[#HADOOP-1076] Periodic checkpointing cannot resume if the secondary name-node fails.

Hadoop Common

Periodic checkpointing cannot resume if the secondary name-node fails.

Created: 07/Mar/07 04:07 AM Updated: 08/Jul/09 04:42 PM

Return to search

Component/s:

None

Affects Version/s:

None

Fix Version/s:

0.15.0

Time Tracking:

Not Specified

File Attachments:

	File Name	Date Attached	Attached By	Size
	secondaryRestart4.patch	2007-09-20 11:18 PM	dhruba borthakur	14 kB

Resolution Date:

24/Sep/07 08:57 PM

Description

« Hide

If secondary name-node fails during checkpointing then the primary node will have 2 edits file.
"edits" - is the one which current checkpoint is to be based upon.
"edits.new" - is where new name space edits are currently logged.
The problem is that the primary node cannot do checkpointing until "edits.new" file is in place.
That is, even if the secondary name-node is restarted periodic checkpointing is not going to be resumed.
In fact the primary node will be throwing an exception complaining about the existing "edits.new"
There is only one way to get rid of the edits.new file - to restart the primary name-node.
So in a way if secondary name-node fails then you should restart the whole cluster.

Here is a rather simple modification to the current approach, which we discussed with Dhruba.
When secondary node requests to rollEditLog() the primary node should roll the edit log only if
it has not been already rolled. Otherwise the existing "edits" file will be used for checkpointing
and the primary node will keep accumulating new edits in the "edits.new".
In order to make it work the primary node should also ignore any rollFSImage() requests when it
already started to perform one. Otherwise the new image can become corrupted if two secondary
nodes request to rollFSImage() at the same time.

2. Also, after the periodic checkpointing patch ~~HADOOP-227~~ I see pieces of unusable code.
I noticed one data member SecondaryNameNode.localName and at least 4 methods in FSEditLog
that are not used anywhere. We should remove them and others alike if found.
Supporting unusable code is such a waist of time.

All

Comments

Work Log

Change History

Subversion Commits

Sort Order:

[ Permlink | « Hide ]

dhruba borthakur added a comment - 28/Aug/07 08:59 AM

This patch allows the secondary namenode to restart without restarting the primary namenode.

If rollEditLog finds that the edits log already exists, then it simply returns success. rollFsImage fails if it was not preceeded by a call to rollEditLog. This lock-step ensures that a stale instance of a secondary namenode cannot fool the primary namenode into uploading a stale fsimage file.

[ Permlink | « Hide ]

Konstantin Shvachko added a comment - 05/Sep/07 02:42 AM

I managed to corrupt current name-node image using your patch.
Actually the image was set to an empty file, so that the name-node would not even restart after the checkpoint.
I started 2 secondary nodes. The first of them was in the middle of getFSImage(), when the second called rollFSImage()
and received the following exception:

java.lang.IllegalStateException: Committed
at org.mortbay.jetty.servlet.ServletHttpResponse.resetBuffer(ServletHttpResponse.java:212)
at org.mortbay.jetty.servlet.ServletHttpResponse.sendError(ServletHttpResponse.java:375)
at org.apache.hadoop.dfs.SecondaryNameNode$GetImageServlet.doGet(SecondaryNameNode.java:455)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:689)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:802)
at org.mortbay.jetty.servlet.ServletHolder.handle(ServletHolder.java:427)
at org.mortbay.jetty.servlet.WebApplicationHandler.dispatch(WebApplicationHandler.java:475)
at org.mortbay.jetty.servlet.ServletHandler.handle(ServletHandler.java:567)
at org.mortbay.http.HttpContext.handle(HttpContext.java:1565)
at org.mortbay.jetty.servlet.WebApplicationContext.handle(WebApplicationContext.java:635)
at org.mortbay.http.HttpContext.handle(HttpContext.java:1517)
at org.mortbay.http.HttpServer.service(HttpServer.java:954)
at org.mortbay.http.HttpConnection.service(HttpConnection.java:814)
at org.mortbay.http.HttpConnection.handleNext(HttpConnection.java:981)
at org.mortbay.http.HttpConnection.handle(HttpConnection.java:831)
at org.mortbay.http.SocketListener.handleConnection(SocketListener.java:244)
at org.mortbay.util.ThreadedServer.handle(ThreadedServer.java:357)
at org.mortbay.util.ThreadPool$PoolThread.run(ThreadPool.java:534)

This is likely to be related to the patch, since the second secondary node would just get an exception trying to rollEditsLog().
My guess is that your patch prohibits to rollFSImage() if the edits log was not rolled, instead of
prohibiting 2 simultaneous rollFSImage().

[ Permlink | « Hide ]

dhruba borthakur added a comment - 10/Sep/07 11:31 PM

The periodic checkpoint protocol is changed to handle the case if two Secondary's are racing with one another to upload a new checkpoint.

The NameNode periodic checkpoint has four states. A rollEdit moves the state to ROLLED_EDIT. A upload new image is allowed only if the state is ROLLED_EDIT. It sets the state to UPLOAD_START. When the upload of the upload of the new image is finished, the state is set to UPLOAD_DONE. The rollFsImage is allowed only if the state is UPLOAD_DONE.

[ Permlink | « Hide ]

dhruba borthakur added a comment - 18/Sep/07 10:48 PM

merged patch with latest trunk.

[ Permlink | « Hide ]

Konstantin Shvachko added a comment - 20/Sep/07 12:43 AM

Need to increment ClientProtocol.versionID

* 19 : rollEditLog() returns a token to uniquely identify the editfile.
   */
  public static final long versionID = 18L;

Constants should be all capital: FSNamesystem.DATE_FORM instead of

private static final SimpleDateFormat dateform =
    new SimpleDateFormat("yyyy-MM-dd HH:mm:ss");

FSEditLog.loadFSEdits(File edits) : 396 – local variable is never read.
```
DatanodeDescriptor node = fsNamesys.getDatanode(nodeID);
```

GetImageServlet: redundant imports

import org.apache.hadoop.conf.*;
import org.apache.hadoop.mapred.StatusHttpServer;

[ Permlink | « Hide ]

dhruba borthakur added a comment - 20/Sep/07 11:18 PM

Incorporated all of Konstantin's comments.

[ Permlink | « Hide ]

Konstantin Shvachko added a comment - 22/Sep/07 12:33 AM

[ Permlink | « Hide ]

Hadoop QA added a comment - 24/Sep/07 08:29 PM

+1 overall. Here are the results of testing the latest attachment
http://issues.apache.org/jira/secure/attachment/12366319/secondaryRestart4.patch
against trunk revision r578879.

@author +1. The patch does not contain any @author tags.

javadoc +1. The javadoc tool did not generate any warning messages.

javac +1. The applied patch does not generate any new compiler warnings.

findbugs +1. The patch does not introduce any new Findbugs warnings.

core tests +1. The patch passed core unit tests.

contrib tests +1. The patch passed contrib unit tests.

Test results: http://lucene.zones.apache.org:8080/hudson/job/Hadoop-Patch/815/testReport/
Findbugs warnings: http://lucene.zones.apache.org:8080/hudson/job/Hadoop-Patch/815/artifact/trunk/build/test/findbugs/newPatchFindbugsWarnings.html
Checkstyle results: http://lucene.zones.apache.org:8080/hudson/job/Hadoop-Patch/815/artifact/trunk/build/test/checkstyle-errors.html
Console output: http://lucene.zones.apache.org:8080/hudson/job/Hadoop-Patch/815/console

This message is automatically generated.

[ Permlink | « Hide ]

dhruba borthakur added a comment - 24/Sep/07 08:57 PM

I just committed this.

[ Permlink | « Hide ]

Hudson added a comment - 25/Sep/07 07:36 PM

Integrated in Hadoop-Nightly #250 (See http://lucene.zones.apache.org:8080/hudson/job/Hadoop-Nightly/250/)