RATIS-2146 Fixed possible issues caused by concurrent deletion and election when member changes #1140
Conversation
Signed-off-by: OneSizeFitQuorum <[email protected]>
|
@szetszwo PTAL! |
There was a problem hiding this comment.
@OneSizeFitsQuorum , thanks a lot for working on this!
In the close() method, some items are async (e.g. role.shutdownFollowerState()). The current code may not help.
For role.shutdownFollowerState(), we may need the following fix.
@@ -504,7 +513,10 @@ class RaftServerImpl implements RaftServer.Division,
LOG.warn("{}: Failed to un-register RaftServer JMX bean", getMemberId(), e);
}
try {
- role.shutdownFollowerState();
+ final FollowerState follower = role.shutdownFollowerState();
+ if (follower != null) {
+ follower.join();
+ }
} catch (Exception e) {
LOG.warn("{}: Failed to shutdown FollowerState", getMemberId(), e);There may be other items need similar changes.
| @@ -463,6 +465,13 @@ void groupRemove(boolean deleteDirectory, boolean renameDirectory) { | |||
| /* Shutdown is triggered here inorder to avoid any locked files. */ | |||
| state.getStateMachineUpdater().setRemoving(); | |||
| close(); | |||
| try { | |||
| closeFinishedLatch.await(); | |||
There was a problem hiding this comment.
The CountDownLatch may not help. When close() returns, it must past the line closeFinishedLatch.countDown();. The new code seems the same as the existing code.
There was a problem hiding this comment.
In fact, there is a difference because lifeCycle.checkStateAndClose is a CAS (Compare-And-Swap) operation, meaning only the thread that successfully performs the CAS can execute this function.
In our reproduced case, the election thread successfully performed the CAS to set the state to closing and was executing the shutdown code inside. Then, when the thread responsible for deleting the raftgroup called this function and found that the state was closing, it essentially did nothing and returned to delete the file directory, which subsequently caused an error in StateMachineUpdater.
I checked the contents of this lambda expression, and except for FollowerState and LeaderElection which are asynchronous, the rest should be synchronous, including the StateMachineUpdater that we discovered this time. Therefore, after adding this countDownLatch, at least the error we found will not occur again.
As for whether it's necessary to also synchronize the waiting for FollowerState and LeaderElection, I think it could be either way. Even if they clean up asynchronously, they will ultimately just transition to Leader, and the underlying shutdownLeaderState and state.close can prevent any impact from occurring.
Additionally, I found that we can't directly add a synchronized signature to the close function, because this lambda function will still only be executed by the thread that successfully performs the CAS.
Overall, I feel that the current changes should not introduce any side effects. What do you think? @szetszwo
There was a problem hiding this comment.
@OneSizeFitsQuorum , thanks for the detailed explanation! I understand the change now.
| @@ -463,6 +465,13 @@ void groupRemove(boolean deleteDirectory, boolean renameDirectory) { | |||
| /* Shutdown is triggered here inorder to avoid any locked files. */ | |||
| state.getStateMachineUpdater().setRemoving(); | |||
| close(); | |||
| try { | |||
| closeFinishedLatch.await(); | |||
There was a problem hiding this comment.
@OneSizeFitsQuorum , thanks for the detailed explanation! I understand the change now.
…lection when member changes (#1140)
see jira