ctubbsii commented on a change in pull request #2467:
URL: https://github.com/apache/accumulo/pull/2467#discussion_r802197735



##########
File path: 
shell/src/main/java/org/apache/accumulo/shell/commands/FateCommand.java
##########
@@ -136,7 +140,29 @@ public int execute(final String fullCommand, final 
CommandLine cl, final Shell s
         getZooReaderWriter(context, siteConfig, 
cl.getOptionValue(secretOption.getOpt()));
     ZooStore<FateCommand> zs = new ZooStore<>(path, zk);
 
-    if ("fail".equals(cmd)) {
+    if ("fail-live".equals(cmd)) {

Review comment:
       > Feedback from user(s) is:
   > 
   > 2. Stopping the Manager is a problem because they can't load data via bulk 
imports, they have strict timeliness requirements. They have to stop bulk 
imports from getting kicked off, wait for the current ones to finish, then take 
down the Manager. Stopping the Manager also stops any long-running WAL recovery 
due to a failed TServer, table balancing, etc.
   
   I understand stopping the manager is not preferred. I'm not sure lowering 
the bar to surgery by allowing it to be performed on a conscious patient is the 
right solution, though (might be taking the metaphor too far here :smiley_cat: 
). I'd rather focus efforts on surgery-prevention, if we can. For example, 
using the new bulk imports, using the new working compaction queue 
cancellation, figuring out why 1.x compactions can't be cancelled, etc., would 
be a great start. Adding range locks for compaction/merge/delete would also be 
great.
   
   Right now, this seems very risky to add, especially since we haven't even 
ironed out the kinks in the other recent changes in these areas. 
ExternalCompactions ITs are still flaky, and now FateIT is failing too. These 
imply that there is instability in this code. Giving users more direct access 
to making live changes to internals, when we haven't ironed out those internals 
in our own tests, seems very high risk, and the wrong solution to the 
underlying problems users are seeing. If all those other things were working 
well, I would be less opposed to taking the risk here, but they're not. So, 
this risk just seems too much right now.




-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]


Reply via email to