[jira] [Commented] (HDFS-6203) check other namenode's state before HAadmin transitionToActive

Tue, 08 Apr 2014 15:09:49 -0700 

    [ 
https://issues.apache.org/jira/browse/HDFS-6203?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13963514#comment-13963514
 ] 

patrick white commented on HDFS-6203:
-------------------------------------

Right, suggest this check for the non-automatic case. 

Good point and understand, without some form of locking there is certainly the 
possibility of a race. 

This check would still have value though, specifically for the case where 
manual operations are being performed. In this case it's possible for an 
operator to lose track of state or mistakenly use the wrong serviceId in a 
command. Arguably this is a "don't do that" situation, but since it is an easy 
mistake to make, with very severe consequences in a production environment, a 
check like this would be valuable.




> check other namenode's state before HAadmin transitionToActive
> --------------------------------------------------------------
>
>                 Key: HDFS-6203
>                 URL: https://issues.apache.org/jira/browse/HDFS-6203
>             Project: Hadoop HDFS
>          Issue Type: Improvement
>          Components: ha
>    Affects Versions: 2.3.0
>            Reporter: patrick white
>
> Current behavior is that the HAadmin -transitionToActive command will 
> complete the transition to Active even if the other namenode is already in 
> Active state. This is not an allowed condition and should be handled by 
> fencing, however setting both namenode's active can happen accidentally with 
> relative ease, especially in a production environment when performing manual 
> maintenance operations. 
> If this situation does occur it is very serious and will likely cause data 
> loss, or best case, require a difficult recovery to avoid data loss.
> This is requesting an enhancement to haadmin's -transitionToActive command, 
> to have HAadmin check the Active state of the other namenode before 
> completing the transition. If the other namenode is Active, then fail the 
> request due to other nn already-active.
> Not sure if there is a scenario where both namenode's being Active is valid 
> or desired, but to maintain functional compatibility a 'force' parameter 
> could be added to  override this check and allow previous behavior.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

Reply via email to