[GitHub] [jackrabbit-oak] mreutegg commented on a change in pull request #453: OAK-9656: Recovery runs mistakenly when system clock jumps ahead

Mon, 10 Jan 2022 09:24:59 -0800 


mreutegg commented on a change in pull request #453:
URL: https://github.com/apache/jackrabbit-oak/pull/453#discussion_r781397017



##########
File path: 
oak-store-document/src/main/java/org/apache/jackrabbit/oak/plugins/document/LastRevRecoveryAgent.java
##########
@@ -142,9 +143,28 @@ public int recover(int clusterId, long waitUntil)
         ClusterNodeInfoDocument nodeInfo = 
missingLastRevUtil.getClusterNodeInfo(clusterId);
 
         if (nodeInfo != null) {
+            // Check our own lease before running recovery for another
+            // clusterId (OAK-9656)
+            long now = revisionContext.getClock().getTime();
+            if (clusterId != revisionContext.getClusterId()) {
+                // Get leaseEnd from our own cluster node info, unless
+                // we are doing recovery on startup for the clusterId
+                // we want to acquire. Then it's fine to go ahead with
+                // an expired lease.
+                ClusterNodeInfoDocument me = 
missingLastRevUtil.getClusterNodeInfo(revisionContext.getClusterId());
+                if (me != null && me.isRecoveryNeeded(now)) {
+                    String msg = String.format(
+                            "Own clusterId %s has a leaseEnd %s (%s) older 
than current time %s (%s). " +
+                                    "Refusing to run recovery on clusterId 
%s.",
+                            revisionContext.getClusterId(), 
me.getLeaseEndTime(),
+                            asISO8601(me.getLeaseEndTime()), now, 
asISO8601(now),
+                            clusterId);
+                    throw new DocumentStoreException(msg);

Review comment:
       The code path hitting this potential exception is via 
LastRevRecoveryJob.run().
   
   
https://github.com/apache/jackrabbit-oak/blob/954d62c5543b97ac9da51ac670e7b54cc09ab5ca/oak-store-document/src/main/java/org/apache/jackrabbit/oak/plugins/document/DocumentNodeStoreService.java#L1011
   
   It does not handle the exception, but I think that's fine. The job is 
scheduled at a fixed rate here:
   
   
https://github.com/apache/jackrabbit-oak/blob/954d62c5543b97ac9da51ac670e7b54cc09ab5ca/oak-store-document/src/main/java/org/apache/jackrabbit/oak/plugins/document/DocumentNodeStoreService.java#L822
   
   It would just run again when it's time, but more likely the lease mechanism 
shuts down the service before this happens as a reaction to the expired lease.




-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to