release-23.1: logstore: sync sideloaded storage directories #117295
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This commit removes the dirCreated field of DiskSideloadStorage, because it is only used in tests, and is reduntant (directory existence check already does the job). Epic: none Release note: none
Epic: none Release note: none
A couple of things to address in the future: sideloaded files removal should happen strictly after a state machine sync; sideloaded files and directories should be cleaned up on startup because their removal is not always durable. Epic: none Release note: none
This commit adds `TestSideloadStorageSync` which demonstrates that the sideloaded log storage can lose files and directories upon system crash. This is due to the fact that the whole directory hierarchy is not properly synced when the directories and files are created. A typical sideloaded storage file (entry 123 at term 44 for range r1234) looks like: `<data-dir>/auxiliary/sideloading/r1XXX/r1234/i123.t44`. Only existence of auxiliary directory is persisted upon its creation, by syncing the <data-dir> when Pebble initializes the store. All other directories (sideloading, r1XXX, r1234) are not persisted upon creation. Epic: none Release note: none
![blathers[crl]](https://avatars.githubusercontent.com/in/59700?s=40&u=373d9101a12edc3847d2fb6ae78e3adcfb4ca41e&v=4){kind=avatar}
|
Thanks for opening a backport. Please check the backport criteria before merging:
If your backport adds new functionality, please ensure that the following additional criteria are satisfied:
Also, please add a brief release justification to the body of your PR to justify this |
blathers-crl
bot
added
the
backport
|
This change is |
pav-kv
force-pushed
the
backport23.1-114616
branch
from
db2de03 to
68e7642
Compare
|
@erikgrinaker Note that this had to be modified to be backported. Most of the diff is test-only. The only non-test change is in the |
pav-kv
force-pushed
the
backport23.1-114616
branch
from
68e7642 to
d87cf8b
Compare
erikgrinaker
approved these changes
Jan 4, 2024
nvanbenschoten
approved these changes
Jan 4, 2024
There was a problem hiding this comment.
Reviewed 2 of 2 files at r1, 1 of 1 files at r2, 3 of 3 files at r3, 2 of 2 files at r4, 3 of 3 files at r5, all commit messages.
Reviewable status:complete! 1 of 0 LGTMs obtained (waiting on @pav-kv)
pkg/kv/kvserver/logstore/sideload_disk.go line 272 at r5 (raw file):
// mkdirAllAndSyncParents creates the given directory and all its missing // parents if any. For every newly created directly, it syncs the corresponding
s/directly/directory/
The sideloaded log storage does not sync the hierarchy of directories it creates. This can potentially lead to full or partial loss of its sub-directories in case of a system crash or power off. After this commit, every time sideloaded storage creates a directory, it syncs its parent so that the reference is durable. Epic: none Release note: none
pav-kv
force-pushed
the
backport23.1-114616
branch
from
d87cf8b to
e75bd74
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Backport 5/6 commits from #114616.
/cc @cockroachdb/release
This PR ensures that the hierarchy of directories/files created by the sideloaded log storage is properly synced.
Previously, only the "leaf" files in this hierarchy were fsync-ed. Even though this guarantees the files content and metadata is synced, this still does not guarantee that the references to these files are durable. For example, Linux man page for
fsync1 says:It means that these files can be lost after a system crash of power off. This leads to issues because:
Pebble WAL syncs are not atomic with the sideloaded files syncs. It is thus possible that raft log metadata "references" a sideloaded file and gets synced, but the file is not yet. A power off/on at this point leads to an internal inconsistency, and can result in a crash loop when raft will try to load these entries to apply and/or send to other replicas.
The durability of entry files is used as a pre-condition to sending raft messages that trigger committing these entries. A coordinated power off/on on a majority of replicas can thus lead to losing committed entries and unrecoverable loss-of-quorum.
This PR fixes the above issues, by syncing parents of all the directories and files that the sideloaded storage creates.
Part of #114411
Epic: none
Release note (bug fix): this commit fixes a durability bug in raft log storage, caused by incorrect syncing of filesystem metadata. It was possible to lose writes of a particular kind (
AddSSTable) that is e.g. used byRESTORE. This loss was possible only under power-off or OS crash conditions. As a result, CRDB could enter a crash loop on restart. In the worst case of a correlated power-off/crash across multiple nodes this could lead to loss of quorum or data loss.Release justification: critical bug fix
Footnotes
https://man7.org/linux/man-pages/man2/fsync.2.html ↩