Clean up Node#close. #39317
Merged
Clean up Node#close. #39317
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
`Node#close` is pretty hard to rely on today: - it might swallow exceptions - it waits for 10 seconds for threads to terminate but doesn't signal anything if threads are still not terminated after 10 seconds This commit makes `IOException`s propagated and splits `Node#close` into `Node#close` and `Node#awaitClose` so that the decision what to do if a node takes too long to close can be done on top of `Node#close`. It also adds synchronization to lifecycle transitions to make them atomic. I don't think it is a source of problems today, but it makes things easier to reason about.
|
Pinging @elastic/es-core-infra |
|
@elasticmachine run elasticsearch-ci/packaging-sample |
| } catch (IOException ex) { | ||
| throw new ElasticsearchException("failed to stop node", ex); | ||
| } catch (InterruptedException e) { | ||
| Thread.currentThread().interrupt(); | ||
| LogManager.getLogger(Bootstrap.class).warn("Thread got interrupted while waiting for the node to shutdown."); |
There was a problem hiding this comment.
How about we revert the order here (i.e. first log the message, then restore interrupt status)?
| } | ||
| } catch (InterruptedException e) { | ||
| Thread.currentThread().interrupt(); | ||
| LogManager.getLogger(Bootstrap.class).warn("Thread got interrupted while waiting for the node to shutdown."); |
There was a problem hiding this comment.
Also here I suggest to revert the order.
| lifecycle.moveToStarted(); | ||
| for (LifecycleListener listener : listeners) { | ||
| listener.afterStart(); | ||
| synchronized (lifecycle) { |
There was a problem hiding this comment.
I think it can become tricky to synchronize on an object that can also be directly accessed by subclasses. The state of Lifecycle has only one field that is declared volatile and as far as I could see all usages in subclasses only query the state and only the base class modifies it. From that perspective we are safe but it is easy to introduce subtle bugs. I wonder whether in the future it would make sense to think about encapsulating Lifecycle in AbstractLifecycleComponent to make this a bit more robust.
| @@ -308,6 +312,15 @@ protected void doClose() throws IOException { | |||
| indicesRefCount.decRef(); | |||
| } | |||
|
|
|||
| /** | |||
| * Wait for this {@link IndicesService} to be effectively closed. When this returns, all shard and shard stores are closed and all | |||
There was a problem hiding this comment.
I think the comment is not entirely accurate? The guarantees described here only hold if this method returns true. If it returns false it timed out waiting for the condition to happen.
| @@ -183,8 +184,15 @@ public void run() { | |||
| IOUtils.close(node, spawner); | |||
| LoggerContext context = (LoggerContext) LogManager.getContext(false); | |||
| Configurator.shutdown(context); | |||
| if (node != null && node.awaitClose(10, TimeUnit.SECONDS) == false) { | |||
| throw new IOException("Node didn't stop within 10 seconds. " + | |||
There was a problem hiding this comment.
I think IllegalStateException might be more appropriate?
| @@ -267,6 +275,12 @@ private void start() throws NodeValidationException { | |||
| static void stop() throws IOException { | |||
| try { | |||
| IOUtils.close(INSTANCE.node, INSTANCE.spawner); | |||
| if (INSTANCE.node != null && INSTANCE.node.awaitClose(10, TimeUnit.SECONDS) == false) { | |||
| throw new IOException("Node didn't stop within 10 seconds. Any outstanding requests or tasks might get killed."); | |||
There was a problem hiding this comment.
I think IllegalStateException might be more appropriate?
|
|
||
|
|
||
| ThreadPool threadPool = injector.getInstance(ThreadPool.class); | ||
| final boolean terminated = ThreadPool.terminate(threadPool, timeout, timeUnit); |
There was a problem hiding this comment.
I find it a bit odd to call a mutating method in an await-style method but I do see the reason why it is needed here.
| @@ -1049,6 +1049,13 @@ public void close() throws IOException { | |||
| closed.set(true); | |||
| markNodeDataDirsAsPendingForWipe(node); | |||
| node.close(); | |||
| try { | |||
| if (node.awaitClose(10, TimeUnit.SECONDS) == false) { | |||
| throw new IOException("Node didn't close within 10 seconds."); | |||
There was a problem hiding this comment.
I think IllegalStateException might be more appropriate?
|
Thanks @danielmitterdorfer for looking. I wonder whether you have thoughts on the overall approach as well? |
The overall approach makes sense to me. |
danielmitterdorfer
approved these changes
Apr 16, 2019
|
Thanks @danielmitterdorfer ! |
jpountz
added a commit
to jpountz/elasticsearch
that referenced
this pull request
Apr 17, 2019
`Node#close` is pretty hard to rely on today: - it might swallow exceptions - it waits for 10 seconds for threads to terminate but doesn't signal anything if threads are still not terminated after 10 seconds This commit makes `IOException`s propagated and splits `Node#close` into `Node#close` and `Node#awaitClose` so that the decision what to do if a node takes too long to close can be done on top of `Node#close`. It also adds synchronization to lifecycle transitions to make them atomic. I don't think it is a source of problems today, but it makes things easier to reason about.
jpountz
added a commit
that referenced
this pull request
Apr 17, 2019
`Node#close` is pretty hard to rely on today: - it might swallow exceptions - it waits for 10 seconds for threads to terminate but doesn't signal anything if threads are still not terminated after 10 seconds This commit makes `IOException`s propagated and splits `Node#close` into `Node#close` and `Node#awaitClose` so that the decision what to do if a node takes too long to close can be done on top of `Node#close`. It also adds synchronization to lifecycle transitions to make them atomic. I don't think it is a source of problems today, but it makes things easier to reason about.
jaymode
added a commit
to jaymode/elasticsearch
that referenced
this pull request
May 8, 2019
The changes in elastic#39317 brought to light some concurrency issues in the close method of Recyclers as we do not wait for threads running in the threadpool to be finished prior to the closing of the PageCacheRecycler and the Recyclers that are used internally. elastic#41695 was opened to address the concurrent close issues but upon review, the closing of these classes is not really needed as the instances should be become available for garbage collection once there is no longer a reference to the closed node. Closes elastic#41683
jaymode
added a commit
that referenced
this pull request
May 10, 2019
The changes in #39317 brought to light some concurrency issues in the close method of Recyclers as we do not wait for threads running in the threadpool to be finished prior to the closing of the PageCacheRecycler and the Recyclers that are used internally. #41695 was opened to address the concurrent close issues but upon review, the closing of these classes is not really needed as the instances should be become available for garbage collection once there is no longer a reference to the closed node. Closes #41683
jaymode
added a commit
that referenced
this pull request
May 10, 2019
The changes in #39317 brought to light some concurrency issues in the close method of Recyclers as we do not wait for threads running in the threadpool to be finished prior to the closing of the PageCacheRecycler and the Recyclers that are used internally. #41695 was opened to address the concurrent close issues but upon review, the closing of these classes is not really needed as the instances should be become available for garbage collection once there is no longer a reference to the closed node. Closes #41683
gurkankaymak
pushed a commit
to gurkankaymak/elasticsearch
that referenced
this pull request
May 27, 2019
`Node#close` is pretty hard to rely on today: - it might swallow exceptions - it waits for 10 seconds for threads to terminate but doesn't signal anything if threads are still not terminated after 10 seconds This commit makes `IOException`s propagated and splits `Node#close` into `Node#close` and `Node#awaitClose` so that the decision what to do if a node takes too long to close can be done on top of `Node#close`. It also adds synchronization to lifecycle transitions to make them atomic. I don't think it is a source of problems today, but it makes things easier to reason about.
gurkankaymak
pushed a commit
to gurkankaymak/elasticsearch
that referenced
this pull request
May 27, 2019
The changes in elastic#39317 brought to light some concurrency issues in the close method of Recyclers as we do not wait for threads running in the threadpool to be finished prior to the closing of the PageCacheRecycler and the Recyclers that are used internally. elastic#41695 was opened to address the concurrent close issues but upon review, the closing of these classes is not really needed as the instances should be become available for garbage collection once there is no longer a reference to the closed node. Closes elastic#41683
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Node#closeis pretty hard to rely on today:if threads are still not terminated after 10 seconds
This commit makes
IOExceptions propagated and splitsNode#closeintoNode#closeandNode#awaitCloseso that the decision what to do if a nodetakes too long to close can be done on top of
Node#close.It also adds synchronization to lifecycle transitions to make them atomic. I
don't think it is a source of problems today, but it makes things easier to
reason about.