You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@flink.apache.org by "ASF GitHub Bot (JIRA)" <ji...@apache.org> on 2017/05/18 11:47:04 UTC
[jira] [Commented] (FLINK-6612) ZooKeeperStateHandleStore does not
guard against concurrent delete operations
[ https://issues.apache.org/jira/browse/FLINK-6612?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16015629#comment-16015629 ]
ASF GitHub Bot commented on FLINK-6612:
---------------------------------------
GitHub user tillrohrmann opened a pull request:
https://github.com/apache/flink/pull/3939
[FLINK-6612] Allow ZooKeeperStateHandleStore to lock created ZNodes
In order to guard against deletions of ZooKeeper nodes which are still being used
by a different ZooKeeperStateHandleStore, we have to introduce a locking mechanism.
Only after all ZooKeeperStateHandleStores have released their lock, the ZNode is
allowed to be deleted.
THe locking mechanism is implemented via ephemeral child nodes of the respective
ZooKeeper node. Whenever a ZooKeeperStateHandleStore wants to lock a ZNode, thus,
protecting it from being deleted, it creates an ephemeral child node. The node's
name is unique to the ZooKeeperStateHandleStore instance. The delete operations
will then only delete the node if it does not have any children associated.
In order to guard against oprhaned lock nodes, they are created as ephemeral nodes.
This means that they will be deleted by ZooKeeper once the connection of the
ZooKeeper client which created the node timed out.
cc @StefanRRichter
You can merge this pull request into a Git repository by running:
$ git pull https://github.com/tillrohrmann/flink addZooKeeperRefCounting
Alternatively you can review and apply these changes as the patch at:
https://github.com/apache/flink/pull/3939.patch
To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:
This closes #3939
----
commit def077a8d95921645733169d420d548842dde257
Author: Till Rohrmann <tr...@apache.org>
Date: 2017-05-17T12:52:04Z
[FLINK-6612] Allow ZooKeeperStateHandleStore to lock created ZNodes
In order to guard against deletions of ZooKeeper nodes which are still being used
by a different ZooKeeperStateHandleStore, we have to introduce a locking mechanism.
Only after all ZooKeeperStateHandleStores have released their lock, the ZNode is
allowed to be deleted.
THe locking mechanism is implemented via ephemeral child nodes of the respective
ZooKeeper node. Whenever a ZooKeeperStateHandleStore wants to lock a ZNode, thus,
protecting it from being deleted, it creates an ephemeral child node. The node's
name is unique to the ZooKeeperStateHandleStore instance. The delete operations
will then only delete the node if it does not have any children associated.
In order to guard against oprhaned lock nodes, they are created as ephemeral nodes.
This means that they will be deleted by ZooKeeper once the connection of the
ZooKeeper client which created the node timed out.
----
> ZooKeeperStateHandleStore does not guard against concurrent delete operations
> -----------------------------------------------------------------------------
>
> Key: FLINK-6612
> URL: https://issues.apache.org/jira/browse/FLINK-6612
> Project: Flink
> Issue Type: Bug
> Components: Distributed Coordination, State Backends, Checkpointing
> Affects Versions: 1.3.0, 1.4.0
> Reporter: Till Rohrmann
> Assignee: Till Rohrmann
> Priority: Blocker
> Fix For: 1.3.0, 1.4.0
>
>
> The {{ZooKeeperStateHandleStore}} does not guard against concurrent delete operations which could happen in case of a lost leadership and a new leadership grant. The problem is that checkpoint nodes can get deleted even after they have been recovered by another {{ZooKeeperCompletedCheckpointStore}}. This corrupts the recovered checkpoint and thwarts future recoveries.
> I propose to add reference counting to the {{ZooKeeperStateHandleStore}}. That way, we can monitor how many concurrent processes have a hold on a given checkpoint node. Only if the reference count reaches {{0}}, we are allowed to delete the checkpoint node and dispose the checkpoint data.
> Stephan proposed to use ephemeral child nodes to track the reference count of a checkpoint node. That way we are sure that locks on the a checkpoint node are released in case of {{JobManager}} failures.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)