rgw: during GC defer, prevent new GC enqueue #38228

ivancich · 2020-11-21T18:57:33Z

With the new queue-based GC code, when a GC defer operation is
performed, it adds an "urgent" record to prevent GC from removing
objects that are still being read. It does not check whether the
objects are on the GC queue or not and that's OK for the urgent
record.

The code also adds a new GC entry to the queue to cause GC to occur
at a later time. This would be incorrect if there was no GC entry to
begin with, however. In such a case this would cause GC to delete tail
objects when no user-initiated remove has happend. In other words a
READ could cause a DELETE of tail objects and therefore data loss.

This fix prevents such a new GC entry from being enqueued, thus
preventing the data loss in this rare case. There is a new risk that
tail object orphans to be created, but as an immediate fix to prevent
data loss, this is appropriate and it is a rare event. A follow-on PR
that will handle these cases is likely.

This PR adds a level 0 log entry as a way to potentially confirm this
case is being triggered in real-world cases. In time, this log entry
should be deleted.

Signed-off-by: J. Eric Ivancich ivancich@redhat.com

Fixes: https://tracker.ceph.com/issues/47866

With the new queue-based GC code, when a GC defer operation is performed, it adds an "urgent" record to prevent GC from removing objects that are still being read. It does not check whether the objects are on the GC queue or not and that's OK for the urgent record. The code *also* adds a new GC entry to the queue to cause GC to occur at a later time. This would be incorrect if there was no GC entry to begin with, however. In such a case this would cause GC to delete tail objects when no user-initiated remove has happend. In other words a READ could cause a DELETE of tail objects and therefore data loss. This fix prevents such a new GC entry from being enqueued, thus preventing the data loss in this rare case. There is a new risk that tail object orphans to be created, but as an immediate fix to prevent data loss, this is appropriate and it is a rare event. A follow-on PR that will handle these cases is likely. This PR adds a level 0 log entry as a way to potentially confirm this case is being triggered in real-world cases. In time, this log entry should be deleted. Signed-off-by: J. Eric Ivancich <ivancich@redhat.com>

mattbenjamin

lgtm

ivancich · 2020-11-22T15:35:48Z

Teuthology results:

ivancich added bug-fix rgw needs-review labels Nov 21, 2020

ivancich requested review from mattbenjamin, cbodley and pritha-srivastava November 21, 2020 18:57

mattbenjamin approved these changes Nov 21, 2020

View reviewed changes

ivancich added needs-qa needs-test wip-eric-testing-1 for ivancich testing and removed needs-review needs-test labels Nov 21, 2020

ivancich merged commit cf18f7e into ceph:master Nov 22, 2020

ivancich deleted the wip-rgw-gc-defer-should-not-enqueue branch November 22, 2020 15:37

ivancich removed needs-qa wip-eric-testing-1 for ivancich testing labels Nov 22, 2020

ivancich mentioned this pull request Nov 23, 2020

octopus: rgw: during GC defer, prevent new GC enqueue #38249

Merged

cbodley mentioned this pull request Nov 23, 2020

rgw: cls_rgw_gc_queue_remove_entries() manages deferred entries #38251

Closed

3 tasks

ivancich mentioned this pull request Jan 29, 2021

rgw: tooling to locate rgw objects with missing rados components #39176

Merged

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

rgw: during GC defer, prevent new GC enqueue #38228

rgw: during GC defer, prevent new GC enqueue #38228

ivancich commented Nov 21, 2020

mattbenjamin left a comment

ivancich commented Nov 22, 2020

rgw: during GC defer, prevent new GC enqueue #38228

rgw: during GC defer, prevent new GC enqueue #38228

Conversation

ivancich commented Nov 21, 2020

mattbenjamin left a comment

Choose a reason for hiding this comment

ivancich commented Nov 22, 2020