Uploaded image for project: 'Apache Ozone'
  1. Apache Ozone
  2. HDDS-7759 Improve Ozone Replication Manager
  3. HDDS-6447

Refine SCM handling of unhealthy container replicas

    XMLWordPrintableJSON

Details

    • Sub-task
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • None
    • 1.4.0
    • SCM

    Description

      Currently, containers are marked UNHEALTHY by Container Scrubber for one of the following reasons:

      1. If an operation fails on an open/ closing container, it is marked unhealthy so that subsequent write transactions also fail.
      2. If Container Scrubber is enabled and ContainerMetadataScanner detects an error during KeyValueContainerCheck#fastCheck().
        • Metadata path or Chunks path is not accessible as a directory
        • Container checksum verification fails
        • On-disk Container Yaml data does not match in-memory container data (ContainerType, ContainerID, Container DBType, Metadata Path)
      3. If Container Scrubber is enabled and ContainerDataScanner (runs only on closed and quasi-closed containers) detects any block with missing or corrupted chunks file.

      If a container in “open” state in SCM is marked unhealthy (in the container report), SCM asks the DNs to close the container. But for a “closing” container with an “unhealthy” replica, SCM leaves the container replica as is.

      Some of the issues with how unhealthy containers are handled:

      1. If ReplicationManager does not find a healthy replica for a container, it does not replicate that container. So if there is only 1 replica of a container and it is unhealthy, SCM will never replicate it and there is potential for data loss if that single replica is lost for any reason (for example: disk failure).
      2. If there is a Quasi-Closed replica and an Unhealthy container, SCM will delete the unhealthy container. In this scenario, SCM should not delete the unhealthy container if it can recovered as it is possible that the unhealthy container is ahead of the quasi-closed container.
      3. SCM should be more conservative with deleting unhealthy containers as they could possibly be recovered. This Jira proposes to let SCM replicate an unhealthy container if there is no other replica. Also, if there is only a quasi-closed replica and an unhealthy replica, SCM should not delete the unhealthy replica.
      4. Let’s say there are 3 quasi-closed replicas of a closed container with all of them having bcsId < container bcsId (closed replica is lost and a quasi-closed replica is replicated). RelicationManager will delete one of these quesi-closed replicas (handleUnstableContainer) and then in the next cycle replicate it again as container would now be under-replicated (handleUnderreplicatedContainer). This will become a loop of replicating and deleting the container replica.

      Attachments

        Issue Links

          causes

          Bug - A problem which impairs or prevents the functions of the product. HDDS-9254 Legacy replication manager uses mismatched replicas as replication sources

          • Major - Major loss of function.
          • Resolved
          is required by

          Sub-task - The sub-task of the issue HDDS-7093 Container Scanner should be enabled by default

          • Major - Major loss of function.
          • Resolved

          Sub-task - The sub-task of the issue HDDS-7094 Enable Datanode side CRC checks by default

          • Major - Major loss of function.
          • Resolved
          links to

          Web Link GitHub Pull Request #3258

          Web Link GitHub Pull Request #3920

          Activity

            People

              erose Ethan Rose
              hanishakoneru Hanisha Koneru
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: