Uploaded image for project: 'HBase'
  1. HBase
  2. HBASE-18551

[AMv2] UnassignProcedure and crashed regionservers

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • None
    • 2.0.0
    • amv2
    • None
    • Reviewed
    • Hide
      Unassign will not proceed if it is unable to talk to the remote server. Now it will expire the server it is unable to communicate with and then wait until it is signaled by ServerCrashProcedure that the server's logs have been split. Only then will judge the unassign successful.

      We do this because a subsequent assign lacking the crashed server context might open a region w/o first splitting logs.
      Show
      Unassign will not proceed if it is unable to talk to the remote server. Now it will expire the server it is unable to communicate with and then wait until it is signaled by ServerCrashProcedure that the server's logs have been split. Only then will judge the unassign successful. We do this because a subsequent assign lacking the crashed server context might open a region w/o first splitting logs.

    Description

      This has been uagashe and my obsession over the last few days, what should an UnassignProcedure do when it dispatches a CLOSE but the CLOSE fails because of ConnectException or SocketTimeout.

      + We used to let UnassignProcedure continue presuming the Region would be closed since the server is dead. BUT, if the unassign was part of a MoveProcedure, the unassign would proceed and the Move would then run WITHOUT first splitting logs. Bad.
      + So, we made it so UnassignProcedure failed; let the upper layers take care of the failure. See HBASE-18491 that enabled this behavior. BUT, we are since figuring that even if the UP completes as a failure, since it gives up the Region lock on completion, another procedure – say an AssignProcedure – could cut in before the ServerCrashProcedure had finished and again there could be dataloss.
      + Now we are thinking the UP should hold on to the Region lock until we are signalled by a ServerCrashProcedure; only then let go of the region. The UP has context that is hard to pass another. Waiting on a SCP has the UP living on for what could be a good amount of time. It might be ok if we can suspend the procedure.

      There is a good sample scenario that came up doing the no-regions-on-master issue, HBASE-18511. When meta is not on master, TestSplitTransactionOnCluster is failing. It fails because though the test completes, the tests commonly kill a RegionServer. The teardown for the test runs before we've noticed the aborted RS. So, the disable of the table in the teardown prepartory to our deleting the test table as part of clean up, goes to unassign regions but the unassign fails against the aborted server.

      Good stuff.

      Attachments

        1. HBASE-18551.master.001.patch
          27 kB
          Michael Stack
        2. HBASE-18551.master.002.patch
          27 kB
          Michael Stack
        3. HBASE-18551.master.003.patch
          30 kB
          Michael Stack

        Issue Links

          is related to

          Task - A task that needs to be done. HBASE-18511 Default no regions on master

          • Blocker - Blocks development and/or testing work, production could not run
          • Resolved
          relates to

          Bug - A problem which impairs or prevents the functions of the product. HBASE-18562 [AMv2] expireServers and ServerCrashProcedure cleanup

          • Critical - Crashes, loss of data, severe memory leak.
          • Resolved
          links to

          Web Link Review Board (master)

          Activity

            People

              stack Michael Stack
              stack Michael Stack
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: