Re: [Tarantool-patches] [PATCH 1/2] raft: fix crash on sm restart during WAL write

[Serge Petrenko <sergepetrenko@tarantool.org>]

07.11.2020 19:45, Vladislav Shpilevoy пишет:
> Raft state machine crashed if was restarted during a WAL write
> being in progress. When the machine was started, it didn't assume
> there still can be a not finished WAL write from the time it was
> enabled earlier.
>
> The patch makes it continue waiting for the write end.

Hi!  Thanks  for the patch!

LGTM.

>
> Part of #5506
> ---
>   src/box/raft.c                                | 13 ++++-
>   .../gh-5506-election-on-off.result            | 55 +++++++++++++++++++
>   .../gh-5506-election-on-off.test.lua          | 31 +++++++++++
>   test/replication/suite.cfg                    |  1 +
>   test/replication/suite.ini                    |  2 +-
>   5 files changed, 98 insertions(+), 4 deletions(-)
>   create mode 100644 test/replication/gh-5506-election-on-off.result
>   create mode 100644 test/replication/gh-5506-election-on-off.test.lua
>
> diff --git a/src/box/raft.c b/src/box/raft.c
> index 914b0d68f..3a99a0f26 100644
> --- a/src/box/raft.c
> +++ b/src/box/raft.c
> @@ -857,13 +857,20 @@ raft_sm_start(void)
>   {
>   	say_info("RAFT: start state machine");
>   	assert(!ev_is_active(&raft.timer));
> -	assert(!raft.is_write_in_progress);
>   	assert(!raft.is_enabled);
>   	assert(raft.state == RAFT_STATE_FOLLOWER);
>   	raft.is_enabled = true;
>   	raft.is_candidate = raft.is_cfg_candidate;
> -	if (!raft.is_candidate) {
> -		/* Nop. */;
> +	if (raft.is_write_in_progress) {
> +		/*
> +		 * Nop. If write is in progress, the state machine is frozen. It
> +		 * is continued when write ends.
> +		 */
> +	} else if (!raft.is_candidate) {
> +		/*
> +		 * Nop. When a node is not a candidate, it can't initiate
> +		 * elections anyway, so it does not need to monitor the leader.
> +		 */
>   	} else if (raft.leader != 0) {
>   		raft_sm_wait_leader_dead();
>   	} else {
> diff --git a/test/replication/gh-5506-election-on-off.result b/test/replication/gh-5506-election-on-off.result
> new file mode 100644
> index 000000000..1a718396f
> --- /dev/null
> +++ b/test/replication/gh-5506-election-on-off.result
> @@ -0,0 +1,55 @@
> +-- test-run result file version 2
> +test_run = require('test_run').new()
> + | ---
> + | ...
> +
> +old_election_mode = box.cfg.election_mode
> + | ---
> + | ...
> +old_replication_timeout = box.cfg.replication_timeout
> + | ---
> + | ...
> +
> +--
> +-- gh-5506: Raft state machine crashed in case there was a WAL write in
> +-- progress, and Raft was disabled + enabled back immediately. It didn't assume
> +-- that there can be a not finished WAL write when Raft is just enabled.
> +--
> +
> +-- Start a WAL write and wait when it starts.
> +box.error.injection.set("ERRINJ_WAL_DELAY_COUNTDOWN", 0)
> + | ---
> + | - ok
> + | ...
> +box.cfg{                                                                        \
> +    election_mode = 'candidate',                                                \
> +    replication_timeout = 0.1,                                                  \
> +}
> + | ---
> + | ...
> +test_run:wait_cond(function()                                                   \
> +    return box.error.injection.get("ERRINJ_WAL_DELAY")                          \
> +end)
> + | ---
> + | - true
> + | ...
> +
> +-- Restart the state machine. It should notice the not finished WAL write and
> +-- continue waiting.
> +box.cfg{election_mode = 'off'}
> + | ---
> + | ...
> +box.cfg{election_mode = 'candidate'}
> + | ---
> + | ...
> +box.error.injection.set("ERRINJ_WAL_DELAY", false)
> + | ---
> + | - ok
> + | ...
> +
> +box.cfg{                                                                        \
> +    election_mode = old_election_mode,                                          \
> +    replication_timeout = old_replication_timeout,                              \
> +}
> + | ---
> + | ...
> diff --git a/test/replication/gh-5506-election-on-off.test.lua b/test/replication/gh-5506-election-on-off.test.lua
> new file mode 100644
> index 000000000..290408f06
> --- /dev/null
> +++ b/test/replication/gh-5506-election-on-off.test.lua
> @@ -0,0 +1,31 @@
> +test_run = require('test_run').new()
> +
> +old_election_mode = box.cfg.election_mode
> +old_replication_timeout = box.cfg.replication_timeout
> +
> +--
> +-- gh-5506: Raft state machine crashed in case there was a WAL write in
> +-- progress, and Raft was disabled + enabled back immediately. It didn't assume
> +-- that there can be a not finished WAL write when Raft is just enabled.
> +--
> +
> +-- Start a WAL write and wait when it starts.
> +box.error.injection.set("ERRINJ_WAL_DELAY_COUNTDOWN", 0)
> +box.cfg{                                                                        \
> +    election_mode = 'candidate',                                                \
> +    replication_timeout = 0.1,                                                  \
> +}
> +test_run:wait_cond(function()                                                   \
> +    return box.error.injection.get("ERRINJ_WAL_DELAY")                          \
> +end)
> +
> +-- Restart the state machine. It should notice the not finished WAL write and
> +-- continue waiting.
> +box.cfg{election_mode = 'off'}
> +box.cfg{election_mode = 'candidate'}
> +box.error.injection.set("ERRINJ_WAL_DELAY", false)
> +
> +box.cfg{                                                                        \
> +    election_mode = old_election_mode,                                          \
> +    replication_timeout = old_replication_timeout,                              \
> +}
> diff --git a/test/replication/suite.cfg b/test/replication/suite.cfg
> index 8fd62fdb8..f2addebda 100644
> --- a/test/replication/suite.cfg
> +++ b/test/replication/suite.cfg
> @@ -16,6 +16,7 @@
>       "gh-4424-misc-orphan-on-reconfiguration-error.test.lua": {},
>       "gh-5426-election-on-off.test.lua": {},
>       "gh-5433-election-restart-recovery.test.lua": {},
> +    "gh-5506-election-on-off.test.lua": {},
>       "once.test.lua": {},
>       "on_replace.test.lua": {},
>       "status.test.lua": {},
> diff --git a/test/replication/suite.ini b/test/replication/suite.ini
> index 6136c934f..34ee32550 100644
> --- a/test/replication/suite.ini
> +++ b/test/replication/suite.ini
> @@ -3,7 +3,7 @@ core = tarantool
>   script =  master.lua
>   description = tarantool/box, replication
>   disabled = consistent.test.lua
> -release_disabled = catch.test.lua errinj.test.lua gc.test.lua gc_no_space.test.lua before_replace.test.lua qsync_advanced.test.lua qsync_errinj.test.lua quorum.test.lua recover_missing_xlog.test.lua sync.test.lua long_row_timeout.test.lua gh-4739-vclock-assert.test.lua gh-4730-applier-rollback.test.lua gh-5140-qsync-casc-rollback.test.lua gh-5144-qsync-dup-confirm.test.lua gh-5167-qsync-rollback-snap.test.lua
> +release_disabled = catch.test.lua errinj.test.lua gc.test.lua gc_no_space.test.lua before_replace.test.lua qsync_advanced.test.lua qsync_errinj.test.lua quorum.test.lua recover_missing_xlog.test.lua sync.test.lua long_row_timeout.test.lua gh-4739-vclock-assert.test.lua gh-4730-applier-rollback.test.lua gh-5140-qsync-casc-rollback.test.lua gh-5144-qsync-dup-confirm.test.lua gh-5167-qsync-rollback-snap.test.lua gh-5506-election-on-off.test.lua
>   config = suite.cfg
>   lua_libs = lua/fast_replica.lua lua/rlimit.lua
>   use_unix_sockets = True

-- 
Serge Petrenko