You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cassandra.apache.org by "Robert Coli (JIRA)" <ji...@apache.org> on 2013/10/26 00:17:30 UTC
[jira] [Created] (CASSANDRA-6245) "nodetool refresh" design is
unsafe
Robert Coli created CASSANDRA-6245:
--------------------------------------
Summary: "nodetool refresh" design is unsafe
Key: CASSANDRA-6245
URL: https://issues.apache.org/jira/browse/CASSANDRA-6245
Project: Cassandra
Issue Type: Bug
Components: Core
Reporter: Robert Coli
Priority: Minor
CASSANDRA-2991 added a "nodetool refresh" feature by which Cassandra is able to discover non-live SSTables in the datadir and make them live.
It does this by :
1) looking for SSTable files in the data dir
2) renaming SSTables it finds into the current SSTable id sequence
This implementation is exposed to a race with a chance of silent data loss.
1) Node's SSTable id sequence is on sstable #2, the next table to flush will get "2" as its numeric part
2) Copy SSTable with "2" as its numeric part into data dir
3) nodetool flush
4) notice that your "2" SSTable has been silently overwritten by a just-flushed "2" SSTable
5) nodetool refresh would still succeed, but would now be a no-op
A simple solution would be to create a subdirectory of the datadir called "refresh/" to serve as the location to refresh from.
Alternately/additionally, there is probably not really a compelling reason for Cassandra to completely ignore existing files at write time.. a check for existing files at a given index and inflating the index to avoid overwriting them them seems trivial and inexpensive. I will gladly file a JIRA for this change in isolation if there is interest.
--
This message was sent by Atlassian JIRA
(v6.1#6144)