Do not create engine under IndexShard#mutex #45263
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -214,7 +214,8 @@ public class IndexShard extends AbstractIndexShardComponent implements IndicesCl | |
| protected volatile ShardRouting shardRouting; | ||
| protected volatile IndexShardState state; | ||
| private volatile long pendingPrimaryTerm; // see JavaDocs for getPendingPrimaryTerm | ||
| private final Object engineMutex = new Object(); | ||
| private final AtomicReference<Engine> currentEngineReference = new AtomicReference<>(); | ||
| final EngineFactory engineFactory; | ||
|
|
||
| private final IndexingOperationListener indexingOperationListeners; | ||
|
|
@@ -1192,20 +1193,23 @@ public Engine.IndexCommitRef acquireSafeIndexCommit() throws EngineException { | |
| * @throws java.nio.file.NoSuchFileException if one or more files referenced by a commit are not present. | ||
| */ | ||
| public Store.MetadataSnapshot snapshotStoreMetadata() throws IOException { | ||
| assert Thread.holdsLock(mutex) == false : "snapshotting store metadata under mutex"; | ||
| Engine.IndexCommitRef indexCommit = null; | ||
| store.incRef(); | ||
| try { | ||
| synchronized (engineMutex) { | ||
| // if the engine is not running, we can access the store directly, but we need to make sure no one starts | ||
| // the engine on us. If the engine is running, we can get a snapshot via the deletion policy of the engine. | ||
| synchronized (mutex) { | ||
| final Engine engine = getEngineOrNull(); | ||
| if (engine != null) { | ||
| indexCommit = engine.acquireLastIndexCommit(false); | ||
| } | ||
| } | ||
| if (indexCommit == null) { | ||
| return store.getMetadata(null, true); | ||
| } | ||
| } | ||
| return store.getMetadata(indexCommit.getIndexCommit()); | ||
| } finally { | ||
| store.decRef(); | ||
|
|
@@ -1343,13 +1347,13 @@ public IndexShard postRecovery(String reason) | |
| if (state == IndexShardState.STARTED) { | ||
| throw new IndexShardStartedException(shardId); | ||
| } | ||
| recoveryState.setStage(RecoveryState.Stage.DONE); | ||
| changeState(IndexShardState.POST_RECOVERY, reason); | ||
| } | ||
| // we need to refresh again to expose all operations that were index until now. Otherwise | ||
| // we may not expose operations that were indexed with a refresh listener that was immediately | ||
| // responded to in addRefreshListener. | ||
| getEngine().refresh("post_recovery"); | ||
| return this; | ||
| } | ||
|
|
||
|
|
@@ -1583,6 +1587,7 @@ public void openEngineAndSkipTranslogRecovery() throws IOException { | |
| } | ||
|
|
||
| private void innerOpenEngineAndTranslog(LongSupplier globalCheckpointSupplier) throws IOException { | ||
| assert Thread.holdsLock(mutex) == false : "opening engine under mutex"; | ||
| if (state != IndexShardState.RECOVERING) { | ||
| throw new IndexShardNotRecoveringException(shardId, state); | ||
| } | ||
|
|
@@ -1595,16 +1600,26 @@ private void innerOpenEngineAndTranslog(LongSupplier globalCheckpointSupplier) t | |
| assert recoveryState.getRecoverySource().expectEmptyRetentionLeases() == false || getRetentionLeases().leases().isEmpty() | ||
| : "expected empty set of retention leases with recovery source [" + recoveryState.getRecoverySource() | ||
| + "] but got " + getRetentionLeases(); | ||
| synchronized (engineMutex) { | ||
dnhatn marked this conversation as resolved.
Show resolved
Hide resolved
|
||
| // we must create a new engine under mutex (see IndexShard#snapshotStoreMetadata). | ||
| final Engine newEngine = engineFactory.newReadWriteEngine(config); | ||
| boolean success = false; | ||
| try { | ||
| synchronized (mutex) { | ||
| verifyNotClosed(); | ||
| assert currentEngineReference.get() == null : "engine is running"; | ||
| onNewEngine(newEngine); | ||
| currentEngineReference.set(newEngine); | ||
| // We set active because we are now writing operations to the engine; this way, | ||
| // if we go idle after some time and become inactive, we still give sync'd flush a chance to run. | ||
| active.set(true); | ||
| success = true; | ||
| } | ||
| } finally { | ||
| if (success == false) { | ||
| newEngine.close(); | ||
| } | ||
| } | ||
| } | ||
| // time elapses after the engine is created above (pulling the config settings) until we set the engine reference, during | ||
| // which settings changes could possibly have happened, so here we forcefully push any config changes to the new engine. | ||
|
|
@@ -1627,6 +1642,7 @@ private boolean assertSequenceNumbersInCommit() throws IOException { | |
| } | ||
|
|
||
| private void onNewEngine(Engine newEngine) { | ||
| assert Thread.holdsLock(engineMutex); | ||
| refreshListeners.setCurrentRefreshLocationSupplier(newEngine::getTranslogLastWriteLocation); | ||
| } | ||
|
|
||
|
|
@@ -2673,7 +2689,13 @@ private DocumentMapperForType docMapper(String type) { | |
| } | ||
|
|
||
| private EngineConfig newEngineConfig(LongSupplier globalCheckpointSupplier) { | ||
| final Sort indexSort = indexSortSupplier.get(); | ||
| final Engine.Warmer warmer = reader -> { | ||
| assert Thread.holdsLock(mutex) == false : "warming engine under mutex"; | ||
dnhatn marked this conversation as resolved.
Show resolved
Hide resolved
|
||
| if (this.warmer != null) { | ||
| this.warmer.warm(reader); | ||
| } | ||
| }; | ||
| return new EngineConfig(shardId, shardRouting.allocationId().getId(), | ||
| threadPool, indexSettings, warmer, store, indexSettings.getMergePolicy(), | ||
| mapperService != null ? mapperService.indexAnalyzer() : null, | ||
|
|
@@ -3303,6 +3325,7 @@ public ParsedDocument newNoopTombstoneDoc(String reason) { | |
| * Rollback the current engine to the safe commit, then replay local translog up to the global checkpoint. | ||
| */ | ||
| void resetEngineToGlobalCheckpoint() throws IOException { | ||
| assert Thread.holdsLock(engineMutex) == false : "resetting engine under mutex"; | ||
| assert getActiveOperationsCount() == OPERATIONS_BLOCKED | ||
| : "resetting engine without blocking operations; active operations are [" + getActiveOperations() + ']'; | ||
| sync(); // persist the global checkpoint to disk | ||
|
|
@@ -3314,9 +3337,8 @@ assert getActiveOperationsCount() == OPERATIONS_BLOCKED | |
| SetOnce<Engine> newEngineReference = new SetOnce<>(); | ||
| final long globalCheckpoint = getLastKnownGlobalCheckpoint(); | ||
| assert globalCheckpoint == getLastSyncedGlobalCheckpoint(); | ||
| synchronized (engineMutex) { | ||
| // we must create both new read-only engine and new read-write engine under engineMutex to ensure snapshotStoreMetadata, | ||
| // acquireXXXCommit and close works. | ||
| final Engine readOnlyEngine = | ||
henningandersen marked this conversation as resolved.
Show resolved
Hide resolved
|
||
| new ReadOnlyEngine(newEngineConfig(replicationTracker), seqNoStats, translogStats, false, Function.identity()) { | ||
|
|
@@ -3347,7 +3369,18 @@ public void close() throws IOException { | |
| IOUtils.close(super::close, newEngine); | ||
| } | ||
| }; | ||
| boolean success = false; | ||
| try { | ||
| synchronized (mutex) { | ||
| verifyNotClosed(); | ||
| IOUtils.close(currentEngineReference.getAndSet(readOnlyEngine)); | ||
| success = true; | ||
| } | ||
| } finally { | ||
| if (success == false) { | ||
| readOnlyEngine.close(); | ||
|
There was a problem hiding this comment. This slightly changes behaviour to close the current engine if closing the old engine fails. While this might not really make a difference, I think I would prefer to not do that., ie. set success=true after There was a problem hiding this comment. I think we should close it if the old engine does't close it will just cause dangling reference to an engine and a locked shared if we don't? There was a problem hiding this comment. I pushed 67badc6 to close the new engine if we failed to install. |
||
| } | ||
| } | ||
| newEngineReference.set(engineFactory.newReadWriteEngine(newEngineConfig(replicationTracker))); | ||
| onNewEngine(newEngineReference.get()); | ||
| } | ||
|
|
||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I wonder if moving this outside the mutex require extra care in addRefreshListener too, since otherwise we risk someone querying in between marking state POST_RECOVERY and the refresh completing, expecting to see data because of a previous call to
addRefreshListener? I am not really absolutely sure this is necessary and the timing obviously have to be horrible for anything bad to happen, but wanted your thoughts on this anyway.There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Well spotted. Yes, we need to maintain this happens-before relation. We can reuse the engineMutex but I prefer a separate mutex for this. See f802515.