-
Notifications
You must be signed in to change notification settings - Fork 9.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[bitnami/redis] After failover, there will be two masters (with simple reproducible experiments included!) #5418
Comments
Hi @fzyzcjy, When using Redis Sentinel it is recommended to use at least 3 replicas to prevent split-brain (The behavior described above). If you'd like to find more information about this, please check Redis Sentinel documentation: https://redis.io/topics/sentinel I think the main problem here is the 2-node Redis sentinel cluster being the default because of using the Thank you for reporting this, if you have any further questions let me know. |
Hi @migruiz4, we are seeing a similar problem with version image:
registry: docker.io
repository: bitnami/redis
tag: 6.0.9-debian-10-r66
pullPolicy: IfNotPresent
fullnameOverride: redis
cluster:
enabled: true
slaveCount: 3
sentinel:
enabled: true
usePassword: false
masterSet: mymaster
initialCheckTimeout: 5
quorum: 2
downAfterMilliseconds: 5000
failoverTimeout: 18000
parallelSyncs: 1
usePassword: false
tls:
enabled: false
configmap: |-
# Disable AOF https://redis.io/topics/persistence#append-only-file
appendonly no
podDisruptionBudget:
enabled: true
minAvailable: 0
maxUnavailable: 1 We have the following Pods running (master is
Now we run When
After some minutes |
Hi @ricoberger , I'd say that is expected behavior when the master node fails as Redis Sentinel needs at least 3 nodes to decide who is the master. When the master node fails, both 0 and 1 decide they are the master (split-brain) and they won't agree on which of them is the master until a third node comes up and chooses. This is because Redis Sentinel uses a Quorum-based master election protocol. As described in Redis Sentinel documentation:
In this type of scenario, the quorum must always be (number of nodes/2 + 1) as you don't want your cluster to split into smaller independent clusters. Examples:
If you are looking for a Redis Sentinel cluster that is able to recover quickly from a master failure, I'd say you will need a 4 nodes cluster with quorum=3, or bigger but always using quorum=(number of nodes/2 + 1). Otherwise, you will have to wait for the third node to recover for the cluster to be active, which is the behavior you described. |
Hi @migruiz4, thanks for your fast answer. I don't think that the setup of 3 Redis Instances and 3 Sentinels should be a problem, we are running the same setup for years on VMs. I also adjusted the Values file to run a 4 nodes cluster with a quorum of 3, with the same result:
In the time where |
I do use 3 sentinels. Just forgot to mentioned it. (I used a slightly modified version of this chart; but the idea is the same) Thanks for the replies and experiments! IMHO, the biggest problem comes from the dynamic IP when a redis pod is restarted. The traditional redis (and redis sentinel) never thought of this case. If a redis instance is killed and restarted, its IP changed. Then it looks like as if a new redis instance (instead of a old one being down and up again) when looking at its IP. |
There may exist another problem: The persistent volume. Notice that bitnami uses emptyDir to store config for both redis node and redis sentinel. However, sentinel documentation says:
Thus, IMHO we should use a As for whether |
Hi @ricoberger and @fzyzcjy, I have been trying to reproduce this issue using the latest version of the Redis chart but I was unable to. The pod changing its IP when deleted and the emptyDir causing problems when moving to a different K8S host are good candidates to be the root cause of the problem, thank you for the suggestions. I have created an internal task to further investigate this issue and the necessary changes required to fix this, meanwhile I will tag this as I will keep you updated. |
@fzyzcjy @migruiz4 I tested switching from emptyDir to persistentVolume and that seems to have solved all of the issues we were having related to sentinel failover. We were using preemtible nodes in gke and when the master node was preempted that node would come back up and try to establish itself as the master. That node would go into |
I have noticed that old IPs are not removed from
And here are problems with these IPs:
Looks like sentinel configuration is not configured properly when I (or my cluster (like autoscaler)) delete pods. It is even funnier! 🙈 I spawned a new redis release (standalone, only one pod, in another namespace) and k8s gave him I think that we need something which is able to remove old IPs from |
I have adjusted the script to use the headless service entries instead of the pod ips, it seems to have solved our issues |
Hmm, what I found: Before deleting
After deleting:
The new pod has The old pod ( |
Hi, Thank you very much @tomislater for sharing your findings and submitting the PR. Indeed the Redis sentinel DNS feature looks like a promising fix for the issue. I will test it myself and get back to you as soon as possible. |
Unfortunately, this issue was created a long time ago and although there is an internal task to fix it, it was not prioritized as something to address in the short/mid term. It's not a technical reason but something related to the capacity since we're a small team. Being said that, contributions via PRs are more than welcome in both repositories (containers and charts). Just in case you would like to contribute. During this time, there are several releases of this asset and it's possible the issue has gone as part of other changes. If that's not the case and you are still experiencing this issue, please feel free to reopen it and we will re-evaluate it. |
已收到您的邮件,谢谢!
|
Which chart:
redis
Describe the bug
Hi thanks for the lib! I do find a bug: After failover, there will be two masters.
Steps:
INFO replication
and see the roles. OrSET k v
on both instances, and observe that they do not replicate. Or look atSENTINEL REPLICAS mymaster
, and see sentinels do not even know the existence of pod A2.)Guess of why this happens:
When pod A2 is created, it is configured as a master by the bitnami startup scripts / pod spec. Moreover, it has a brand new ip. Thus, it is as if this pod A2 is a separate unrelated brand-new redis instance which has completely no relationship with the original pod A/B/sentinels. Thus, it is not recognized, and of course it is not a slave of pod B.
Thanks
The text was updated successfully, but these errors were encountered: