This is an automatically generated e-mail. To reply, visit:
(Updated Oct. 15, 2015, 1:21 a.m.)
Review request for mesos, Jie Yu, Joris Van Remoortere, and Timothy Chen.
Fixed Linux compile errors in test code.
MESOS-3280. The basic problem is that replicas silently ignore inbound Promise
and Write requests if they have not finished the recovery protocol yet (because
they can't safely vote on such requests). Hence, if we try to do a Paxos round
while a quorum of nodes have not finished recovering, the Paxos round will never
complete. In particular, this might happen during coordinator election:
coordinator election (which is implemented as performing a full Paxos round)
starts as soon as the candidate coordinator replica has finished the recovery
protocol. If several nodes start concurrently, a quorum of those nodes might
still be executing the recovery protocol, and hence the coordinator will never
To address this, add "ignored" responses to the Promise and Write sub-protocols:
if a proposer sees a quorum of "ignored" responses to a promise or write request
it has issued, it knows the request will never succeed. When used for
coordinator election, the current coding will retry immediately (without a
Note that replicas will still silently drop promise/write requests if another
kind of problem occurs (e.g., an I/O error prevents reading/writing log
data). We might consider changing this, although it will require some thought:
e.g., if a replica's disk is broken, sending an "ignored" message on every
request might flood the network.
CODE REVIEW TO DISCUSS / FIX:
* Test mock is incredibly ugly: it works, but we clearly need a better approach
before committing this. I've been chatting with @tnachen to find a better
approach but haven't got anything that works yet.
* Should we add a backoff when retrying after a failed coordinator election?
* Should we also send back an "ignored" response if an I/O error occurs?
"make check" passes, including a new test that uses a newly constructed mock to
ensure we're testing the message schedule described above.
I also wrote a script stops and starts mesos-master in a loop, removing the
replicated log each time. Without the patch, this occasionally fails with a
"registry fetch" timeout; with the patch, you can observe several scenarios
where coordinator election is reborted and retried because a quorum of ignored
responses is seen. Note that in some cases, we need to retry coordinator
election up to ~70 times (!), because we don't currently use a backoff; that
should probably be fixed, per comments above. But the important point is that
election eventually succeeds and we don't hang.