented Jan 14, 2020
edited
Loading

In practice, Repository#getRepositoryData can throw exceptions, for example the BlobStoreRepository implementation of it

elasticsearch/server/src/main/java/org/elasticsearch/repositories/blobstore/BlobStoreRepository.java

Line 1088 in 3c6f649

throw e;

The getRepositoryData method is called before any operation involving snapshots. If the exception is thrown on the cluster state applier thread, as it happens when creating a new snapshot, the state applier thread will loop, retrying to apply the same state. If the exception is persistent, as is the case of an encrypted repository with a wrong password (see #50846), the state applier thread will get stuck.

This commit tracks and fixes all uses of Repository#getRepositoryData to make sure that at some point the exception is catched and forwarded to a Listener#onFailure.

@albertzaharovits albertzaharovits added >bug :Distributed/Snapshot/Restore Anything directly related to the `_snapshot/*` APIs v8.0.0 v7.6.0 labels Jan 14, 2020
@albertzaharovits albertzaharovits self-assigned this Jan 14, 2020
@elasticmachine
Copy link
Copy Markdown
Collaborator

elasticmachine commented Jan 14, 2020

Pinging @elastic/es-distributed (:Distributed/Snapshot/Restore)

@original-brownbear
Copy link
Copy Markdown
Contributor

original-brownbear commented Jan 14, 2020

@albertzaharovits sorry for not thinking of it last night, but maybe instead of fixing the callers to the repository, shouldn't we better just fix org.elasticsearch.repositories.blobstore.BlobStoreRepository#getRepositoryData to not throw and always resolve the listener? It seems like a pretty easy change as well.

@albertzaharovits
Copy link
Copy Markdown
Contributor Author

albertzaharovits commented Jan 14, 2020

@original-brownbear TBH I don't know how it's better, I think it depends on the conventions in the codebase. I don't like functions that throw and have a listener parameter. But in this case, it felt safer to me to handle the exception at a higher level since technically BlobStoreRepository#getRepositoryData can be overridden (and also other implementations of Repository#getRepositoryData can also mistakenly throw).

We could also fix BlobStoreRepository#getRepositoryData to not throw and cover the case that some implementation erroneously throws (as this PR does).

I'm fine with any of the three options. Let me know your preference.

@albertzaharovits
Copy link
Copy Markdown
Contributor Author

albertzaharovits commented Jan 14, 2020

We've synced and learned that the problem is not a case of a state applier thread, but the logic of listing to get the latest generation followed by a failure to read the blob for that generation and resetting the generation.
Armin is on it.

@original-brownbear
Copy link
Copy Markdown
Contributor

original-brownbear commented Jan 14, 2020

Follow up is in #50987

This was referenced Feb 3, 2020
Closed
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@original-brownbear original-brownbear Awaiting requested review from original-brownbear

Assignees

@albertzaharovits albertzaharovits

Labels

>bug :Distributed/Snapshot/Restore Anything directly related to the `_snapshot/*` APIs v7.6.0 v8.0.0-alpha1

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@albertzaharovits @elasticmachine @original-brownbear @jakelandis