Skip to content

server, dispatcher: improve node liveness self fence (#5106)#5600

Open
ti-chi-bot wants to merge 2 commits into
pingcap:release-nextgen-202603from
ti-chi-bot:cherry-pick-5106-to-release-nextgen-202603
Open

server, dispatcher: improve node liveness self fence (#5106)#5600
ti-chi-bot wants to merge 2 commits into
pingcap:release-nextgen-202603from
ti-chi-bot:cherry-pick-5106-to-release-nextgen-202603

Conversation

@ti-chi-bot

Copy link
Copy Markdown
Member

This is an automated cherry-pick of #5106

What problem does this PR solve?

Issue Number: close #5202

When a TiCDC capture loses its etcd session or lease, it can no longer prove that it still owns local dispatcher work. The previous shutdown path did not immediately fence local write paths, so a stale capture could still accept maintainer requests or continue writing downstream while failover was already in progress. This created a short but unsafe window for duplicate or out-of-date downstream writes before normal cleanup finished.

What is changed and how it works?

This PR adds a local fence path for session-done and lease-expired events. The server watches the etcd session, triggers local fencing before shutdown, and the dispatcher orchestrator stops accepting new maintainer requests. Dispatcher managers cancel local write paths immediately, close local dispatchers asynchronously, and continue cleanup without waiting for progress draining. The redo cleanup path is also guarded so partially initialized managers do not panic when fencing. New integration coverage simulates capture session loss and verifies the local fence behavior and downstream consistency.

Check List

Tests

  • Unit test
  • Integration test
  • Manual test: dev-machine MySQL integration cases and GitHub /test all

Questions

Will it cause performance regression or break compatibility?

No. The new path only runs when a local capture loses its session or is being fenced.

Do you need to update user documentation, design documentation or monitoring documentation?

No.

Release note

Locally fences stale captures after etcd session loss to avoid unsafe downstream writes.

Summary by CodeRabbit

  • New Features

    • Added server-side etcd session watchdog and explicit local-fence controls to quickly close local write paths across orchestrator and managers.
  • Bug Fixes

    • Prevented races during dispatcher/redo creation, merge and shutdown; avoid registering partially-initialized dispatchers and short-circuit operations when the write path is fenced.
    • Improved close lifecycle to ensure single close launch and reliable finalization.
  • Tests

    • Added unit and integration tests covering fencing, shutdown, and session-watchdog scenarios.

Signed-off-by: ti-chi-bot <ti-community-prow-bot@tidb.io>
@ti-chi-bot ti-chi-bot added do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. lgtm release-note Denotes a PR that will be considered when it comes time to generate release notes. size/XXL Denotes a PR that changes 1000+ lines, ignoring generated files. type/cherry-pick-for-release-nextgen-202603 labels Jul 8, 2026
@ti-chi-bot

Copy link
Copy Markdown
Member Author

@3AceShowHand This PR has conflicts, I have hold it.
Please resolve them or ask others to resolve them, then comment /unhold to remove the hold label.

@ti-chi-bot

ti-chi-bot Bot commented Jul 8, 2026

Copy link
Copy Markdown

@ti-chi-bot: ## If you want to know how to resolve it, please read the guide in TiDB Dev Guide.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the ti-community-infra/tichi repository.

@coderabbitai

coderabbitai Bot commented Jul 8, 2026

Copy link
Copy Markdown
Contributor

Important

Review skipped

Auto reviews are disabled on base/target branches other than the default branch.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 91a13852-4433-469f-944c-1d4b6d22f5ef

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

  • 🔍 Trigger review
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

@gemini-code-assist gemini-code-assist Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request implements a node liveness self-fencing mechanism to improve server and dispatcher stability by introducing an etcd session watchdog that triggers a local fence upon session expiration. However, the current changes contain numerous unresolved merge conflict markers across several key files, including dispatcher_manager.go, dispatcher_manager_redo.go, dispatcher_orchestrator.go, and their corresponding test files. These conflicts must be resolved to ensure the code compiles and functions correctly.

Important

The consumer version of Gemini Code Assist on GitHub is being sunset. Starting June 18, 2026, new organization installations will be blocked, and all code review activity will officially cease on July 17, 2026.
For more details on the timeline and next steps, please review the Help Documentation.

Comment thread downstreamadapter/dispatchermanager/dispatcher_manager.go Outdated
Comment thread downstreamadapter/dispatchermanager/dispatcher_manager.go Outdated
Comment thread downstreamadapter/dispatchermanager/dispatcher_manager.go Outdated
Comment on lines +1125 to +1139
<<<<<<< HEAD
if e.IsRedoEnabled() {
e.redoSink.Close(removeChangefeed)
// FIXME: cleanup redo log when remove the changefeed
e.closeRedoMeta(removeChangefeed)
}
e.sink.Close(removeChangefeed)
=======
if e.IsRedoEnabled() && e.redoSink != nil {
e.redoSink.Close()
}
if e.sink != nil {
e.sink.Close()
}
>>>>>>> f73e8dba2 (server, dispatcher: improve node liveness self fence (#5106))

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

critical

Unresolved merge conflict markers (<<<<<<< HEAD, =======, >>>>>>>) found in this file. Please resolve the conflicts to ensure the code compiles and functions correctly.

	if e.IsRedoEnabled() && e.redoSink != nil {
		e.redoSink.Close()
	}
	if e.sink != nil {
		e.sink.Close()
	}

Comment thread downstreamadapter/dispatchermanager/dispatcher_manager.go Outdated
Comment thread downstreamadapter/dispatchermanager/dispatcher_manager_redo.go Outdated
Comment thread downstreamadapter/dispatchermanager/dispatcher_manager_test.go Outdated
Comment thread downstreamadapter/dispatcherorchestrator/dispatcher_orchestrator.go Outdated
Comment thread downstreamadapter/dispatcherorchestrator/dispatcher_orchestrator.go Outdated
Comment thread downstreamadapter/dispatcherorchestrator/dispatcher_orchestrator_test.go Outdated
@ti-chi-bot

ti-chi-bot Bot commented Jul 8, 2026

Copy link
Copy Markdown

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please ask for approval from 3aceshowhand. For more information see the Code Review Process.
Please ensure that each of them provides their approval before proceeding.

The full list of commands accepted by this bot can be found here.

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@ti-chi-bot

Copy link
Copy Markdown
Member Author

Cherry-pick conflicts appear resolved; removing the do-not-merge/hold label.

@ti-chi-bot ti-chi-bot removed the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label Jul 8, 2026
@3AceShowHand

Copy link
Copy Markdown
Collaborator

/test all

@ti-chi-bot

ti-chi-bot Bot commented Jul 8, 2026

Copy link
Copy Markdown

@3AceShowHand: No jobs can be run with /test all.
The following commands are available to trigger optional jobs:

/test pull-build-next-gen
/test pull-cdc-kafka-integration-heavy-next-gen
/test pull-cdc-kafka-integration-heavy-next-gen-legacy-safepoint
/test pull-cdc-kafka-integration-light-next-gen
/test pull-cdc-kafka-integration-light-next-gen-legacy-safepoint
/test pull-cdc-mysql-integration-heavy-next-gen
/test pull-cdc-mysql-integration-heavy-next-gen-legacy-safepoint
/test pull-cdc-mysql-integration-light-next-gen
/test pull-cdc-mysql-integration-light-next-gen-legacy-safepoint
/test pull-cdc-pulsar-integration-heavy-next-gen
/test pull-cdc-pulsar-integration-heavy-next-gen-legacy-safepoint
/test pull-cdc-pulsar-integration-light-next-gen
/test pull-cdc-pulsar-integration-light-next-gen-legacy-safepoint
/test pull-cdc-storage-integration-heavy-next-gen
/test pull-cdc-storage-integration-heavy-next-gen-legacy-safepoint
/test pull-cdc-storage-integration-light-next-gen
/test pull-cdc-storage-integration-light-next-gen-legacy-safepoint
/test pull-unit-test-next-gen
Details

In response to this:

/test all

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

@3AceShowHand

Copy link
Copy Markdown
Collaborator

/test pull-build-next-gen
/test pull-cdc-kafka-integration-heavy-next-gen
/test pull-cdc-kafka-integration-heavy-next-gen-legacy-safepoint
/test pull-cdc-kafka-integration-light-next-gen
/test pull-cdc-kafka-integration-light-next-gen-legacy-safepoint
/test pull-cdc-mysql-integration-heavy-next-gen
/test pull-cdc-mysql-integration-heavy-next-gen-legacy-safepoint
/test pull-cdc-mysql-integration-light-next-gen
/test pull-cdc-mysql-integration-light-next-gen-legacy-safepoint
/test pull-cdc-pulsar-integration-heavy-next-gen
/test pull-cdc-pulsar-integration-heavy-next-gen-legacy-safepoint
/test pull-cdc-pulsar-integration-light-next-gen
/test pull-cdc-pulsar-integration-light-next-gen-legacy-safepoint
/test pull-cdc-storage-integration-heavy-next-gen
/test pull-cdc-storage-integration-heavy-next-gen-legacy-safepoint
/test pull-cdc-storage-integration-light-next-gen
/test pull-cdc-storage-integration-light-next-gen-legacy-safepoint
/test pull-unit-test-next-gen

@asddongmen

Copy link
Copy Markdown
Collaborator

/test all

@ti-chi-bot

ti-chi-bot Bot commented Jul 8, 2026

Copy link
Copy Markdown

@asddongmen: No jobs can be run with /test all.
The following commands are available to trigger optional jobs:

/test pull-build-next-gen
/test pull-cdc-kafka-integration-heavy-next-gen
/test pull-cdc-kafka-integration-heavy-next-gen-legacy-safepoint
/test pull-cdc-kafka-integration-light-next-gen
/test pull-cdc-kafka-integration-light-next-gen-legacy-safepoint
/test pull-cdc-mysql-integration-heavy-next-gen
/test pull-cdc-mysql-integration-heavy-next-gen-legacy-safepoint
/test pull-cdc-mysql-integration-light-next-gen
/test pull-cdc-mysql-integration-light-next-gen-legacy-safepoint
/test pull-cdc-pulsar-integration-heavy-next-gen
/test pull-cdc-pulsar-integration-heavy-next-gen-legacy-safepoint
/test pull-cdc-pulsar-integration-light-next-gen
/test pull-cdc-pulsar-integration-light-next-gen-legacy-safepoint
/test pull-cdc-storage-integration-heavy-next-gen
/test pull-cdc-storage-integration-heavy-next-gen-legacy-safepoint
/test pull-cdc-storage-integration-light-next-gen
/test pull-cdc-storage-integration-light-next-gen-legacy-safepoint
/test pull-unit-test-next-gen
Details

In response to this:

/test all

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

@asddongmen

Copy link
Copy Markdown
Collaborator

/test pull-cdc-kafka-integration-heavy-next-gen

@asddongmen

Copy link
Copy Markdown
Collaborator

/test pull-cdc-mysql-integration-light-next-gen

@ti-chi-bot

ti-chi-bot Bot commented Jul 8, 2026

Copy link
Copy Markdown

@ti-chi-bot: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name Commit Details Required Rerun command
pull-unit-test-next-gen 7baeac7 link false /test pull-unit-test-next-gen
pull-cdc-kafka-integration-heavy-next-gen 7baeac7 link false /test pull-cdc-kafka-integration-heavy-next-gen

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

lgtm release-note Denotes a PR that will be considered when it comes time to generate release notes. size/XXL Denotes a PR that changes 1000+ lines, ignoring generated files. type/cherry-pick-for-release-nextgen-202603

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants