hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Todd Lipcon (Commented) (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HADOOP-8247) Auto-HA: add a config to enable auto-HA, which disables manual FC
Date Mon, 09 Apr 2012 23:45:15 GMT

    [ https://issues.apache.org/jira/browse/HADOOP-8247?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13250307#comment-13250307

Todd Lipcon commented on HADOOP-8247:

bq. There are always admins who disregard these warnings

I think they deserve what they get... admins can also decide to run "rm -Rf /my/metadata/dir"
and get into a bad state.

bq. Instead, wouldn't it be better to come up with a set of procedures to unwedge the cluster,
starting with setting auto-failover key to false, resetting NNs and using manual failover

Assumedly you want to be able to do this without incurring downtime. Certainly if downtime
is acceptable, that would be the right response.. But still I think having a manual override
here is useful for advanced operators who need to use it in an extenuating circumstance.

As I said above, I'm OK giving it a scarier name and/or making it prompt for confirmation
upon use, with a scary warning message. I'm even OK removing it from the documentation, so
people aren't lured into using it when they don't really know what they're doing.
> Auto-HA: add a config to enable auto-HA, which disables manual FC
> -----------------------------------------------------------------
>                 Key: HADOOP-8247
>                 URL: https://issues.apache.org/jira/browse/HADOOP-8247
>             Project: Hadoop Common
>          Issue Type: Improvement
>          Components: auto-failover, ha
>    Affects Versions: Auto Failover (HDFS-3042)
>            Reporter: Todd Lipcon
>            Assignee: Todd Lipcon
>         Attachments: hadoop-8247.txt, hadoop-8247.txt, hadoop-8247.txt, hadoop-8247.txt
> Currently, if automatic failover is set up and running, and the user uses the "haadmin
-failover" command, he or she can end up putting the system in an inconsistent state, where
the state in ZK disagrees with the actual state of the world. To fix this, we should add a
config flag which is used to enable auto-HA. When this flag is set, we should disallow use
of the haadmin command to initiate failovers. We should refuse to run ZKFCs when the flag
is not set. Of course, this flag should be scoped by nameservice.

This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira


View raw message