-
Notifications
You must be signed in to change notification settings - Fork 24.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Resiliency: Add logging/safety when deleting files #7628
Conversation
Some possible bugs i might have made to look out for:
Additionally, since we have the chance now, we may want to also add any missing logging before we try to delete any file, so when debugging you can see all file deletes (in the successful case, too) |
} | ||
} | ||
|
||
private void deleteShardState(ShardId shardId) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
was this unused?
LGTM! |
@@ -677,7 +703,11 @@ public void run() { | |||
return; | |||
} | |||
logger.info("[{}] deleting dangling index", index); | |||
FileSystemUtils.deleteRecursively(nodeEnv.indexLocations(new Index(index))); | |||
try { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
instead of all these try catch blocks can we have a utility that accepts a logger?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
we could, but I worry this would mostly defeat the benefit of this patch.
One main reason Files.delete is better than File.delete, because instead of returning a boolean value on failure (which is easily ignored), it forces you to think about what should happen on IOException, since its a checked exception.
If we make an "easy-to-use" utility method that "shoves it under the rug", we gain nothing.
So I think call sites should deal with this on a case-by-case basis.
Deleting files is serious business: I don't think we need a lot of abstractions and ease-of-use around it?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
By the way, an alternative, that might make us both happy, would be to ban all other deletion methods, and add a utility method as you suggest that always logs any errors but still throws them.
This would enforce that both all file deletions are logged, and still enforce that callers have to deal with "what to do when things go wrong".
The cost would be some more complexity though.
I left one comment other than that LGTM |
this has been fixed by #8366 |
File.delete() is not great as it just returns a boolean if it succeeds or fails.
Instead we can use Files.delete/Files.deleteIfExists, which throws a real exception when it fails (e.g. DirectoryNotEmptyException, Access Denied, etc)
Brings in helpers from lucene (temporarily as XIOUtils):
Bans File.delete() with forbidden APIs.
This is also an opportunity to review all places in the codebase where we delete files, since they are all touched in this PR.