44012ad580
Resolves: bz#1378371 bz#1384983 bz#1472445 bz#1493085 bz#1508999 Resolves: bz#1516638 bz#1518260 bz#1529072 bz#1530519 bz#1537357 Resolves: bz#1540908 bz#1541122 bz#1541932 bz#1543068 bz#1544382 Resolves: bz#1544852 bz#1545570 bz#1546075 bz#1546945 bz#1546960 Resolves: bz#1547012 bz#1549497 Signed-off-by: Milind Changire <mchangir@redhat.com>
324 lines
14 KiB
Diff
324 lines
14 KiB
Diff
From 6229320bc25ff24bb76f990c8e5411b6f1aa476c Mon Sep 17 00:00:00 2001
|
|
From: Ravishankar N <ravishankar@redhat.com>
|
|
Date: Sun, 28 Jan 2018 13:50:47 +0530
|
|
Subject: [PATCH 155/180] afr: don't treat all cases all bricks being blamed as
|
|
split-brain
|
|
|
|
Backport of https://review.gluster.org/#/c/19349/
|
|
|
|
Problem:
|
|
We currently don't have a roll-back/undoing of post-ops if quorum is not
|
|
met. Though the FOP is still unwound with failure, the xattrs remain on
|
|
the disk. Due to these partial post-ops and partial heals (healing only when
|
|
2 bricks are up), we can end up in split-brain purely from the afr
|
|
xattrs point of view i.e each brick is blamed by atleast one of the
|
|
others. These scenarios are hit when there is frequent
|
|
connect/disconnect of the client/shd to the bricks while I/O or heal
|
|
are in progress.
|
|
|
|
Fix:
|
|
Instead of undoing the post-op, pick a source based on the xattr values.
|
|
If 2 bricks blame one, the blamed one must be treated as sink.
|
|
If there is no majority, all are sources. Once we pick a source,
|
|
self-heal will then do the heal instead of erroring out due to
|
|
split-brain.
|
|
|
|
Change-Id: I3d0224b883eb0945785ade0e9697a1c828aec0ae
|
|
BUG: 1384983
|
|
Signed-off-by: Ravishankar N <ravishankar@redhat.com>
|
|
Reviewed-on: https://code.engineering.redhat.com/gerrit/129245
|
|
Tested-by: RHGS Build Bot <nigelb@redhat.com>
|
|
---
|
|
tests/basic/afr/arbiter-add-brick.t | 16 ++++
|
|
.../replicate/bug-1539358-split-brain-detection.t | 89 ++++++++++++++++++++++
|
|
tests/bugs/replicate/bug-802417.t | 12 +++
|
|
xlators/cluster/afr/src/afr-self-heal-common.c | 51 +++++++++++--
|
|
xlators/cluster/afr/src/afr-self-heal-data.c | 6 +-
|
|
5 files changed, 165 insertions(+), 9 deletions(-)
|
|
create mode 100755 tests/bugs/replicate/bug-1539358-split-brain-detection.t
|
|
|
|
diff --git a/tests/basic/afr/arbiter-add-brick.t b/tests/basic/afr/arbiter-add-brick.t
|
|
index fe919de..77b93d9 100644
|
|
--- a/tests/basic/afr/arbiter-add-brick.t
|
|
+++ b/tests/basic/afr/arbiter-add-brick.t
|
|
@@ -12,6 +12,8 @@ TEST $CLI volume set $V0 performance.stat-prefetch off
|
|
TEST $CLI volume start $V0
|
|
TEST $CLI volume set $V0 self-heal-daemon off
|
|
TEST $GFS --volfile-id=$V0 --volfile-server=$H0 $M0;
|
|
+EXPECT_WITHIN $PROCESS_UP_TIMEOUT "1" afr_child_up_status $V0 0
|
|
+EXPECT_WITHIN $PROCESS_UP_TIMEOUT "1" afr_child_up_status $V0 1
|
|
TEST mkdir $M0/dir1
|
|
TEST dd if=/dev/urandom of=$M0/file1 bs=1024 count=1
|
|
|
|
@@ -24,6 +26,7 @@ TEST dd if=/dev/urandom of=$M0/file1 bs=1024 count=1024
|
|
#convert replica 2 to arbiter volume
|
|
TEST $CLI volume start $V0 force
|
|
EXPECT_WITHIN $PROCESS_UP_TIMEOUT "1" brick_up_status $V0 $H0 $B0/${V0}1
|
|
+EXPECT_WITHIN $PROCESS_UP_TIMEOUT "1" afr_child_up_status $V0 1
|
|
|
|
#syntax check for add-brick.
|
|
TEST ! $CLI volume add-brick $V0 replica 2 arbiter 1 $H0:$B0/${V0}2
|
|
@@ -31,6 +34,19 @@ TEST ! $CLI volume add-brick $V0 replica 3 arbiter 2 $H0:$B0/${V0}2
|
|
|
|
TEST $CLI volume add-brick $V0 replica 3 arbiter 1 $H0:$B0/${V0}2
|
|
EXPECT_WITHIN $PROCESS_UP_TIMEOUT "1" brick_up_status $V0 $H0 $B0/${V0}2
|
|
+EXPECT_WITHIN $PROCESS_UP_TIMEOUT "1" afr_child_up_status $V0 2
|
|
+
|
|
+#Trigger name heals from client. If we just rely on index heal, the first index
|
|
+#crawl on B0 fails for /, dir2 and /file either due to lock collision or files
|
|
+#not being present on the other 2 bricks yet. It is getting healed only in the
|
|
+#next crawl after priv->shd.timeout (600 seconds) or by manually launching
|
|
+#index heal again.
|
|
+TEST $CLI volume set $V0 data-self-heal off
|
|
+TEST $CLI volume set $V0 metadata-self-heal off
|
|
+TEST $CLI volume set $V0 entry-self-heal off
|
|
+TEST stat $M0/dir1
|
|
+TEST stat $M0/dir2
|
|
+TEST stat $M0/file1
|
|
|
|
#Heal files
|
|
TEST $CLI volume set $V0 self-heal-daemon on
|
|
diff --git a/tests/bugs/replicate/bug-1539358-split-brain-detection.t b/tests/bugs/replicate/bug-1539358-split-brain-detection.t
|
|
new file mode 100755
|
|
index 0000000..7b71a7a
|
|
--- /dev/null
|
|
+++ b/tests/bugs/replicate/bug-1539358-split-brain-detection.t
|
|
@@ -0,0 +1,89 @@
|
|
+#!/bin/bash
|
|
+
|
|
+. $(dirname $0)/../../include.rc
|
|
+. $(dirname $0)/../../volume.rc
|
|
+. $(dirname $0)/../../afr.rc
|
|
+
|
|
+cleanup;
|
|
+
|
|
+## Start and create a volume
|
|
+TEST glusterd;
|
|
+TEST pidof glusterd;
|
|
+TEST $CLI volume info;
|
|
+
|
|
+TEST $CLI volume create $V0 replica 3 $H0:$B0/${V0}{0,1,2};
|
|
+TEST $CLI volume start $V0;
|
|
+EXPECT 'Started' volinfo_field $V0 'Status';
|
|
+TEST $CLI volume set $V0 self-heal-daemon off
|
|
+TEST glusterfs --volfile-id=/$V0 --volfile-server=$H0 $M0 --attribute-timeout=0 --entry-timeout=0
|
|
+
|
|
+###############################################################################yy
|
|
+# Case of 2 bricks blaming the third and the third blaming the other two.
|
|
+
|
|
+TEST `echo "hello" >> $M0/file`
|
|
+
|
|
+# B0 and B2 must blame B1
|
|
+TEST kill_brick $V0 $H0 $B0/$V0"1"
|
|
+TEST `echo "append" >> $M0/file`
|
|
+EXPECT "00000001" afr_get_specific_changelog_xattr $B0/${V0}0/file trusted.afr.$V0-client-1 data
|
|
+EXPECT "00000001" afr_get_specific_changelog_xattr $B0/${V0}2/file trusted.afr.$V0-client-1 data
|
|
+CLIENT_MD5=$(md5sum $M0/file | cut -d\ -f1)
|
|
+
|
|
+# B1 must blame B0 and B2
|
|
+setfattr -n trusted.afr.$V0-client-0 -v 0x000000010000000000000000 $B0/$V0"1"/file
|
|
+setfattr -n trusted.afr.$V0-client-2 -v 0x000000010000000000000000 $B0/$V0"1"/file
|
|
+
|
|
+# Launch heal
|
|
+TEST $CLI volume start $V0 force
|
|
+EXPECT_WITHIN $PROCESS_UP_TIMEOUT "1" brick_up_status $V0 $H0 $B0/${V0}1
|
|
+TEST $CLI volume set $V0 self-heal-daemon on
|
|
+EXPECT_WITHIN $PROCESS_UP_TIMEOUT "Y" glustershd_up_status
|
|
+EXPECT_WITHIN $CHILD_UP_TIMEOUT "1" afr_child_up_status_in_shd $V0 0
|
|
+EXPECT_WITHIN $CHILD_UP_TIMEOUT "1" afr_child_up_status_in_shd $V0 1
|
|
+EXPECT_WITHIN $CHILD_UP_TIMEOUT "1" afr_child_up_status_in_shd $V0 2
|
|
+TEST $CLI volume heal $V0
|
|
+EXPECT_WITHIN $HEAL_TIMEOUT "^0$" get_pending_heal_count $V0
|
|
+B0_MD5=$(md5sum $B0/${V0}0/file | cut -d\ -f1)
|
|
+B1_MD5=$(md5sum $B0/${V0}1/file | cut -d\ -f1)
|
|
+B2_MD5=$(md5sum $B0/${V0}2/file | cut -d\ -f1)
|
|
+TEST [ "$CLIENT_MD5" == "$B0_MD5" ]
|
|
+TEST [ "$CLIENT_MD5" == "$B1_MD5" ]
|
|
+TEST [ "$CLIENT_MD5" == "$B2_MD5" ]
|
|
+
|
|
+TEST rm $M0/file
|
|
+
|
|
+###############################################################################yy
|
|
+# Case of each brick blaming the next one in a cyclic manner
|
|
+
|
|
+TEST `echo "hello" >> $M0/file`
|
|
+# Mark cyclic xattrs and modify file content directly on the bricks.
|
|
+TEST $CLI volume set $V0 self-heal-daemon off
|
|
+setfattr -n trusted.afr.$V0-client-1 -v 0x000000010000000000000000 $B0/$V0"0"/file
|
|
+setfattr -n trusted.afr.dirty -v 0x000000010000000000000000 $B0/$V0"0"/file
|
|
+setfattr -n trusted.afr.$V0-client-2 -v 0x000000010000000000000000 $B0/$V0"1"/file
|
|
+setfattr -n trusted.afr.dirty -v 0x000000010000000000000000 $B0/$V0"1"/file
|
|
+setfattr -n trusted.afr.$V0-client-0 -v 0x000000010000000000000000 $B0/$V0"2"/file
|
|
+setfattr -n trusted.afr.dirty -v 0x000000010000000000000000 $B0/$V0"2"/file
|
|
+
|
|
+TEST `echo "ab" >> $B0/$V0"0"/file`
|
|
+TEST `echo "cdef" >> $B0/$V0"1"/file`
|
|
+TEST `echo "ghi" >> $B0/$V0"2"/file`
|
|
+
|
|
+# Add entry to xattrop dir to trigger index heal.
|
|
+xattrop_dir0=$(afr_get_index_path $B0/$V0"0")
|
|
+base_entry_b0=`ls $xattrop_dir0`
|
|
+gfid_str=$(gf_gfid_xattr_to_str $(gf_get_gfid_xattr $B0/$V0"0"/file))
|
|
+ln $xattrop_dir0/$base_entry_b0 $xattrop_dir0/$gfid_str
|
|
+EXPECT_WITHIN $HEAL_TIMEOUT "^1$" get_pending_heal_count $V0
|
|
+
|
|
+# Launch heal
|
|
+TEST $CLI volume set $V0 self-heal-daemon on
|
|
+TEST $CLI volume heal $V0
|
|
+EXPECT_WITHIN $HEAL_TIMEOUT "^0$" get_pending_heal_count $V0
|
|
+B0_MD5=$(md5sum $B0/${V0}0/file | cut -d\ -f1)
|
|
+B1_MD5=$(md5sum $B0/${V0}1/file | cut -d\ -f1)
|
|
+B2_MD5=$(md5sum $B0/${V0}2/file | cut -d\ -f1)
|
|
+TEST [ "$B0_MD5" == "$B1_MD5" ]
|
|
+TEST [ "$B0_MD5" == "$B2_MD5" ]
|
|
+###############################################################################yy
|
|
+cleanup
|
|
diff --git a/tests/bugs/replicate/bug-802417.t b/tests/bugs/replicate/bug-802417.t
|
|
index c5ba98b..f213439 100755
|
|
--- a/tests/bugs/replicate/bug-802417.t
|
|
+++ b/tests/bugs/replicate/bug-802417.t
|
|
@@ -10,6 +10,18 @@ function write_file()
|
|
}
|
|
|
|
cleanup;
|
|
+
|
|
+#####################################################
|
|
+# We are currently not triggering data heal unless all bricks of the replica are
|
|
+# up. We will need to modify this .t once the fix for preventing stale reads
|
|
+# being served to clients for files in spurious split-brains is done. Spurious
|
|
+# split-brains here means afr xattrs indicates sbrain but it is actually not.
|
|
+# Self-heal will heal such files automatically but before the heal completes,
|
|
+# reads can be served which needs fixing.
|
|
+#G_TESTDEF_TEST_STATUS_NETBSD7=BAD_TEST,BUG=000000
|
|
+#G_TESTDEF_TEST_STATUS_CENTOS6=BAD_TEST,BUG=000000
|
|
+######################################################
|
|
+
|
|
TEST glusterd
|
|
TEST pidof glusterd
|
|
TEST $CLI volume info;
|
|
diff --git a/xlators/cluster/afr/src/afr-self-heal-common.c b/xlators/cluster/afr/src/afr-self-heal-common.c
|
|
index 26d3860..f61b237 100644
|
|
--- a/xlators/cluster/afr/src/afr-self-heal-common.c
|
|
+++ b/xlators/cluster/afr/src/afr-self-heal-common.c
|
|
@@ -1455,6 +1455,36 @@ afr_does_witness_exist (xlator_t *this, uint64_t *witness)
|
|
return _gf_false;
|
|
}
|
|
|
|
+unsigned int
|
|
+afr_get_quorum_count (afr_private_t *priv)
|
|
+{
|
|
+ if (priv->quorum_count == AFR_QUORUM_AUTO) {
|
|
+ return priv->child_count/2 + 1;
|
|
+ } else {
|
|
+ return priv->quorum_count;
|
|
+ }
|
|
+}
|
|
+
|
|
+void
|
|
+afr_selfheal_post_op_failure_accounting (afr_private_t *priv, char *accused,
|
|
+ unsigned char *sources,
|
|
+ unsigned char *locked_on)
|
|
+{
|
|
+ int i = 0;
|
|
+ unsigned int quorum_count = 0;
|
|
+
|
|
+ if (AFR_COUNT (sources, priv->child_count) != 0)
|
|
+ return;
|
|
+
|
|
+ quorum_count = afr_get_quorum_count (priv);
|
|
+ for (i = 0; i < priv->child_count; i++) {
|
|
+ if ((accused[i] < quorum_count) && locked_on[i]) {
|
|
+ sources[i] = 1;
|
|
+ }
|
|
+ }
|
|
+ return;
|
|
+}
|
|
+
|
|
/*
|
|
* This function determines if a self-heal is required for a given inode,
|
|
* and if needed, in what direction.
|
|
@@ -1490,6 +1520,7 @@ afr_selfheal_find_direction (call_frame_t *frame, xlator_t *this,
|
|
char *accused = NULL;/* Accused others without any self-accusal */
|
|
char *pending = NULL;/* Have pending operations on others */
|
|
char *self_accused = NULL; /* Accused itself */
|
|
+ int min_participants = -1;
|
|
|
|
priv = this->private;
|
|
|
|
@@ -1513,8 +1544,13 @@ afr_selfheal_find_direction (call_frame_t *frame, xlator_t *this,
|
|
}
|
|
}
|
|
|
|
+ if (type == AFR_DATA_TRANSACTION) {
|
|
+ min_participants = priv->child_count;
|
|
+ } else {
|
|
+ min_participants = AFR_SH_MIN_PARTICIPANTS;
|
|
+ }
|
|
if (afr_success_count (replies,
|
|
- priv->child_count) < AFR_SH_MIN_PARTICIPANTS) {
|
|
+ priv->child_count) < min_participants) {
|
|
/* Treat this just like locks not being acquired */
|
|
return -ENOTCONN;
|
|
}
|
|
@@ -1530,11 +1566,10 @@ afr_selfheal_find_direction (call_frame_t *frame, xlator_t *this,
|
|
for (i = 0; i < priv->child_count; i++) {
|
|
for (j = 0; j < priv->child_count; j++) {
|
|
if (matrix[i][j]) {
|
|
- if (!self_accused[i])
|
|
- accused[j] = 1;
|
|
-
|
|
- if (i != j)
|
|
- pending[i] = 1;
|
|
+ if (!self_accused[i])
|
|
+ accused[j] += 1;
|
|
+ if (i != j)
|
|
+ pending[i] += 1;
|
|
}
|
|
}
|
|
}
|
|
@@ -1575,6 +1610,10 @@ afr_selfheal_find_direction (call_frame_t *frame, xlator_t *this,
|
|
}
|
|
}
|
|
|
|
+ if (type == AFR_DATA_TRANSACTION)
|
|
+ afr_selfheal_post_op_failure_accounting (priv, accused,
|
|
+ sources, locked_on);
|
|
+
|
|
/* If no sources, all locked nodes are sinks - split brain */
|
|
if (AFR_COUNT (sources, priv->child_count) == 0) {
|
|
for (i = 0; i < priv->child_count; i++) {
|
|
diff --git a/xlators/cluster/afr/src/afr-self-heal-data.c b/xlators/cluster/afr/src/afr-self-heal-data.c
|
|
index 8cf43f2..bcd0dec 100644
|
|
--- a/xlators/cluster/afr/src/afr-self-heal-data.c
|
|
+++ b/xlators/cluster/afr/src/afr-self-heal-data.c
|
|
@@ -684,7 +684,7 @@ __afr_selfheal_data (call_frame_t *frame, xlator_t *this, fd_t *fd,
|
|
ret = afr_selfheal_inodelk (frame, this, fd->inode, this->name, 0, 0,
|
|
data_lock);
|
|
{
|
|
- if (ret < AFR_SH_MIN_PARTICIPANTS) {
|
|
+ if (ret < priv->child_count) {
|
|
gf_msg_debug (this->name, 0, "%s: Skipping "
|
|
"self-heal as only %d number "
|
|
"of subvolumes "
|
|
@@ -749,7 +749,7 @@ restore_time:
|
|
if (!is_arbiter_the_only_sink) {
|
|
ret = afr_selfheal_inodelk (frame, this, fd->inode, this->name,
|
|
0, 0, data_lock);
|
|
- if (ret < AFR_SH_MIN_PARTICIPANTS) {
|
|
+ if (ret < priv->child_count) {
|
|
ret = -ENOTCONN;
|
|
did_sh = _gf_false;
|
|
goto skip_undo_pending;
|
|
@@ -878,7 +878,7 @@ afr_selfheal_data (call_frame_t *frame, xlator_t *this, inode_t *inode)
|
|
priv->sh_domain, 0, 0,
|
|
locked_on);
|
|
{
|
|
- if (ret < AFR_SH_MIN_PARTICIPANTS) {
|
|
+ if (ret < priv->child_count) {
|
|
gf_msg_debug (this->name, 0, "%s: Skipping "
|
|
"self-heal as only %d number of "
|
|
"subvolumes could be locked",
|
|
--
|
|
1.8.3.1
|
|
|