keith-turner commented on code in PR #5145: URL: https://github.com/apache/accumulo/pull/5145#discussion_r1873650459
########## test/src/main/java/org/apache/accumulo/test/functional/HalfDeadServerWatcherIT.java: ########## @@ -0,0 +1,212 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.accumulo.test.functional; + +import static org.junit.jupiter.api.Assertions.assertEquals; +import static org.junit.jupiter.api.Assertions.assertThrows; +import static org.junit.jupiter.api.Assertions.assertTrue; +import static org.junit.jupiter.api.Assertions.fail; + +import java.io.IOException; +import java.util.List; +import java.util.TreeMap; +import java.util.TreeSet; +import java.util.concurrent.atomic.AtomicBoolean; + +import org.apache.accumulo.core.Constants; +import org.apache.accumulo.core.client.Accumulo; +import org.apache.accumulo.core.client.AccumuloClient; +import org.apache.accumulo.core.client.AccumuloException; +import org.apache.accumulo.core.conf.Property; +import org.apache.accumulo.core.data.TableId; +import org.apache.accumulo.core.dataImpl.KeyExtent; +import org.apache.accumulo.core.fate.zookeeper.ZooUtil.NodeMissingPolicy; +import org.apache.accumulo.core.util.UtilWaitThread; +import org.apache.accumulo.harness.AccumuloClusterHarness; +import org.apache.accumulo.minicluster.ServerType; +import org.apache.accumulo.miniclusterImpl.MiniAccumuloConfigImpl; +import org.apache.accumulo.server.ServerContext; +import org.apache.accumulo.server.ServerOpts; +import org.apache.accumulo.test.util.Wait; +import org.apache.accumulo.tserver.TabletServer; +import org.apache.accumulo.tserver.tablet.Tablet; +import org.apache.accumulo.tserver.tablet.TabletData; +import org.apache.hadoop.conf.Configuration; +import org.apache.hadoop.io.Text; +import org.apache.zookeeper.KeeperException; +import org.apache.zookeeper.WatchedEvent; +import org.apache.zookeeper.Watcher; +import org.junit.jupiter.api.AfterEach; +import org.junit.jupiter.api.Test; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +/** + * Test that validates that the TabletServer will be terminated when the lock is removed in + * ZooKeeper, but a Watcher in the TabletServer is preventing the LockWatcher to be invoked. + */ +public class HalfDeadServerWatcherIT extends AccumuloClusterHarness { + + public static class HalfDeadTabletServer extends TabletServer { + + private static final Logger LOG = LoggerFactory.getLogger(HalfDeadTabletServer.class); + + public static void main(String[] args) throws Exception { + try (HalfDeadTabletServer tserver = new HalfDeadTabletServer(new ServerOpts(), args)) { + tserver.runServer(); + } + } + + public static class StuckWatcher implements Watcher { + private static final Logger LOG = LoggerFactory.getLogger(StuckWatcher.class); + + @Override + public void process(WatchedEvent event) { + LOG.info("started sleeping..."); + while (true) { + LOG.info("still sleeping..."); + UtilWaitThread.sleep(2000); + } + } + + } + + protected HalfDeadTabletServer(ServerOpts opts, String[] args) { + super(opts, args); + } + + @Override + protected TreeMap<KeyExtent,TabletData> splitTablet(Tablet tablet, byte[] splitPoint) + throws IOException { + LOG.info("In HalfDeadServerWatcherIT::splitTablet"); + TreeMap<KeyExtent,TabletData> results = super.splitTablet(tablet, splitPoint); + if (!tablet.getExtent().isMeta()) { + final TableId tid = tablet.getExtent().tableId(); + final String zooRoot = this.getContext().getZooKeeperRoot(); + final String tableZPath = zooRoot + Constants.ZTABLES + "/" + tid.canonical(); + try { + this.getContext().getZooReaderWriter().exists(tableZPath, new StuckWatcher()); Review Comment: This is neat. These are nice test. ########## core/src/main/java/org/apache/accumulo/core/fate/zookeeper/ServiceLock.java: ########## @@ -762,4 +762,26 @@ public static boolean deleteLock(ZooReaderWriter zk, ServiceLockPath path, Strin return false; } + + /** + * Checks that the lock still exists in ZooKeeper. The typical mechanism for determining if a lock + * is lost depends on a Watcher set on the lock node. There exists a case where the Watcher may + * not get called if another Watcher is stuck waiting on I/O or otherwise hung. In the case where + * this method returns false, then the typical action is to exit the server process. + * + * @return true if lock path still exists, false otherwise and on error + */ + public boolean verifyLockAtSource() { + if (getLockPath() == null) { + // lock not set yet + return false; + } + try { + return null != this.zooKeeper.exists(getLockPath(), false); + } catch (KeeperException | InterruptedException e) { Review Comment: Wondering if this catch exception after seeing there was a potential NPE in the code if a prev comment. If there is any problem verifying the lock maybe we want to fail. ```suggestion } catch (Exception e) { ``` ########## core/src/main/java/org/apache/accumulo/core/fate/zookeeper/ServiceLock.java: ########## @@ -762,4 +762,26 @@ public static boolean deleteLock(ZooReaderWriter zk, ServiceLockPath path, Strin return false; } + + /** + * Checks that the lock still exists in ZooKeeper. The typical mechanism for determining if a lock + * is lost depends on a Watcher set on the lock node. There exists a case where the Watcher may + * not get called if another Watcher is stuck waiting on I/O or otherwise hung. In the case where + * this method returns false, then the typical action is to exit the server process. + * + * @return true if lock path still exists, false otherwise and on error + */ + public boolean verifyLockAtSource() { + if (getLockPath() == null) { Review Comment: The getLockPath() method can return null prior to getting the lock and after losing it. The code calls getLockPath() twice so it could be non-null on the first call and null on the 2nd call which would pass null to zookeeper. Could call once and put in a local variable to avoid the nuill passed to zookeeper (it will probably halt either way, just may give a cleaner error message). Also thinking this method is only intended to be called after its known the lock was acquired. There is an existing method `wasLockAcquired()` that helps with this. Was thinking maybe this method should return true when the locak has never been acquired, but I don't think that is useful for what the goal of this method. Thinking the illegal state exception will let someone know if they are using the method in a way it was not intended. ```suggestion public boolean verifyLockAtSource() { // only expect this method to be called after the lock was aquired Preconditions.checkState(wasLockAcquired()); var lockPath = getLockPath(); if (lockPath == null) { ``` ########## test/src/main/java/org/apache/accumulo/test/functional/HalfDeadServerWatcherIT.java: ########## @@ -0,0 +1,212 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.accumulo.test.functional; + +import static org.junit.jupiter.api.Assertions.assertEquals; +import static org.junit.jupiter.api.Assertions.assertThrows; +import static org.junit.jupiter.api.Assertions.assertTrue; +import static org.junit.jupiter.api.Assertions.fail; + +import java.io.IOException; +import java.util.List; +import java.util.TreeMap; +import java.util.TreeSet; +import java.util.concurrent.atomic.AtomicBoolean; + +import org.apache.accumulo.core.Constants; +import org.apache.accumulo.core.client.Accumulo; +import org.apache.accumulo.core.client.AccumuloClient; +import org.apache.accumulo.core.client.AccumuloException; +import org.apache.accumulo.core.conf.Property; +import org.apache.accumulo.core.data.TableId; +import org.apache.accumulo.core.dataImpl.KeyExtent; +import org.apache.accumulo.core.fate.zookeeper.ZooUtil.NodeMissingPolicy; +import org.apache.accumulo.core.util.UtilWaitThread; +import org.apache.accumulo.harness.AccumuloClusterHarness; +import org.apache.accumulo.minicluster.ServerType; +import org.apache.accumulo.miniclusterImpl.MiniAccumuloConfigImpl; +import org.apache.accumulo.server.ServerContext; +import org.apache.accumulo.server.ServerOpts; +import org.apache.accumulo.test.util.Wait; +import org.apache.accumulo.tserver.TabletServer; +import org.apache.accumulo.tserver.tablet.Tablet; +import org.apache.accumulo.tserver.tablet.TabletData; +import org.apache.hadoop.conf.Configuration; +import org.apache.hadoop.io.Text; +import org.apache.zookeeper.KeeperException; +import org.apache.zookeeper.WatchedEvent; +import org.apache.zookeeper.Watcher; +import org.junit.jupiter.api.AfterEach; +import org.junit.jupiter.api.Test; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +/** + * Test that validates that the TabletServer will be terminated when the lock is removed in + * ZooKeeper, but a Watcher in the TabletServer is preventing the LockWatcher to be invoked. + */ +public class HalfDeadServerWatcherIT extends AccumuloClusterHarness { + + public static class HalfDeadTabletServer extends TabletServer { + + private static final Logger LOG = LoggerFactory.getLogger(HalfDeadTabletServer.class); + + public static void main(String[] args) throws Exception { + try (HalfDeadTabletServer tserver = new HalfDeadTabletServer(new ServerOpts(), args)) { + tserver.runServer(); + } + } + + public static class StuckWatcher implements Watcher { + private static final Logger LOG = LoggerFactory.getLogger(StuckWatcher.class); + + @Override + public void process(WatchedEvent event) { + LOG.info("started sleeping..."); + while (true) { + LOG.info("still sleeping..."); + UtilWaitThread.sleep(2000); + } + } + + } + + protected HalfDeadTabletServer(ServerOpts opts, String[] args) { + super(opts, args); + } + + @Override + protected TreeMap<KeyExtent,TabletData> splitTablet(Tablet tablet, byte[] splitPoint) + throws IOException { + LOG.info("In HalfDeadServerWatcherIT::splitTablet"); + TreeMap<KeyExtent,TabletData> results = super.splitTablet(tablet, splitPoint); + if (!tablet.getExtent().isMeta()) { + final TableId tid = tablet.getExtent().tableId(); + final String zooRoot = this.getContext().getZooKeeperRoot(); + final String tableZPath = zooRoot + Constants.ZTABLES + "/" + tid.canonical(); + try { + this.getContext().getZooReaderWriter().exists(tableZPath, new StuckWatcher()); + } catch (KeeperException | InterruptedException e) { + LOG.error("Error setting watch at: {}", tableZPath, e); + } + LOG.info("Set StuckWatcher at: {}", tableZPath); + } + return results; + } + } + + private static final AtomicBoolean USE_VERIFICATION_THREAD = new AtomicBoolean(false); + + @Override + public void configureMiniCluster(MiniAccumuloConfigImpl cfg, Configuration hadoopCoreSite) { + if (USE_VERIFICATION_THREAD.get()) { + cfg.setProperty(Property.GENERAL_SERVER_LOCK_VERIFICATION_INTERVAL, "10s"); + } else { + cfg.setProperty(Property.GENERAL_SERVER_LOCK_VERIFICATION_INTERVAL, "0"); + } + cfg.setServerClass(ServerType.TABLET_SERVER, HalfDeadTabletServer.class); + cfg.setNumCompactors(0); + cfg.setNumScanServers(0); + cfg.setNumTservers(1); + } + + @AfterEach + public void afterTest() throws Exception { + getCluster().getClusterControl().stopAllServers(ServerType.TABLET_SERVER); + super.teardownCluster(); + USE_VERIFICATION_THREAD.set(!USE_VERIFICATION_THREAD.get()); + } + + @Test + public void testOne() throws Exception { + if (USE_VERIFICATION_THREAD.get()) { + // This test should use the verification thread, which should + // end the TabletServer, throw an Exception on the ping call, + // and return true + assertTrue(testTabletServerWithStuckWatcherDies()); + } else { + // This test should time out + assertThrows(IllegalStateException.class, () -> testTabletServerWithStuckWatcherDies()); Review Comment: What does the exception look like for this? Wondering if anything more specific can be checked for the exception. Is the expecation that this exception is coming from the call to `Wait.waitfor`? ########## test/src/main/java/org/apache/accumulo/test/functional/HalfDeadServerWatcherIT.java: ########## @@ -0,0 +1,212 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.accumulo.test.functional; + +import static org.junit.jupiter.api.Assertions.assertEquals; +import static org.junit.jupiter.api.Assertions.assertThrows; +import static org.junit.jupiter.api.Assertions.assertTrue; +import static org.junit.jupiter.api.Assertions.fail; + +import java.io.IOException; +import java.util.List; +import java.util.TreeMap; +import java.util.TreeSet; +import java.util.concurrent.atomic.AtomicBoolean; + +import org.apache.accumulo.core.Constants; +import org.apache.accumulo.core.client.Accumulo; +import org.apache.accumulo.core.client.AccumuloClient; +import org.apache.accumulo.core.client.AccumuloException; +import org.apache.accumulo.core.conf.Property; +import org.apache.accumulo.core.data.TableId; +import org.apache.accumulo.core.dataImpl.KeyExtent; +import org.apache.accumulo.core.fate.zookeeper.ZooUtil.NodeMissingPolicy; +import org.apache.accumulo.core.util.UtilWaitThread; +import org.apache.accumulo.harness.AccumuloClusterHarness; +import org.apache.accumulo.minicluster.ServerType; +import org.apache.accumulo.miniclusterImpl.MiniAccumuloConfigImpl; +import org.apache.accumulo.server.ServerContext; +import org.apache.accumulo.server.ServerOpts; +import org.apache.accumulo.test.util.Wait; +import org.apache.accumulo.tserver.TabletServer; +import org.apache.accumulo.tserver.tablet.Tablet; +import org.apache.accumulo.tserver.tablet.TabletData; +import org.apache.hadoop.conf.Configuration; +import org.apache.hadoop.io.Text; +import org.apache.zookeeper.KeeperException; +import org.apache.zookeeper.WatchedEvent; +import org.apache.zookeeper.Watcher; +import org.junit.jupiter.api.AfterEach; +import org.junit.jupiter.api.Test; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +/** + * Test that validates that the TabletServer will be terminated when the lock is removed in + * ZooKeeper, but a Watcher in the TabletServer is preventing the LockWatcher to be invoked. + */ +public class HalfDeadServerWatcherIT extends AccumuloClusterHarness { + + public static class HalfDeadTabletServer extends TabletServer { + + private static final Logger LOG = LoggerFactory.getLogger(HalfDeadTabletServer.class); + + public static void main(String[] args) throws Exception { + try (HalfDeadTabletServer tserver = new HalfDeadTabletServer(new ServerOpts(), args)) { + tserver.runServer(); + } + } + + public static class StuckWatcher implements Watcher { + private static final Logger LOG = LoggerFactory.getLogger(StuckWatcher.class); + + @Override + public void process(WatchedEvent event) { + LOG.info("started sleeping..."); + while (true) { + LOG.info("still sleeping..."); + UtilWaitThread.sleep(2000); + } + } + + } + + protected HalfDeadTabletServer(ServerOpts opts, String[] args) { + super(opts, args); + } + + @Override + protected TreeMap<KeyExtent,TabletData> splitTablet(Tablet tablet, byte[] splitPoint) + throws IOException { + LOG.info("In HalfDeadServerWatcherIT::splitTablet"); + TreeMap<KeyExtent,TabletData> results = super.splitTablet(tablet, splitPoint); + if (!tablet.getExtent().isMeta()) { + final TableId tid = tablet.getExtent().tableId(); + final String zooRoot = this.getContext().getZooKeeperRoot(); + final String tableZPath = zooRoot + Constants.ZTABLES + "/" + tid.canonical(); + try { + this.getContext().getZooReaderWriter().exists(tableZPath, new StuckWatcher()); + } catch (KeeperException | InterruptedException e) { + LOG.error("Error setting watch at: {}", tableZPath, e); + } + LOG.info("Set StuckWatcher at: {}", tableZPath); + } + return results; + } + } + + private static final AtomicBoolean USE_VERIFICATION_THREAD = new AtomicBoolean(false); + + @Override + public void configureMiniCluster(MiniAccumuloConfigImpl cfg, Configuration hadoopCoreSite) { + if (USE_VERIFICATION_THREAD.get()) { + cfg.setProperty(Property.GENERAL_SERVER_LOCK_VERIFICATION_INTERVAL, "10s"); + } else { + cfg.setProperty(Property.GENERAL_SERVER_LOCK_VERIFICATION_INTERVAL, "0"); + } + cfg.setServerClass(ServerType.TABLET_SERVER, HalfDeadTabletServer.class); + cfg.setNumCompactors(0); + cfg.setNumScanServers(0); + cfg.setNumTservers(1); + } + + @AfterEach + public void afterTest() throws Exception { + getCluster().getClusterControl().stopAllServers(ServerType.TABLET_SERVER); + super.teardownCluster(); + USE_VERIFICATION_THREAD.set(!USE_VERIFICATION_THREAD.get()); + } + + @Test + public void testOne() throws Exception { + if (USE_VERIFICATION_THREAD.get()) { + // This test should use the verification thread, which should + // end the TabletServer, throw an Exception on the ping call, + // and return true + assertTrue(testTabletServerWithStuckWatcherDies()); + } else { + // This test should time out + assertThrows(IllegalStateException.class, () -> testTabletServerWithStuckWatcherDies()); + } + } + + @Test + public void testTwo() throws Exception { + if (USE_VERIFICATION_THREAD.get()) { + // This test should use the verification thread, which should + // end the TabletServer, throw an Exception on the ping call, + // and return true + assertTrue(testTabletServerWithStuckWatcherDies()); + } else { + // This test should time out + assertThrows(IllegalStateException.class, () -> testTabletServerWithStuckWatcherDies()); + } + } + + public boolean testTabletServerWithStuckWatcherDies() throws Exception { + try (AccumuloClient client = Accumulo.newClient().from(getClientProps()).build()) { + String tableName = getUniqueNames(1)[0]; + client.tableOperations().create(tableName); + + // add splits to the table, which should set a watcher on the table node in zookeeper Review Comment: ```suggestion // add splits to the table, which should set StuckWatcher on the table node in zookeeper ``` ########## core/src/main/java/org/apache/accumulo/core/conf/Property.java: ########## @@ -329,6 +329,11 @@ public enum Property { + " was changed and it now can accept multiple class names. The metrics spi was introduced in 2.1.3," + " the deprecated factory is org.apache.accumulo.core.metrics.MeterRegistryFactory.", "2.1.0"), + GENERAL_SERVER_LOCK_VERIFICATION_INTERVAL("general.server.lock.verification.interval", "2m", Review Comment: Wondering if this should be disabled by default in 2.1.4. Enabled by default in 3.1.0. If its working well could enable by default in 2.1.5. If this code has a bug that causes a false positive it could bring a cluster down. ########## server/base/src/main/java/org/apache/accumulo/server/AbstractServer.java: ########## @@ -139,6 +149,41 @@ public String getApplicationName() { return applicationName; } + /** + * Get the ServiceLock for this server process. May return null if called before the lock is + * acquired. + * + * @return lock ServiceLock or null + */ + public abstract ServiceLock getLock(); + + public void startServiceLockVerificationThread() { + final long interval = + getConfiguration().getTimeInMillis(Property.GENERAL_SERVER_LOCK_VERIFICATION_INTERVAL); + if (interval > 0) { + verificationThread = Threads.createThread("service-lock-verification-thread", + OptionalInt.of(Thread.NORM_PRIORITY + 1), () -> { + while (true && serverThread.isAlive()) { Review Comment: ```suggestion while (serverThread.isAlive()) { ``` ########## server/base/src/main/java/org/apache/accumulo/server/AbstractServer.java: ########## @@ -139,6 +149,41 @@ public String getApplicationName() { return applicationName; } + /** + * Get the ServiceLock for this server process. May return null if called before the lock is + * acquired. + * + * @return lock ServiceLock or null + */ + public abstract ServiceLock getLock(); + + public void startServiceLockVerificationThread() { + final long interval = + getConfiguration().getTimeInMillis(Property.GENERAL_SERVER_LOCK_VERIFICATION_INTERVAL); + if (interval > 0) { + verificationThread = Threads.createThread("service-lock-verification-thread", + OptionalInt.of(Thread.NORM_PRIORITY + 1), () -> { + while (true && serverThread.isAlive()) { + ServiceLock lock = getLock(); + try { + if (lock != null && !lock.verifyLockAtSource()) { Review Comment: Would be nice to add some trace logging for this thread that could be flipped on to see what its doing. Maybe a trace log before and after checking the lock. ########## server/base/src/main/java/org/apache/accumulo/server/AbstractServer.java: ########## @@ -139,6 +149,41 @@ public String getApplicationName() { return applicationName; } + /** + * Get the ServiceLock for this server process. May return null if called before the lock is + * acquired. + * + * @return lock ServiceLock or null + */ + public abstract ServiceLock getLock(); + + public void startServiceLockVerificationThread() { + final long interval = Review Comment: Would the following precondition make sense? Are there any other expectations that could be checked? ```suggestion Preconditions.checkState(verificationThread == null); final long interval = ``` -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
