[
https://issues.apache.org/jira/browse/HBASE-3872?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13103135#comment-13103135
]
stack commented on HBASE-3872:
------------------------------
This patch plugged this hole two ways:
1. not removing parent region unless the daughter region existed
2. on split transaction failure, do NOT remove daughter regions; crash out the
regionserver and let fix up of the shutdown server do the fixup in meta adding
daughters.
#1 in the above created HBASE-4238 where we won't delete parents if daughters
that have themselves split get cleaned up before their parent has all its
references let go. So #1 is being undone over in the fix for HBASE-4238 since
its possible daughter regions may not exist in the fs legitimately.
> Hole in split transaction rollback; edits to .META. need to be rolled back
> even if it seems like they didn't make it
> --------------------------------------------------------------------------------------------------------------------
>
> Key: HBASE-3872
> URL: https://issues.apache.org/jira/browse/HBASE-3872
> Project: HBase
> Issue Type: Bug
> Components: regionserver
> Affects Versions: 0.90.3
> Reporter: stack
> Assignee: stack
> Priority: Blocker
> Fix For: 0.90.4
>
> Attachments: 3872-v2.txt, 3872.txt
>
>
> Saw this interesting one on a cluster of ours. The cluster was configured
> with too few handlers so lots of the phenomeneon where actions were queued
> but then by the time they got into the server and tried respond to the
> client, the client had disconnected because of the timeout of 60 seconds.
> Well, the meta edits for a split were queued at the regionserver carrying
> .META. and by the time it went to write back, the client had gone (the first
> insert of parent offline with daughter regions added as info:splitA and
> info:splitB). The client presumed the edits failed and 'successfully' rolled
> back the transaction (failing to undo .META. edits thinking they didn't go
> through).
> A few minutes later the .META. scanner on master runs. It sees 'no
> references' in daughters -- the daughters had been cleaned up as part of the
> split transaction rollback -- so it thinks its safe to delete the parent.
> Two things:
> + Tighten up check in master... need to check daughter region at least exists
> and possibly the daughter region has an entry in .META.
> + Dependent on the edit that fails, schedule rollback edits though it will
> seem like they didn't go through.
> This is pretty critical one.
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
