Put nodes into maintenance mode in preStop hook #378
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This commit causes nodes to go into maintenance mode before the controller runtime terminates the rabbitmq-server process on a pod stop. This allows for a more controlled shutdown of pods in a cluster during rolling restart, or upgrade. Using github.com/Vanlightly/RabbitTestTool, I was able to show that with these changes, no data loss, or serious periods of cluster unavailability, were caused during a rolling restart. However, this is the case without these changes; I attempted to find a demonstrable case where this change leads to an improvement in rolling restart reliability, however was not able to improve this beyond its current reliability. I still put this PR forward for review, as the core team recommend that nodes are put into maintenance mode before being stopped, to allow more predictable transfer of responsibility to other nodes. The `rabbitmq-upgrade drain` command is also able to be expanded in the future if there are further improvements that can be made in the future. This closes #320.
Maintenance mode is not available in previous versions of RabbitMQ
mkuratczyk
approved these changes
Oct 2, 2020
There was a problem hiding this comment.
Great stuff. My only comment, and I'm not saying we need to do anything about it, is that we started with a week-long termination timeout but now we pass that value to three different commands so we basically have a 3 week timeout now. I don't think that matters really though - a week basically means infinity and 3*infinity is still infinity ;)
MirahImage
approved these changes
Oct 2, 2020
Zerpet
approved these changes
Oct 2, 2020
The container will receive a SIGKILL if the grace period expires, even if it's executing the preStop hook; the longest we will wait will be one week (infinity). |
mkuratczyk
pushed a commit
that referenced
this pull request
Oct 5, 2020
* Put nodes into maintenance mode in preStop hook This commit causes nodes to go into maintenance mode before the controller runtime terminates the rabbitmq-server process on a pod stop. This allows for a more controlled shutdown of pods in a cluster during rolling restart, or upgrade. Using github.com/Vanlightly/RabbitTestTool, I was able to show that with these changes, no data loss, or serious periods of cluster unavailability, were caused during a rolling restart. However, this is the case without these changes; I attempted to find a demonstrable case where this change leads to an improvement in rolling restart reliability, however was not able to improve this beyond its current reliability. I still put this PR forward for review, as the core team recommend that nodes are put into maintenance mode before being stopped, to allow more predictable transfer of responsibility to other nodes. The `rabbitmq-upgrade drain` command is also able to be expanded in the future if there are further improvements that can be made in the future. This closes #320. * Update minimum RMQ version to 3.8.8 Maintenance mode is not available in previous versions of RabbitMQ
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This commit causes nodes to go into maintenance mode before the
controller runtime terminates the rabbitmq-server process on a pod stop.
This allows for a more controlled shutdown of pods in a cluster during
rolling restart, or upgrade.
Using https://github.com/Vanlightly/RabbitTestTool, I was able to show that with
these changes, no data loss, or serious periods of cluster
unavailability, were caused during a rolling restart. However, this is
the case without these changes; I attempted to find a demonstrable case
where this change leads to an improvement in rolling restart
reliability, however was not able to improve this beyond its current
reliability.
I still put this PR forward for review, as the core team recommend that
nodes are put into maintenance mode before being stopped, to allow more
predictable transfer of responsibility to other nodes. The
rabbitmq-upgrade draincommand is also able to be expanded in thefuture if there are further improvements that can be made in the future.
This closes #320.
Note to reviewers: remember to look at the commits in this PR and consider if they can be squashed
Summary Of Changes
Additional Context
All tests pass. Also ran some manual testing with
kubectl rollout restart statefulset <>Local Testing
Please ensure you run the unit, integration and system tests before approving the PR.
To run the unit and integration tests:
You will need to target a k8s cluster and have the operator deployed for running the system tests.
For example, for a Kubernetes context named
dev-bunny: