New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
mon: handle bad snapshot removal reqs gracefully #20835
Conversation
Snapshot deletion requests on snap ids larger than the snap_seq of the pool will leave the pool in a state with snap_seq being less than max(removed_snaps). This is bad because further deletion requests to a pool in this state might crash the mon in some cases: the deletion also inserts the new snap_seq into the removed_snaps set -- which might already exist in this case and trigger an assert. Such bad requests will be generated by rbd clients without a fix for issue ceph#21567. The change in OSDMonitor prevents pools from getting into this state and may prevent old broken clients from incorrectly deleting snaps. The change in osd_types avoids a crash if a pool is already in this state. Fixes ceph#18746 Signed-off-by: Paul Emmerich <paul.emmerich@croit.io>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hmm.
Unfortunately, this isn't safe on its own: the MDS does not use the monitor to allocate snap IDs, so its deleted snapids won't necessarily be lower than that of the pool overall.
I am...really not sure what the best way to resolve this is. Perhaps a tool that goes through and allocates snapids in the (ec) data pool that match those used in the (replicated) rbd metadata pool? And then does the deletes?
why not updating snap_seq? like OSDMonitor::prepare_remove_snaps() does. |
So just adding the second change:
would at least fix the crash if you already have a broken pool (or, apparently, a pool that's being used by both cephfs and rbd?) Can you point me to the relevant code in the MDS? I'm not familiar with cephfs snapshots :/ Also, somewhat related: if you got a pool which was used by both 12.2.1 and newer clients: it's quite annoying to safely handle all edge cases to clean up the mess that was left behind... |
src/mds/SnapServer.cc SnapServer::check_osd_map() |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
lgtm
Snapshot deletion requests on snap ids larger than the snap_seq of
the pool will leave the pool in a state with snap_seq being less
than max(removed_snaps).
This is bad because further deletion requests to a pool in this state
might crash the mon in some cases: the deletion also inserts the new
snap_seq into the removed_snaps set -- which might already exist
in this case and trigger an assert.
Such bad requests will be generated by rbd clients without a fix for
issue #21567.
The change in OSDMonitor prevents pools from getting into this state
and may prevent old broken clients from incorrectly deleting snaps.
The change in osd_types avoids a crash if a pool is already in this
state.
Fixes https://tracker.ceph.com/issues/18746
Signed-off-by: Paul Emmerich paul.emmerich@croit.io