[jira] [Updated] (BOOKKEEPER-101) Add Fencing to Bookkeeper

Tue, 15 Nov 2011 09:53:17 -0800 

     [ 
https://issues.apache.org/jira/browse/BOOKKEEPER-101?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Ivan Kelly updated BOOKKEEPER-101:
----------------------------------

    Attachment: BOOKKEEPER-101.diff

Addressed Dhruba's comments
                
> Add Fencing to Bookkeeper
> -------------------------
>
>                 Key: BOOKKEEPER-101
>                 URL: https://issues.apache.org/jira/browse/BOOKKEEPER-101
>             Project: Bookkeeper
>          Issue Type: New Feature
>            Reporter: Ivan Kelly
>            Assignee: Ivan Kelly
>             Fix For: 4.0.0
>
>         Attachments: BOOKKEEPER-101.diff, BOOKKEEPER-101.diff, 
> BOOKKEEPER-101.diff, BOOKKEEPER-101.diff, BOOKKEEPER-101.diff
>
>
> BookKeeper is designed for use as a Write ahead log. In systems with a 
> primary/backup architecture, the primary will write state updates to the WAL. 
> If the primary dies the backup comes online, reads the WAL to get the latest 
> state and starts serving requests. However, if the primary was only 
> partitioned from the network, or stuck in a long GC, a split brain occurs. 
> Both primary and backup can service client requests. 
> Fencing(http://en.wikipedia.org/wiki/Fencing_%28computing%29) ensures that 
> this cannot happen. With fencing, the backup can close the WAL of the 
> primary, and cause any subsequent attempt by the primary to write to the WAL 
> to give an error. 
> We fence a ledger whenever it is opened by another client using 
> BookKeeper#openLedger. BookKeeper#openLedgerNoRecovery will not fence.
> The opening client marks the ledger as fenced in zookeeper, and then sends a 
> readEntry message to a all of bookies with the DO_FENCING flag set. Once at 
> least 1 bookie in each possible quorum of bookies have responded, we can 
> proceed with opening the ledger. Any subsequent attempt to write to the 
> ledger will fail as it will not be able to write to a quorum without one of 
> the bookie in the quorum responding with a ledger fenced error. The client 
> will also be unable to change the quorum without seeing that the ledger has 
> been marked as fenced in zookeeper.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: 
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

Reply via email to