cassandra-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Marcus Eriksson (JIRA)" <>
Subject [jira] [Commented] (CASSANDRA-6696) Drive replacement in JBOD can cause data to reappear.
Date Mon, 24 Mar 2014 14:45:46 GMT


Marcus Eriksson commented on CASSANDRA-6696:

Been poking this, wip-patch pushed here:

it does the following;
* Extract an interface out of SSTableWriter (imaginatively called SSTableWriterInterface),
start using this interface everywhere
* Create DiskAwareSSTableWriter which knows about disk layout and starts using it instead
of standard SSTW
* Ranges of tokens are assigned to the disks, this way we only need to check "is the key we
are appending larger than the boundary token for the current disk? If so, create a new SSTableWriter
for that disk
* Breaks unit tests

* fix unit tests, general cleanups
* I kind of want to name the interface SSTableWriter and call the old SSTW class something
else, but i guess SSTW is the class that most external people depend on, so maybe not
* Take disk size into consideration when splitting the ranges over disks, this needs to be
deterministic though, so we have to use total disk size instead of free disk space.
* Make other partitioners than M3P work
* Fix keycache

Rebalancing of data is simply running upgradesstables or scrub, if we loose a disk, we will
take writes to the other disks

Comments on this approach?

> Drive replacement in JBOD can cause data to reappear. 
> ------------------------------------------------------
>                 Key: CASSANDRA-6696
>                 URL:
>             Project: Cassandra
>          Issue Type: Improvement
>          Components: Core
>            Reporter: sankalp kohli
>            Assignee: Marcus Eriksson
>             Fix For: 3.0
> In JBOD, when someone gets a bad drive, the bad drive is replaced with a new empty one
and repair is run. 
> This can cause deleted data to come back in some cases. Also this is true for corrupt
stables in which we delete the corrupt stable and run repair. 
> Here is an example:
> Say we have 3 nodes A,B and C and RF=3 and GC grace=10days. 
> row=sankalp col=sankalp is written 20 days back and successfully went to all three nodes.

> Then a delete/tombstone was written successfully for the same row column 15 days back.

> Since this tombstone is more than gc grace, it got compacted in Nodes A and B since it
got compacted with the actual data. So there is no trace of this row column in node A and
> Now in node C, say the original data is in drive1 and tombstone is in drive2. Compaction
has not yet reclaimed the data and tombstone.  
> Drive2 becomes corrupt and was replaced with new empty drive. 
> Due to the replacement, the tombstone in now gone and row=sankalp col=sankalp has come
back to life. 
> Now after replacing the drive we run repair. This data will be propagated to all nodes.

> Note: This is still a problem even if we run repair every gc grace. 

This message was sent by Atlassian JIRA

View raw message