Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix: agent: prevent fencing from hanging on sbd commands if any of the devices is silently blocked #119

Open
wants to merge 3 commits into
base: main
Choose a base branch
from
Open

Fix: agent: prevent fencing from hanging on sbd commands if any of the devices is silently blocked #119

wants to merge 3 commits into from

Conversation

gao-yan
Copy link
Member

@gao-yan gao-yan commented Nov 12, 2020

If any of the configured SBD devices is silently blocked without any explicit I/O error from kernel, fencing will get stuck and time out, even if the majority of the devices are still available.

Under this situation, gethosts, off/reset and status actions will get stuck on sbd list, dump, or message command which will be hanging on exit_aio() on exit, and become D state.

With these commits, sbd fence agent asynchronously calls the commands individually for the devices and returns whenever the purposes of the commands are achieved, so that it prevents execution of sbd fence agent from unnecessary hanging under such a situation.

@gao-yan
Fix: agent: prevent gethosts action and timeout validation from hangi…
f1a6d83 
…ng on list and dump commands if any of the devices is silently blocked

If any of the configured SBD devices is silently blocked without any
explicit I/O error from kernel, fencing will get stuck and time out,
even if the majority of the devices are still available.

On fencing, list and dump commands are called first. Under this
situation, the commands will print output but get stuck on exit_aio() on
exit, and become D state.

With this commit, sbd fence agent asynchronously calls the commands
individually for the devices and wait for any successful return and
collect the output, so that it prevents execution of sbd fence agent
from hanging.
@gao-yan
Fix: agent: prevent off/reset action from hanging on message command …
97821f6 
…if any of the devices is silently blocked

Differently from list and dump commands, message command is actually
kind of already asynchronous. Rather than directly accessing the
devices, it spawns multiple writing child processes in parallel, one for
each device, and waits for majority of them to finish writing of poison
pill and returns, even if the minority gets stuck in D state.

But if it's called by stonith command, sbd fence agent process will
become "defunct" state and get stuck. This commits prevent that by
asynchronously calling message command with a subshell.
@gao-yan
Fix: agent: prevent status action from hanging on list command if any…
4b98b42 
… of the devices is silently blocked

If any of the configured SBD devices is silently blocked without any
explicit I/O error from kernel, status action will get stuck on list
command which will be hanging on exit_aio() and become D state.

With this commit, sbd fence agent asynchronously calls list command
individually for the devices and won't wait for any devices that
actually have been already reported failed, so that it prevents hanging
under such a situation.
@gao-yan
Copy link
Member Author

gao-yan commented Nov 12, 2020

Let's first confirm the concept. I'll ask the user to test it as well.

@wenningerk
Copy link

Let's first confirm the concept. I'll ask the user to test it as well.

Definitely something that looks as if it need improvement.
Personally I guess we should try to tackle the issue in sbd itself and not in the fencing-script.
One of the reasons is that like this we have to do it twice. fence_sbd should suffer from similar issues.
Was as well thinking if we could pass the logic to pacemaker-fenced - like using topology - not directly usable but the concept could be extended ...

@kgaillot What do you think?

@wenningerk
Copy link

@gao-yan what are you using to simulate the stall behavior?

Maybe we can add it to the tests then.

@gao-yan
Copy link
Member Author

gao-yan commented Nov 13, 2020

Personally I guess we should try to tackle the issue in sbd itself and not in the fencing-script.
One of the reasons is that like this we have to do it twice. fence_sbd should suffer from similar issues.

Indeed... I'll take a look what could be done with sbd itself.

@gao-yan what are you using to simulate the stall behavior?

Maybe we can add it to the tests then.

I haven't figured out how to simulate it in a test environment. So far I've been testing it with an iscsi setup and iptables :-)

@wenningerk
Copy link

wenningerk commented Nov 13, 2020
edited
Loading

I haven't figured out how to simulate it in a test environment. So far I've been testing it with an iscsi setup and iptables :-)

Maybe something simple in the testbed I've written would be enough.
I'm already intercepting most of the IO stuff so that we could add configurable delays/stalls.
That includes libaio-calls where I'm either just wrapping the original calls or replacing them with an implementation mapping to read/write. That behavior is switchable and we can pick what sounds easier for that purpose.

@kgaillot
Copy link

Was as well thinking if we could pass the logic to pacemaker-fenced - like using topology - not directly usable but the concept could be extended ...

@kgaillot What do you think?

Not sure what you mean. Are you suggesting using something like topology to manage multiple sbd devices, so that sbd and fence_sbd only ever deal with a single device?

@wenningerk
Copy link

Not sure what you mean. Are you suggesting using something like topology to manage multiple sbd devices, so that sbd and fence_sbd only ever deal with a single device?

Yes. Wanted to see if thinking in that direction leads to somewhere useful as pacemaker already has that logic of individual timeouts and logic combination already. Parallel fencing is already available - not in case of topologies I guess though. Being content with a quorate number of positive results would have to be added.

@wenningerk
Copy link

@gao-yan
Sorry for not driving this further in the last nearly 2 years.
Do you have updates for your work on the fencing-script?
I would still prefer doing the parallel-execution-stuff in
the c-code although I've just submitted a PR for fence_sbd
that should do a similar thing.
With a device-mapper-disk that is suspended we are
currently creating D state children - which is really ugly
but probably hard to avoid with the current architecture.
An alternative might be handling the messaging via
some kind of ipc with the sbd-daemon.

@gao-yan
Copy link
Member Author

gao-yan commented Jul 29, 2022

You happened to ask :-) I actually just got the chance to get back to this one. I'm working on a solution in the C code to make several sbd commands execute with sub-processes for respective devices to prevent a main process from hanging. It should be universally beneficial for both sbd fence agents, so that we could avoid changing the fence agents. I'm going to open a PR soon to show you the draft so that we can talk about the details.

@wenningerk
Copy link

That's cool! Good that I asked before starting a parallel project ;-)

gao-yan added a commit to gao-yan/sbd that referenced this pull request Aug 1, 2022
@gao-yan
Feature: sbd-inquisitor,sbd-md: execute commands with sub-processes f…
fc73ddf 
…or respective devices

This is an universal solution to prevent fencing from hanging on
silently blocked devices as originally brought up from
ClusterLabs#119
gao-yan added a commit to gao-yan/sbd that referenced this pull request Aug 1, 2022
@gao-yan
Feature: sbd-inquisitor,sbd-md: execute commands with sub-processes f…
8d85762 
…or respective devices

This is an universal solution to prevent fencing from hanging on
silently blocked devices as originally brought up from
ClusterLabs#119.
@gao-yan gao-yan mentioned this pull request Aug 1, 2022
Open
gao-yan added a commit to gao-yan/sbd that referenced this pull request Aug 1, 2022
@gao-yan
Feature: sbd-inquisitor,sbd-md: execute commands with sub-processes f…
bbb3cc9 
…or respective devices

This is an universal solution to prevent fencing from hanging on
silently blocked devices as originally brought up from
ClusterLabs#119.
gao-yan added a commit to gao-yan/sbd that referenced this pull request Aug 4, 2022
@gao-yan
Feature: sbd-inquisitor,sbd-md: execute dump command with sub-process…
1adc18d 
…es for respective devices

This is an universal solution to prevent fencing from hanging on
silently blocked devices as originally brought up from
ClusterLabs#119.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@gao-yan @wenningerk @kgaillot