New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
rgw: abort multipart if upload meta object doesn't exist #19918
Conversation
36f40c2
to
556e3ed
Compare
that does sound reasonable, yeah. i'm guessing we could end up in the same situation with a racing AbortMultipart too? my question is, after detecting EEXIST on the meta object with your approach here, do we still leak the part objects themselves? we might want some cleanup logic in that case that schedules the part for gc (similar to |
src/rgw/rgw_op.cc
Outdated
@@ -3130,8 +3130,7 @@ int RGWPutObjProcessor_Multipart::do_complete(size_t accounted_size, | |||
|
|||
store->obj_to_raw(s->bucket_info.placement_rule, meta_obj, &raw_meta_obj); | |||
|
|||
r = store->omap_set(raw_meta_obj, p, bl); | |||
|
|||
r = store->omap_set(raw_meta_obj, p, bl, true); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
this could use a clarifying comment, ex:
const bool must_exist = true; // detect races with abort
r = store->omap_set(raw_meta_obj, p, bl, must_exist);
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@cbodley
great idea!
Did you mean that HTTP AbortMultipart race with HTTP PutObject?
yeah, my approach is to detect the meta object exist, in other words meta object related to the upload-id must exist when a part is being uploaded.
could you explain what part objects point to? |
Signed-off-by: fang yuxiang fang.yuxiang@eisoo.com
556e3ed
to
e20987c
Compare
I think i got u, thanks! There is one kind of race conditon. A perfect method maybe need iterate the rados pool upload meta object. Do you have better idea? |
i had something a bit different in mind:
my idea was to, when PutObj detects ENOENT there, schedule the part for gc |
@cbodley If I am not mistaken, the process you mentioned above may not cause part leaked.
|
I think this is a kind of race conditon that will cause data leak, but it may be low probability.
|
Hi @cbodley
I am not sure if the phenomenon mentioned below is an issue.
For testing, we configured a lc rule that will delete residual multipart uploaded a day ago, then we configured rgw_lc_debug_interval to 300, which meant that lc rule will delete residual multipart uploaded 300 seconds ago.
Then we started to upload a big object use s3 multipart and got 'invalid part' error finally, which was caused by lc process for the uploading time exceeded 300 seconds and it was reasonable.
But the result was that there were some residual parts from the upload and they can't be deleted by lc process any more, the reason was that upload meta object was deleted from the bucket index in last process by lc, so they will be forever residual parts.
So is it reasonable that we test if upload meta object is existing before set current part to its omap? The part will fail if upload meta object is not existing.