server: graceful shutdown tikv-impl#18930
Conversation
|
Hi @hujiatao0. Thanks for your PR. I'm waiting for a tikv member to verify that this patch is reasonable to test. If it is, they should reply with Once the patch is verified, the new status will be reflected by the I understand the commands that are listed here. DetailsInstructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
cmd/tikv-server/src/main.rs
Outdated
| .arg( | ||
| Arg::with_name("enable-graceful-shutdown") | ||
| .long("enable-graceful-shutdown") | ||
| .takes_value(true) | ||
| .value_name("BOOL") | ||
| .help("Enable graceful shutdown for TiKV server") | ||
| .long_help( | ||
| "Enable graceful shutdown operations like leader eviction before terminating. \ | ||
| Defaults to true unless explicitly set to false.", | ||
| ), | ||
| ) | ||
| .arg( | ||
| Arg::with_name("evict-leader-timeout") | ||
| .long("evict-leader-timeout") | ||
| .takes_value(true) | ||
| .value_name("DURATION") | ||
| .help("Timeout for leader eviction during graceful shutdown") | ||
| .long_help( | ||
| "Timeout for leader eviction during graceful shutdown. \ | ||
| After this timeout, TiKV will proceed with shutdown even if some regions \ | ||
| haven't completed leader transfer. Defaults to 20s.", | ||
| ), | ||
| ) |
There was a problem hiding this comment.
Can we remove them from args? It seems unnecessary in args after all they can be configured via config file.
src/server/config.rs
Outdated
| /// Timeout for leader eviction during graceful shutdown. | ||
| /// After this timeout, TiKV will proceed with shutdown even if | ||
| /// some regions haven't completed leader transfer. | ||
| #[online_config(skip)] |
There was a problem hiding this comment.
Please support online config change.
src/server/config.rs
Outdated
| /// When enabled, TiKV will perform graceful shutdown operations like | ||
| /// leader eviction before terminating. | ||
| #[online_config(skip)] | ||
| pub enable_graceful_shutdown: bool, |
There was a problem hiding this comment.
It seems unnecessary, we can disable graceful shutdown if evict_leader_timeout is zero.
src/server/config.rs
Outdated
| /// After this timeout, TiKV will proceed with shutdown even if | ||
| /// some regions haven't completed leader transfer. | ||
| #[online_config(skip)] | ||
| pub evict_leader_timeout: ReadableDuration, |
There was a problem hiding this comment.
| pub evict_leader_timeout: ReadableDuration, | |
| pub graceful_shutdown_timeout: ReadableDuration, |
How about graceful_shutdown_timeout? It's more intuitive.
| for signal in &mut signals { | ||
| match signal { | ||
| SIGTERM | SIGINT | SIGHUP => { | ||
| SIGTERM => { |
There was a problem hiding this comment.
What happens if tikv receives SIGTERM twice within graceful shutdown timeout?
There was a problem hiding this comment.
The receipt of the first SIGTERM signal triggers a graceful shutdown and forces an exit from the wait_for_signal loop using a break statement. The process will be unable to handle another SIGTERM signal.
There was a problem hiding this comment.
Does tikv ignores the second SIGTERM signal or tikv exits immediately?
There was a problem hiding this comment.
Does tikv ignores the second SIGTERM signal or tikv exits immediately?
tikv will ignore the second SIGTERM
| let now = Instant::now(); | ||
| self.set_state(true); | ||
| self.wait_for_leader_eviction(now); | ||
| self.set_state(false); |
There was a problem hiding this comment.
Why set it to false? Please add some comments.
There was a problem hiding this comment.
When the set_state function sets the is_stopping status, it also triggers an immediate storeheartbeat. The PD heartbeat handler has logic to clean up the graceful shutdown evict-leader scheduler when a store's state is not is_stopping.
I explicitly set the state and trigger a final heartbeat after the leader eviction is complete, ensuring PD removes the scheduler promptly. While this isn't strictly required—as a node restart would eventually trigger the same cleanup via a regular heartbeat—this approach prevents a delay in the scheduler's removal.
There was a problem hiding this comment.
I see, please leave the above comment in code, thanks!
| for signal in &mut signals { | ||
| match signal { | ||
| SIGTERM | SIGINT | SIGHUP => { | ||
| SIGTERM => { |
There was a problem hiding this comment.
Does tikv ignores the second SIGTERM signal or tikv exits immediately?
| let now = Instant::now(); | ||
| self.set_state(true); | ||
| self.wait_for_leader_eviction(now); | ||
| self.set_state(false); |
There was a problem hiding this comment.
I see, please leave the above comment in code, thanks!
|
To avoid blocking this PR from merging, please submit a separate PR that adds a test to verify that graceful shutdown evicts leaders. |
b7bc98f to
4a8804f
Compare
hbisheng
left a comment
There was a problem hiding this comment.
Overall LGTM
Please add a release note, something like “Add graceful shutdown mechanism to evict leaders when receiving a SIGTERM signal.”
| self.set_state(true); | ||
| self.wait_for_leader_eviction(now); | ||
| self.set_state(false); | ||
| std::thread::sleep(Duration::from_millis(200)); |
There was a problem hiding this comment.
nit: add a comment for why sleep is needed here (waiting for the final store heartbeat to be uploadedd)
2099e15 to
496fa96
Compare
Signed-off-by: hujiatao0 <hhjjtt110@gmail.com> change the signal handler Signed-off-by: hujiatao0 <hhjjtt110@gmail.com> remove enable config Signed-off-by: hujiatao0 <hhjjtt110@gmail.com>
Signed-off-by: hujiatao0 <hhjjtt110@gmail.com>
496fa96 to
d136b22
Compare
Signed-off-by: hujiatao0 <hhjjtt110@gmail.com>
Signed-off-by: hujiatao0 <hhjjtt110@gmail.com>
components/server/src/setup.rs
Outdated
| warn!("metrics push is not supported any more."); | ||
| } | ||
|
|
||
| if let Some(graceful_shutdown_timeout) = matches.value_of("graceful-shutdown-timeout") { |
There was a problem hiding this comment.
Is this necessary? Do we need to overwrite the config with command line args?
Signed-off-by: hujiatao0 <hhjjtt110@gmail.com>
| fn graceful_shutdown(&mut self) { | ||
| let now = Instant::now(); | ||
| self.set_state(true); | ||
| self.wait_for_leader_eviction(now); |
There was a problem hiding this comment.
Should we wait for other possible ongoing tasks finishing like:
- The cdc observer related handling
- The backup restore task handling
- The read write requests from kv-client, like the follower read requests
Besides, do we need a configuration for the graceful shutdow maxium wait time? From the product persipective.
There was a problem hiding this comment.
Should we wait for other possible ongoing tasks finishing like:
- The cdc observer related handling
- The backup restore task handling
- The read write requests from kv-client, like the follower read requests
Besides, do we need a configuration for the graceful shutdow maxium wait time? From the product persipective.
Actually, each TiKV node has an online-configurable graceful shutdown timeout. If this timeout is triggered while the node still has leaders that haven't been transferred, it will fall back to the standard shutdown process. The wait_for_leader_eviction step is just an additional waiting period for the leader transfer to complete. After this process finishes, it proceeds to the existing shutdown logic to handle other pre-shutdown operations. I think the operations you mentioned are already covered by this existing shutdown logic? Or these operations didn't exist previously. We should consider adding them as part of a new requirement in the future.
There was a problem hiding this comment.
I think the operations you mentioned are already covered by this existing shutdown logic?
I am not quire sure, there are requests that may not require leadership like follower/stale read requests for example. Perhaps we could add a TODO about it since this needs to be merged quickly.
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: cfzjywxk, hbisheng, overvenus The full list of commands accepted by this bot can be found here. The pull request process is described here DetailsNeeds approval from an approver in each of these files:
Approvers can indicate their approval by writing |
close tikv#17221 When a SIGTERM signal is received, TiKV tells PD it's stopping by StoreHeartbeat. PD then try to move all the leaders from that TiKV instance before it fully shuts down. Signed-off-by: hujiatao0 <hhjjtt110@gmail.com>
close #17221 When a SIGTERM signal is received, TiKV tells PD it's stopping by StoreHeartbeat. PD then try to move all the leaders from that TiKV instance before it fully shuts down. Signed-off-by: hujiatao0 <hhjjtt110@gmail.com>
close tikv#17221 When a SIGTERM signal is received, TiKV tells PD it's stopping by StoreHeartbeat. PD then try to move all the leaders from that TiKV instance before it fully shuts down. Signed-off-by: hujiatao0 <hhjjtt110@gmail.com> Signed-off-by: 3AceShowHand <jinl1037@hotmail.com>
close tikv#17221 Signed-off-by: ti-chi-bot <ti-community-prow-bot@tidb.io>
|
In response to a cherrypick label: new pull request created to branch |
close #17221 When a SIGTERM signal is received, TiKV tells PD it's stopping by StoreHeartbeat. PD then try to move all the leaders from that TiKV instance before it fully shuts down. Signed-off-by: hujiatao0 <hhjjtt110@gmail.com> Co-authored-by: hujiatao0 <hhjjtt110@gmail.com>
What is changed and how it works?
Issue Number: Close #17221
What's Changed:
Related changes
pingcap/docs/pingcap/docs-cn:Check List
Tests
Side effects
Release note