When rolling upgrade fails, the cluster can either be downgraded or rolled back. With the current functionality in this feature branch, it is possible to downgrade namenode, while datanode is incorrectly rolled back. This does not affect the cluster state. The old blocks that appear back on the datanode due to rollback will be deleted. Similarly it is also possible to rollback namenode, while datanode is not rolled back. This can cause problem where old blocks do not appear back on the datanode and can result in missing blocks.
I propose making the following changes:
During rollback or downgrade, the entire cluster must be restarted. The datanodes always restore the deleted blocks on restart and go back to trash disabled mode. There is no need for datanodes to be started up -rollingUpgrade -rollback, anymore.
- On namenode downgrade, the restored blocks are deleted.
- On namenode rollback, the restored blocks will be retained and any newly created blocks (since the start of rolling upgrade) are deleted.
This is much simpler operationally and solves the problem described above.