[jira] [Commented] (HADOOP-8247) Auto-HA: add a config to enable auto-HA, which disables manual FC

Fri, 06 Apr 2012 13:25:47 -0700 

    [ 
https://issues.apache.org/jira/browse/HADOOP-8247?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13248724#comment-13248724
 ] 

Aaron T. Myers commented on HADOOP-8247:
----------------------------------------

{quote}
Add a new flag dfs.ha.automatic-failover.enabled, which is set per-nameservice 
or globally
Add a new RequestInfo structure as a parameter to all the HAServiceProtocol 
methods. This currently just has one field, which indicates what type of client 
the request is on behalf of. It can either be a user (manual CLI failover), 
ZKFC (auto failover), or USER_FORCE – indicating that it's a user who wants to 
avoid this safety check.
In the NN, if auto-failover is enabled, disallow HA requests from users. If 
it's not enabled, disallow HA requests from ZKFCs.
In the ZKFC, disallow startup if auto-failover is disabled
{quote}

All this makes a lot of sense to me, Todd. The only question I have is whether 
or not it really makes sense to add a RequestInfo structure, instead of just an 
extra parameter whose value is defined by a simple 3-element enum. What else do 
you envision being added to the RequestInfo structure?
                
> Auto-HA: add a config to enable auto-HA, which disables manual FC
> -----------------------------------------------------------------
>
>                 Key: HADOOP-8247
>                 URL: https://issues.apache.org/jira/browse/HADOOP-8247
>             Project: Hadoop Common
>          Issue Type: Improvement
>          Components: auto-failover, ha
>    Affects Versions: Auto Failover (HDFS-3042)
>            Reporter: Todd Lipcon
>            Assignee: Todd Lipcon
>         Attachments: hadoop-8247.txt
>
>
> Currently, if automatic failover is set up and running, and the user uses the 
> "haadmin -failover" command, he or she can end up putting the system in an 
> inconsistent state, where the state in ZK disagrees with the actual state of 
> the world. To fix this, we should add a config flag which is used to enable 
> auto-HA. When this flag is set, we should disallow use of the haadmin command 
> to initiate failovers. We should refuse to run ZKFCs when the flag is not 
> set. Of course, this flag should be scoped by nameservice.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: 
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

Reply via email to