Home | About | Sematext search-lucene.com search-hadoop.com
 Search Hadoop and all its subprojects:

Switch to Threaded View
Zookeeper, mail # dev - Does abrupt kill corrupts the datadir?


Copy link to this message
-
RE: FW: Does abrupt kill corrupts the datadir?
Laxman 2011-07-29, 09:26
Thanks you all for your inputs. That clears my suspect.
I will perform some test and publish in case of any finding.

-----Original Message-----
From: Andrei Savu [mailto:[EMAIL PROTECTED]]
Sent: Friday, July 29, 2011 4:45 AM
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Subject: Re: FW: Does abrupt kill corrupts the datadir?

I've been  doing some testing in the past for this scenario and I've
seen no data loss over an extended period of time (a day).

Testing steps:
0. start an ensemble running 5 servers
1. start an workload generator (e.g.  push a strictly increasing
sequence of numbers to a queue stored in zookeeper)
every few seconds: kill the cluster leader (-9) and restart

You should be careful how you handle ConnectionLossException &
OperationTimeoutException

You can find the code for this test here (executed against the trunk
version):
https://github.com/andreisavu/zookeeper-mq

-- Andrei Savu / andreisavu.ro

On Thu, Jul 28, 2011 at 9:05 AM, Benjamin Reed <[EMAIL PROTECTED]> wrote:
> almost everything we do in zookkeeper is to make sure that we don't
> lose data in much worse scenarios. the probably of a loss in this
> scenario is really just the probability of a bug in the code. i don't
> think that kill -TERM vs kill -KILL changes that probability at all
> either way.
>
> ben
>
> On Thu, Jul 28, 2011 at 12:50 AM, Laxman <[EMAIL PROTECTED]> wrote:
>> Thanks for the responses Mahadev, Pat and Ben.
>> I understand your explanation.
>>
>> My only question is "Will there be any probability data loss in the
scenario
>> mentioned?"
>>
>>>>>In worst case, if latest snaps in all zookeeper nodes gets corrupted
>> there is a chance of data loss.
>>
>>>>if we use sigterm in the script, we would want to put a timeout in to
>> escalate to a -9
>>
>> As Ben mentioned, even if we escalate to "kill -9" to ensure shutdown,
still
>> we may have data loss. But the probability is very less by giving a
chance
>> to shutdown gracefully.
>>
>> Please do correct me if my understanding is wrong.
>> --
>> Laxman
>>
>> -----Original Message-----
>> From: Benjamin Reed [mailto:[EMAIL PROTECTED]]
>> Sent: Thursday, July 28, 2011 11:40 AM
>> To: [EMAIL PROTECTED]
>> Subject: Re: FW: Does abrupt kill corrupts the datadir?
>>
>> i agree with pat. if we use sigterm in the script, we would want to
>> put a timeout in to escalate to a -9 which makes the script a bit more
>> complicated without reason since we don't have any exit hooks that we
>> want to run. zookeeper is designed to recover well from hard failures,
>> much worse than a kill -9. i don't think we want to change that.
>>
>> ben
>>
>> On Wed, Jul 27, 2011 at 10:25 AM, Patrick Hunt <[EMAIL PROTECTED]> wrote:
>>> ZK has been built around the "fail fast" approach. In order to
>>> maintain high availability we want to ensure that restarting a server
>>> will result in it attempting to rejoin the quorum. IMO we would not
>>> want to change this (kill -9).
>>>
>>> Patrick
>>>
>>> On Tue, Jul 26, 2011 at 2:02 AM, Laxman <[EMAIL PROTECTED]> wrote:
>>>> Hi Everyone,
>>>>
>>>> Any thoughts?
>>>> Do we need consider changing abrupt shutdown to
>>>>
>>>> Implementations in some other hadoop eco system projects for your
>> reference.
>>>> Hadoop - kill [SIGTERM]
>>>> HBase - kill [SIGTERM] and then "kill -9" [SIGKILL] if process hung
>>>> ZooKeeper - "kill -9" [SIGKILL]
>>>>
>>>>
>>>> -----Original Message-----
>>>> From: Laxman [mailto:[EMAIL PROTECTED]]
>>>> Sent: Wednesday, July 13, 2011 12:36 PM
>>>> To: '[EMAIL PROTECTED]'
>>>> Subject: RE: Does abrupt kill corrupts the datadir?
>>>>
>>>> Hi Mahadev,
>>>>
>>>> Shutdown hook is just a quick thought. Another approach can be just
give
>> a
>>>> kill [SIGTERM] call which can be interpreted by process.
>>>>
>>>> First look at the "kill -9" triggered the following scenario.
>>>>>In worst case, if latest snaps in all zookeeper nodes gets corrupted
>> there
>>>>>is a chance of dataloss.
>>>>
>>>> How does zookeeper can deal with this scenario gracefully?
operations
made
stop,
completely
signal
kill