hadoop-hdfs-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Todd Lipcon (Commented) (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HDFS-3049) During the normal loading NN startup process, fall back on a different image or EditLog if we see one that is corrupt
Date Fri, 16 Mar 2012 19:53:37 GMT

    [ https://issues.apache.org/jira/browse/HDFS-3049?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13231559#comment-13231559
] 

Todd Lipcon commented on HDFS-3049:
-----------------------------------

The description of the JIRA is a bit strange in one aspect: it seems to indicate that we load
from *one* storage directory currently. This is true for the images, but not true for edits
- we already handle the case of loading edits from a "merged" view of several directories.

I'd propose the following:

1) Separate out a separate JIRA for image-loading failover from edits-loading failover.
I think the best we can do for image loading is the following:
- add a try-catch clause around the image loading code. If it fails to load the image, print
out an error like:
"Failed loading image from /foo/bar/fsimage_12342". Please restart the namenode with the "-verifyImageBeforeLoad"
flag to search for a different image.
This new flag would then cause the NN to read through the image, compute its md5, and compare
against the stored md5. If the md5 is determined to be invalid, it would skip to a different
image.

2) Use this JIRA to handle recovery on the edit-loading path. Here, the behavior is not to
pick some single storage directory to load from, but rather:
- if we hit a checksum error, try to switch to another underlying JournalManager. If all JournalManagers
have been tried for a given txnid, but none of them succeeded, abort.
- don't worry about semantic errors for now -- I think we can handle that in a separate JIRA.

                
> During the normal loading NN startup process, fall back on a different image or EditLog
if we see one that is corrupt
> ---------------------------------------------------------------------------------------------------------------------
>
>                 Key: HDFS-3049
>                 URL: https://issues.apache.org/jira/browse/HDFS-3049
>             Project: Hadoop HDFS
>          Issue Type: New Feature
>          Components: name-node
>            Reporter: Colin Patrick McCabe
>            Assignee: Colin Patrick McCabe
>            Priority: Minor
>             Fix For: 0.24.0
>
>
> During the NameNode startup process, we load an image, and then apply edit logs to it
until we believe that we have all the latest changes.  Unfortunately, if there is an I/O error
while reading any of these files, in most cases, we simply abort the startup process.  We
should try harder to locate a readable edit log and/or image file.
> *There are three main use cases for this feature:*
> 1. If the operating system does not honor fsync (usually due to a misconfiguration),
a file may end up in an inconsistent state.
> 2. In certain older releases where we did not use fallocate() or similar to pre-reserve
blocks, a disk full condition may cause a truncated log in one edit directory.
> 3. There may be a bug in HDFS which results in some of the data directories receiving
corrupt data, but not all.  This is the least likely use case.
> *Proposed changes to normal NN startup*
> * We should try a different FSImage if we can't load the first one we try.
> * We should examine other FSEditLogs if we can't load the first one(s) we try.
> * We should fail if we can't find EditLogs that would bring us up to what we believe
is the latest transaction ID.
> Proposed changes to recovery mode NN startup:
> we should list out all the available storage directories and allow the operator to select
which one he wants to use.
> Something like this:
> {code}
> Multiple storage directories found.
> 1. /foo/bar
>     edits__curent__XYZ          size:213421345       md5:2345345
>     image                                  size:213421345       md5:2345345
> 2. /foo/baz
>     edits__curent__XYZ          size:213421345       md5:2345345345
>     image                                  size:213421345       md5:2345345
> Which one would you like to use? (1/2)
> {code}
> As usual in recovery mode, we want to be flexible about error handling.  In this case,
this means that we should NOT fail if we can't find EditLogs that would bring us up to what
we believe is the latest transaction ID.
> *Not addressed by this feature*
> This feature will not address the case where an attempt to access the NameNode name directory
or directories hangs because of an I/O error.  This may happen, for example, when trying to
load an image from a hard-mounted NFS directory, when the NFS server has gone away.  Just
as now, the operator will have to notice this problem and take steps to correct it.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

Mime
View raw message