hadoop-hdfs-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Todd Lipcon (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HDFS-3077) Quorum-based protocol for reading and writing edit logs
Date Tue, 09 Oct 2012 01:46:03 GMT

    [ https://issues.apache.org/jira/browse/HDFS-3077?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13472053#comment-13472053

Todd Lipcon commented on HDFS-3077:

The JN would need to respond additionally with the rest of the fields in PrepareRecoveryResponseProto
(eg acceptedInEpoch), as if the client called PrepareRecovery on whatever the highest segment
txid was. Then we could evaluate those responses, and only feed those that agreed on the max(segmentTxId)
into the recovery comparator.

But, I'm not sure it's simpler or more robust. My reasoning is that starting a new epoch (thus
fencing the prior writer) is semantically different than beginning recovery for a particular
segment. So I think it's clearer to put them in different pieces of code, even if they could
be piggy-backed one on top of the other for future round trips. Here's one example of why
I think it makes more sense to keep them separate:

Currently, we only run recovery on the highest txid segment at startup. This means that every
segment is stored on at least a quorum of nodes. But it does not mean that previous segments
get replicated to all available nodes. If we wanted to improve this, however, you could have
each of the NNs return a list of segment txids for which they have an incomplete segment.
Then, the NN can run the recovery process for each of these earlier segments individually,
all from the same epoch. If we merged NewEpoch and PrepareRecovery, that wouldn't be possible.

Another reason is that the current separation allows correct behavior in the face of IPC retries
on PrepareRecovery, since PrepareRecovery is idempotent. NewEpoch is necessarily _not_ idempotent,
because it is the one IPC that requires a strictly greater epoch id (in order to preserve
uniqueness of epochs). This means that, if there's some timeout prepare phase, we can safely
add retries a few times to get past it, while such a policy doesn't work on NewEpoch.
> Quorum-based protocol for reading and writing edit logs
> -------------------------------------------------------
>                 Key: HDFS-3077
>                 URL: https://issues.apache.org/jira/browse/HDFS-3077
>             Project: Hadoop HDFS
>          Issue Type: New Feature
>          Components: ha, name-node
>            Reporter: Todd Lipcon
>            Assignee: Todd Lipcon
>             Fix For: QuorumJournalManager (HDFS-3077)
>         Attachments: hdfs-3077-partial.txt, hdfs-3077-test-merge.txt, hdfs-3077.txt,
hdfs-3077.txt, hdfs-3077.txt, hdfs-3077.txt, hdfs-3077.txt, hdfs-3077.txt, hdfs-3077.txt,
qjournal-design.pdf, qjournal-design.pdf, qjournal-design.pdf, qjournal-design.pdf, qjournal-design.pdf,
qjournal-design.pdf, qjournal-design.tex, qjournal-design.tex
> Currently, one of the weak points of the HA design is that it relies on shared storage
such as an NFS filer for the shared edit log. One alternative that has been proposed is to
depend on BookKeeper, a ZooKeeper subproject which provides a highly available replicated
edit log on commodity hardware. This JIRA is to implement another alternative, based on a
quorum commit protocol, integrated more tightly in HDFS and with the requirements driven only
by HDFS's needs rather than more generic use cases. More details to follow.

This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

View raw message