Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Make manual failover reset the on-going election to promote failover #1274

Open
wants to merge 5 commits into
base: unstable
Choose a base branch
from
Open

Make manual failover reset the on-going election to promote failover #1274

wants to merge 5 commits into from
+65 −2

Conversation

enjoy-binbin
Copy link
Member

If a manual failover got timed out, like the election don't get the
enough votes, since we have a auth_timeout and a auth_retry_time, a
new manual failover will not be able to proceed on the replica side.

Like if we initiate a new manual failover after a election timed out,
we will pause the primary, but on the replica side, due to retry_time,
replica does not trigger the new election and the manual failover will
eventually time out.

In this case, if we initiate manual failover again and there is an
ongoing election, we will reset it so that the replica can initiate
a new election at the manual failover's request.

@enjoy-binbin
Make manual failover reset the on-going election to promote failover
db379e1 
If a manual failover got timed out, like the election don't get the
enough votes, since we have a auth_timeout and a auth_retry_time, a
new manual failover will not be able to proceed on the replica side.

Like if we initiate a new manual failover after a election timed out,
we will pause the primary, but on the replica side, due to retry_time,
replica does not trigger the new election and the manual failover will
eventually time out.

In this case, if we initiate manual failover again and there is an
ongoing election, we will reset it so that the replica can initiate
a new election at the manual failover's request.

Signed-off-by: Binbin <[email protected]>
@enjoy-binbin
fix typo
0595cd0 
Signed-off-by: Binbin <[email protected]>
@enjoy-binbin enjoy-binbin added the run-extra-tests Run extra tests on this PR (Runs all tests from daily except valgrind and RESP) label Nov 8, 2024
@codecov Codecov
Copy link

codecov bot commented Nov 8, 2024
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 70.70%. Comparing base (2df56d8) to head (97487bf).
Report is 4 commits behind head on unstable.

Additional details and impacted files 
@@             Coverage Diff              @@
##           unstable    #1274      +/-   ##
============================================
+ Coverage     70.69%   70.70%   +0.01%     
============================================
  Files           114      115       +1     
  Lines         63161    63160       -1     
============================================
+ Hits          44650    44656       +6     
+ Misses        18511    18504       -7
Files with missing lines Coverage Δ
src/cluster_legacy.c 86.47% <100.00%> (+0.24%) ⬆️

... and 21 files with indirect coverage changes

@enjoy-binbin
Copy link
Member Author

A log demo from the test case (before the fix).

replica:

28295:S 08 Nov 2024 14:37:20.208 * Manual failover user request accepted (user request from 'id=4 addr=127.0.0.1:59705 laddr=127.0.0.1:21111 fd=16 name= age=11 idle=0 flags=N db=0 sub=0 psub=0 ssub=0 multi=-1 watch=0 qbuf=0 qbuf-free=0 argv-mem=15 multi-mem=0 rbs=1024 rbp=518 obl=0 oll=0 omem=0 tot-mem=1951 events=r cmd=cluster|failover user=default redir=-1 resp=2 lib-name= lib-ver= tot-net-in=318 tot-net-out=3163 tot-cmds=7').
28295:S 08 Nov 2024 14:37:20.209 * Received replication offset for paused primary manual failover: 14
28295:S 08 Nov 2024 14:37:20.209 * All primary replication stream processed, manual failover can start.
28295:S 08 Nov 2024 14:37:20.209 * Start of election delayed for 0 milliseconds (rank #0, offset 14).
28295:S 08 Nov 2024 14:37:20.209 * Starting a failover election for epoch 4.
28295:S 08 Nov 2024 14:37:25.096 * Currently unable to failover: Waiting for votes, but majority still not reached.
28295:S 08 Nov 2024 14:37:25.096 * Needed quorum: 2. Number of votes received so far: 1
28295:S 08 Nov 2024 14:37:25.298 # Manual failover timed out.

# The second cluster failover, but got timed out due to the auth_timeout and need to wait for auth_retry_time
28295:S 08 Nov 2024 14:37:25.345 * Manual failover user request accepted (user request from 'id=4 addr=127.0.0.1:59705 laddr=127.0.0.1:21111 fd=16 name= age=16 idle=0 flags=N db=0 sub=0 psub=0 ssub=0 multi=-1 watch=0 qbuf=0 qbuf-free=0 argv-mem=15 multi-mem=0 rbs=1024 rbp=0 obl=0 oll=0 omem=0 tot-mem=1951 events=r cmd=cluster|failover user=default redir=-1 resp=2 lib-name= lib-ver= tot-net-in=349 tot-net-out=3168 tot-cmds=8').
28295:S 08 Nov 2024 14:37:25.346 * Received replication offset for paused primary manual failover: 14
28295:S 08 Nov 2024 14:37:25.346 * All primary replication stream processed, manual failover can start.
28295:S 08 Nov 2024 14:37:30.046 * Currently unable to failover: Waiting for votes, but majority still not reached.
28295:S 08 Nov 2024 14:37:30.046 * Needed quorum: 2. Number of votes received so far: 1
28295:S 08 Nov 2024 14:37:30.349 # Manual failover timed out.

the primary:

28385:M 08 Nov 2024 14:37:20.208 * Manual failover requested by replica a31915be22368c4df57d2f17d58cc03f578e3149 ().
28385:M 08 Nov 2024 14:37:20.209 * Failover auth granted to a31915be22368c4df57d2f17d58cc03f578e3149 () for epoch 4
28385:M 08 Nov 2024 14:37:25.221 # Manual failover timed out.
28385:M 08 Nov 2024 14:37:25.346 * Manual failover requested by replica a31915be22368c4df57d2f17d58cc03f578e3149 ().
28385:M 08 Nov 2024 14:37:30.376 # Manual failover timed out.

hpatro
hpatro reviewed Nov 8, 2024
View reviewed changes
src/cluster_legacy.c
Comment on lines -4850 to +4869
server.cluster->mf_can_start = 1;
manualFailoverCanStart();
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should we rather invoke resetManualFailover and clean up failover_auth_time in that period?

We should anyway cleanup failover_auth_time in the resetManualFailover method.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I have thought about putting it in resetManualFailover, but I was worried about introducing other problems since resetManualFailover is called in many places.

enjoy-binbin
enjoy-binbin commented Nov 11, 2024
View reviewed changes
tests/unit/cluster/manual-failover.tcl
R 3 cluster failover

# Waiting for primary and replica to confirm manual failover timeout.
wait_for_log_messages 0 {"*Manual failover timed out*"} 0 1000 50
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

i forgot to mention in here, the wait will take at least 5 seconds since the manual failover timeout is 5s, i can use other fields maybe like epoch to replace it if needed.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Using log messages should be OK.

madolson
madolson approved these changes Nov 14, 2024
View reviewed changes
Copy link
Member

@madolson madolson left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Seems reasonable to me.

tests/unit/cluster/manual-failover.tcl
R 3 cluster failover

# Waiting for primary and replica to confirm manual failover timeout.
wait_for_log_messages 0 {"*Manual failover timed out*"} 0 1000 50
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Using log messages should be OK.

tests/unit/cluster/manual-failover.tcl
Comment on lines +207 to +208
R 1 debug drop-cluster-packet-filter $CLUSTER_PACKET_TYPE_NONE
R 2 debug drop-cluster-packet-filter $CLUSTER_PACKET_TYPE_NONE
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I really like the usage of these constants, we should probably do it more to improve readability in tests.

@enjoy-binbin
update name
97487bf 
Signed-off-by: Binbin <[email protected]>
zuiderkwast
zuiderkwast approved these changes Nov 17, 2024
View reviewed changes
Copy link
Contributor

@zuiderkwast zuiderkwast left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not a full review. The idea looks good.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@hpatro hpatro hpatro left review comments

@madolson madolson madolson approved these changes

@zuiderkwast zuiderkwast zuiderkwast approved these changes

@PingXie PingXie Awaiting requested review from PingXie

Assignees
No one assigned
Labels
run-extra-tests Run extra tests on this PR (Runs all tests from daily except valgrind and RESP)
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@enjoy-binbin @zuiderkwast @hpatro @madolson