parallelvirtualcluster
/
pvc
1
0
Fork 0
Code Issues 11 Pull Requests Projects Releases 111 Wiki Activity

Add better locking during node primary transitions #59

New Issue
Closed
opened 2019-12-13 00:31:49 -05:00 by JoshuaBoniface · 3 comments
JoshuaBoniface commented 2019-12-13 00:31:49 -05:00 (Migrated from git.bonifacelabs.ca)
Copy Link

With the increasing number of tasks assigned to the primary coordinator, implement better locking to ensure a smooth transition. This would qualify as a bug due to several failure cases.

Failure case

One observed failure case is if the Patroni database fails to switch. If this happens, both nodes plow ahead after a trivial delay, but as a result the database leader is now in an incorrect and undefined state (not corresponding to the active primary node), which can in turn cause the DNS Aggregator or Provisioner daemons to fail.

Ideal solution

The ideal solution would be to implement some sort of token passing via Zookeeper between the two nodes, letting each one know when the last one's switchover process has finished, and thus allowing error handling, recovery, and repetition in the switchover. For the above failure example, the current primary could pass a token saying that it is ready to switch the database primary; the candidate primary waits until this token exists, then passes a token back saying that it is taking control, and the current primary waits until this changes. Then, if the switchover fails, the candidate coordinator can pause, try again, and only pass the token back when successful. This could continue through all the various stages of primary node transition ensuring that the candidate primary succeeds at its startup task before the current primary continues on. The token in this case can be read/write locks against a particular Zookeeper key (e.g. /primary_node/token) which are exchanged as the steps progress.

With the increasing number of tasks assigned to the primary coordinator, implement better locking to ensure a smooth transition. This would qualify as a bug due to several failure cases. ## Failure case One observed failure case is if the Patroni database fails to switch. If this happens, both nodes plow ahead after a trivial delay, but as a result the database leader is now in an incorrect and undefined state (not corresponding to the active primary node), which can in turn cause the DNS Aggregator or Provisioner daemons to fail. ## Ideal solution The ideal solution would be to implement some sort of token passing via Zookeeper between the two nodes, letting each one know when the last one's switchover process has finished, and thus allowing error handling, recovery, and repetition in the switchover. For the above failure example, the current primary could pass a token saying that it is ready to switch the database primary; the candidate primary waits until this token exists, then passes a token back saying that it is taking control, and the current primary waits until this changes. Then, if the switchover fails, the candidate coordinator can pause, try again, and only pass the token back when successful. This could continue through all the various stages of primary node transition ensuring that the candidate primary succeeds at its startup task before the current primary continues on. The token in this case can be read/write locks against a particular Zookeeper key (e.g. `/primary_node/token`) which are exchanged as the steps progress.
JoshuaBoniface commented 2019-12-13 00:33:31 -05:00 (Migrated from git.bonifacelabs.ca)
Copy Link

changed the description

changed the description
JoshuaBoniface commented 2019-12-19 20:07:11 -05:00 (Migrated from git.bonifacelabs.ca)
Copy Link

Fixed by 8c252aeecc

Fixed by 8c252aeecc2cd325d4ef57f3dbe578c547ad5f5b
JoshuaBoniface commented 2019-12-19 20:07:11 -05:00 (Migrated from git.bonifacelabs.ca)
Copy Link

closed

closed
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
master
v0.9.105
v0.9.104
v0.9.103
v0.9.102
v0.9.101
v0.9.100
v0.9.99
v0.9.98
v0.9.97
v0.9.96
v0.9.95
v0.9.94
v0.9.93
v0.9.92
v0.9.91
v0.9.90
v0.9.89
v0.9.88
v0.9.87
v0.9.86
v0.9.85
v0.9.84
v0.9.83
v0.9.82
v0.9.81
v0.9.80
v0.9.79
v0.9.78
v0.9.77
v0.9.76
v0.9.75
v0.9.74
v0.9.73
v0.9.72
v0.9.71
v0.9.70
v0.9.69
v0.9.68
v0.9.67
v0.9.66
v0.9.65
v0.9.64
v0.9.63
v0.9.62
v0.9.61
v0.9.60
v0.9.59
v0.9.58
v0.9.57
0.9.56
v0.9.55
v0.9.54
v0.9.53
v0.9.52
v0.9.51
v0.9.50
v0.9.49
v0.9.48
v0.9.47
v0.9.46
v0.9.45
v0.9.44
v0.9.43
v0.9.42
v0.9.41
v0.9.40
v0.9.39
v0.9.38
v0.9.37
v0.9.36
v0.9.35
v0.9.34
v0.9.33
v0.9.32
v0.9.31
v0.9.30
v0.9.29
v0.9.28
v0.9.27
v0.9.26
v0.9.25
v0.9.24
v0.9.23
v0.9.22
v0.9.21
v0.9.20
v0.9.19
v0.9.18
v0.9.17
v0.9.16
v0.9.15
v0.9.14
v0.9.13
v0.9.12
v0.9.11
v0.9.10
v0.9.9
v0.9.8
v0.9.7
v0.9.6
v0.9.5
v0.9.4
v0.9.3
v0.9.2
v0.9.1
v0.9.0
list
v0.8-1
v0.8
v0.7
v0.6
v0.5
v0.3
Labels
Clear labels   
API

   
blocked

Issue blocked by another issue

  
bug

   
CLI

   
Client

Issues abut the client frontends

  
Daemon

Issues abut the node daemon

  
debt

Technical debt that should be investigated or cleaned up

  
documentation

   
feature

   
improvement
No Label
API
blocked
bug
CLI
Client
Daemon
debt
documentation
feature
improvement
Milestone
Clear milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
No Assignees
1 Participants
Notifications
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: parallelvirtualcluster/pvc#59
No description provided.
Delete Branch "%!s(<nil>)"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?