Fix Snapshot Abort Not Waiting for Data Nodes#58214
Merged
original-brownbear merged 3 commits intoelastic:masterfrom Jun 17, 2020
original-brownbear:fix-abort-bug
Merged
Fix Snapshot Abort Not Waiting for Data Nodes#58214original-brownbear merged 3 commits intoelastic:masterfrom original-brownbear:fix-abort-bug
original-brownbear merged 3 commits intoelastic:masterfrom
original-brownbear:fix-abort-bug
Conversation
This was a really subtle bug that we introduced a long time ago. If a shard snapshot is in aborted state but hasn't started snapshotting on a node we can only send the failed notification for it if the shard was actually supposed to execute on the local node. Without this fix, if shard snapshots were spread out across at least two data nodes (so that each data node does not have all the primaries) the abort would actually never wait on the data nodes. This isn't a big deal with uuid shard generations but could lead to potential corruption on S3 when using numeric shard generations (albeit very unlikely now that we have the 3 minute wait there). Another negative side-effect of this bug was that master would receive a lot more shard status update messages for aborted shards since each data node not assigned a primary would send one message for that primary.
Collaborator
|
Pinging @elastic/es-distributed (:Distributed/Snapshot/Restore) |
Contributor
Author
|
Jenkins run elasticsearch-ci/bwc |
ywelsch
reviewed
Jun 17, 2020
Contributor
ywelsch
left a comment
There was a problem hiding this comment.
Fix looks good to me. I've left one question on the test. Please double-check that we also properly handle the case where a snapshot is aborted but the node dropped out of the cluster (and that we have tests for that).
| client().admin().cluster().prepareDeleteSnapshot(repoName, snapshotName).execute(); | ||
|
|
||
| logger.info("--> wait for 5s to give data nodes some time to process the updated shard snapshot status"); | ||
| TimeUnit.SECONDS.sleep(5L); |
Contributor
There was a problem hiding this comment.
Can we avoid the sleep here? For example by waiting for the data node to have applied the cluster state with the aborted snapshots, and showing that no outgoing message was sent to the master?
Contributor
Author
There was a problem hiding this comment.
Sure thing, sorry for being lazy there => how about 192508c ?
Contributor
Author
Jup this is covered by |
Contributor
Author
|
Thanks Yannick! |
This was referenced Jun 17, 2020
original-brownbear
added a commit
that referenced
this pull request
Jun 17, 2020
This was a really subtle bug that we introduced a long time ago. If a shard snapshot is in aborted state but hasn't started snapshotting on a node we can only send the failed notification for it if the shard was actually supposed to execute on the local node. Without this fix, if shard snapshots were spread out across at least two data nodes (so that each data node does not have all the primaries) the abort would actually never wait on the data nodes. This isn't a big deal with uuid shard generations but could lead to potential corruption on S3 when using numeric shard generations (albeit very unlikely now that we have the 3 minute wait there). Another negative side-effect of this bug was that master would receive a lot more shard status update messages for aborted shards since each data node not assigned a primary would send one message for that primary.
original-brownbear
added a commit
that referenced
this pull request
Jun 17, 2020
This was a really subtle bug that we introduced a long time ago. If a shard snapshot is in aborted state but hasn't started snapshotting on a node we can only send the failed notification for it if the shard was actually supposed to execute on the local node. Without this fix, if shard snapshots were spread out across at least two data nodes (so that each data node does not have all the primaries) the abort would actually never wait on the data nodes. This isn't a big deal with uuid shard generations but could lead to potential corruption on S3 when using numeric shard generations (albeit very unlikely now that we have the 3 minute wait there). Another negative side-effect of this bug was that master would receive a lot more shard status update messages for aborted shards since each data node not assigned a primary would send one message for that primary.
original-brownbear
added a commit
that referenced
this pull request
Jun 17, 2020
Forgot the brackets here in #58214 so in the rare case where the first update seen by the listener doesn't match it will still remove itself and never be invoked again -> timeout.
This was referenced Jun 17, 2020
original-brownbear
added a commit
that referenced
this pull request
Jun 17, 2020
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This was a really subtle bug that we introduced a long time ago.
If a shard snapshot is in aborted state but hasn't started snapshotting on a node
we can only send the failed notification for it if the shard was actually supposed
to execute on the local node.
Without this fix, if shard snapshots were spread out across at least two data nodes
(so that each data node does not have all the primaries) the abort would actually
never wait on the data nodes. This isn't a big deal with uuid shard generations
but could lead to potential corruption on S3 when using numeric shard generations
(albeit very unlikely now that we have the 3 minute wait there).
Another negative side-effect of this bug was that master would receive a lot more
shard status update messages for aborted shards since each data node not assigned
a primary would send one message for that primary.