[ClusterLabs] corosync race condition when node leaves immediately after joining
Jonathan Davies
jonathan.davies at citrix.com
Mon Oct 16 15:05:43 CEST 2017
On 13/10/17 17:24, Jan Friesse wrote:
>> I've done a bit of digging and am getting closer to the root cause of
>> the race.
>>
>> We rely on having votequorum_sync_init called twice -- once when node 1
>> joins (with member_list_entries=2) and once when node 1 leaves (with
>> member_list_entries=1). This is important because votequorum_sync_init
>> marks nodes as NODESTATE_DEAD if they are not in quorum_members[] -- so
>> it needs to have seen the node appear then disappear. This is important
>> because get_total_votes only counts votes from nodes in state
>> NODESTATE_MEMBER.
>
> So there are basically two problems.
>
> Actually first (main) problem is that votequorum_sync_init is ever
> called when that node joins. It really shouldn't. And problem is simply
> because calling api->shutdown_request() is not enough. Can you try
> replace it with exit(1) (for testing) and reproduce the problem? I'm
> pretty sure problem disappears.
No, the problem still happens :-(
I am using the following patch:
diff --git a/exec/cmap.c b/exec/cmap.c
index de730d2..1125cef 100644
--- a/exec/cmap.c
+++ b/exec/cmap.c
@@ -406,7 +406,7 @@ static void cmap_sync_activate (void)
log_printf(LOGSYS_LEVEL_ERROR,
"Received config version (%"PRIu64") is different
than my config version (%"PRIu64")! Exiting",
cmap_highest_config_version_received,
cmap_my_config_version);
- api->shutdown_request();
+ exit(1);
return ;
}
}
diff --git a/exec/main.c b/exec/main.c
index b0d5639..4fd3e68 100644
--- a/exec/main.c
+++ b/exec/main.c
@@ -627,6 +627,7 @@ static void deliver_fn (
((void *)msg);
}
+ log_printf(LOGSYS_LEVEL_NOTICE, "executing '%s' exec_handler_fn
%p for node %d (fn %d)", corosync_service[service]->name,
corosync_service[service]->exec_engine[fn_id].exec_handler_fn, nodeid,
fn_id);
corosync_service[service]->exec_engine[fn_id].exec_handler_fn
(msg, nodeid);
}
diff --git a/exec/votequorum.c b/exec/votequorum.c
index 1a97c6d..7c0f34f 100644
--- a/exec/votequorum.c
+++ b/exec/votequorum.c
@@ -2099,6 +2100,7 @@ static void
message_handler_req_exec_votequorum_nodeinfo (
node->flags = req_exec_quorum_nodeinfo->flags;
node->votes = req_exec_quorum_nodeinfo->votes;
node->state = NODESTATE_MEMBER;
+ log_printf(LOGSYS_LEVEL_NOTICE,
"message_handler_req_exec_votequorum_nodeinfo (%p) marking node %d as
MEMBER", message_handler_req_exec_votequorum_nodeinfo, nodeid);
if (node->flags & NODE_FLAGS_LEAVING) {
node->state = NODESTATE_LEAVING;
When it's working correctly I see this:
1508151960.072927 notice [TOTEM ] A new membership (10.71.218.17:2304)
was formed. Members joined: 1
1508151960.073082 notice [SYNC ] calling sync_init on service
'corosync configuration map access' (0) with my_member_list_entries = 2
1508151960.073150 notice [MAIN ] executing 'corosync configuration map
access' exec_handler_fn 0x55b5eb504ca0 for node 1 (fn 0)
1508151960.073197 notice [MAIN ] executing 'corosync configuration map
access' exec_handler_fn 0x55b5eb504ca0 for node 2 (fn 0)
1508151960.073238 notice [SYNC ] calling sync_init on service
'corosync cluster closed process group service v1.01' (1) with
my_member_list_entries = 2
1508151961.073033 notice [TOTEM ] A processor failed, forming new
configuration.
When it's not working correctly I see this:
1508151908.447584 notice [TOTEM ] A new membership (10.71.218.17:2292)
was formed. Members joined: 1
1508151908.447757 notice [MAIN ] executing 'corosync vote quorum
service v1.0' exec_handler_fn 0x558b39fbbaa0 for node 1 (fn 0)
1508151908.447866 notice [VOTEQ ]
message_handler_req_exec_votequorum_nodeinfo (0x558b39fbbaa0) marking
node 1 as MEMBER
1508151908.447972 notice [VOTEQ ] get_total_votes: node 1 is a MEMBER
so counting vote
1508151908.448045 notice [VOTEQ ] get_total_votes: node 2 is a MEMBER
so counting vote
1508151908.448091 notice [QUORUM] This node is within the primary
component and will provide service.
1508151908.448134 notice [QUORUM] Members[1]: 2
1508151908.448175 notice [SYNC ] calling sync_init on service
'corosync configuration map access' (0) with my_member_list_entries = 2
1508151908.448205 notice [MAIN ] executing 'corosync configuration map
access' exec_handler_fn 0x558b39fb3ca0 for node 1 (fn 0)
1508151908.448247 notice [MAIN ] executing 'corosync configuration map
access' exec_handler_fn 0x558b39fb3ca0 for node 2 (fn 0)
1508151908.448307 notice [SYNC ] calling sync_init on service
'corosync cluster closed process group service v1.01' (1) with
my_member_list_entries = 2
1508151909.447182 notice [TOTEM ] A processor failed, forming new
configuration.
... and at that point I already see "Total votes: 2" in the
corosync-quorumtool output.
The key difference seems to be whether votequorum's nodeinfo
exec_handler_fn is called. If it is called, it marks the node as
NODESTATE_MEMBER, which is sufficient to trigger the bug because it is
never subsequently marked as NODESTATE_DEAD.
(Note that in both cases there is now a one-second delay before the "A
processor failed" message. This is due to calling exit(1) rather than
api->shutdown_request().)
>> When it goes wrong, I see that votequorum_sync_init is only called
>> *once* (with member_list_entries=1) -- after node 1 has joined and left.
>> So it never sees node 1 in member_list, hence never marks it as
>> NODESTATE_DEAD. But message_handler_req_exec_votequorum_nodeinfo has
>> indepedently marked the node as NODESTATE_MEMBER, hence get_total_votes
>> counts it and quorate is set to 1.
>
> This is second problem and it has to be also fixed. You have to be
> pretty lucky to reproduce it so often.
>
> Anyway, here is theory:
> - node 1 calls api->shutdown_request() and continue processing (this is
> problem 1)
> - both nodes gets to a state where they should call
> votequorum_sync_init, but node 2 is now not scheduled (as I said, it
> must be pretty luck)
> - node 1 calls votequorum_sync_init and votequorum_sync_process (sending
> nodeinfo) and it's shutdown
> - node 2 gets nodeinfo
> - node 2 sees node 1 shutdown
> - node 2 calls votequorum_sync_init and votequorum_sync_process
>
> If this theory is true, we must probably fix the sync.c to have 2 or
> ideally 3-4 barriers instead of 1.
>
>>
>> So why is votequorum_sync_init sometimes only called once? It looks like
>> it's all down to whether we manage to iterate through all the calls to
>> schedwrk_processor before entering the OPERATIONAL state. I haven't yet
>> looked into exactly what controls the timing of these two things.
>>
>> Adding the following patch helps me to demonstrate the problem more
>> clearly:
>>
>> diff --git a/exec/sync.c b/exec/sync.c
>> index e7b71bd..a2fb06d 100644
>> --- a/exec/sync.c
>> +++ b/exec/sync.c
>> @@ -544,6 +545,7 @@ static int schedwrk_processor (const void *context)
>> }
>>
>> if
>> (my_sync_callbacks_retrieve(my_service_list[my_processing_idx].service_id,
>>
>> NULL) != -1) {
>> + log_printf(LOGSYS_LEVEL_NOTICE, "calling
>> sync_init on service '%s' (%d) with my_member_list_entries = %d",
>> my_service_list[my_processing_idx].name, my_processing_idx,
>> my_member_list_entries);
>> my_service_list[my_processing_idx].sync_init
>> (my_trans_list,
>> my_trans_list_entries, my_member_list,
>> my_member_list_entries,
>> diff --git a/exec/votequorum.c b/exec/votequorum.c
>> index d5f06c1..aab6c15 100644
>> --- a/exec/votequorum.c
>> +++ b/exec/votequorum.c
>> @@ -2336,6 +2353,8 @@ static void votequorum_sync_init (
>> int left_nodes;
>> struct cluster_node *node;
>>
>> + log_printf(LOGSYS_LEVEL_NOTICE, "votequorum_sync_init has %d
>> member_list_entries", member_list_entries);
>> +
>> ENTER();
>>
>> sync_in_progress = 1;
>>
>> When it works correctly I see the following (selected log lines):
>>
>> notice [TOTEM ] A new membership (10.71.218.17:2016) was formed.
>> Members joined: 1
>> notice [SYNC ] calling sync_init on service 'corosync configuration
>> map access' (0) with my_member_list_entries = 2
>> notice [SYNC ] calling sync_init on service 'corosync cluster closed
>> process group service v1.01' (1) with my_member_list_entries = 2
>> notice [SYNC ] calling sync_init on service 'corosync vote quorum
>> service v1.0' (2) with my_member_list_entries = 2
>> notice [VOTEQ ] votequorum_sync_init has 2 member_list_entries
>> notice [TOTEM ] A new membership (10.71.218.18:2020) was formed.
>> Members left: 1
>> notice [SYNC ] calling sync_init on service 'corosync configuration
>> map access' (0) with my_member_list_entries = 1
>> notice [SYNC ] calling sync_init on service 'corosync cluster closed
>> process group service v1.01' (1) with my_member_list_entries = 1
>> notice [SYNC ] calling sync_init on service 'corosync vote quorum
>> service v1.0' (2) with my_member_list_entries = 1
>> notice [VOTEQ ] votequorum_sync_init has 1 member_list_entries
>>
>> -- Notice that votequorum_sync_init is called once with 2 members and
>> once with 1 member.
>>
>> When it goes wrong I see the following (selected log lines):
>>
>> notice [TOTEM ] A new membership (10.71.218.17:2004) was formed.
>> Members joined: 1
>> notice [SYNC ] calling sync_init on service 'corosync configuration
>> map access' (0) with my_member_list_entries = 2
>> notice [SYNC ] calling sync_init on service 'corosync cluster closed
>> process group service v1.01' (1) with my_member_list_entries = 2
>> notice [TOTEM ] A new membership (10.71.218.18:2008) was formed.
>> Members left: 1
>> notice [SYNC ] calling sync_init on service 'corosync configuration
>> map access' (0) with my_member_list_entries = 1
>> notice [SYNC ] calling sync_init on service 'corosync cluster closed
>> process group service v1.01' (1) with my_member_list_entries = 1
>> notice [SYNC ] calling sync_init on service 'corosync vote quorum
>> service v1.0' (2) with my_member_list_entries = 1
>> notice [VOTEQ ] votequorum_sync_init has 1 member_list_entries
>>
>> -- Notice the value of my_member_list_entries in the different
>> sync_init calls, and that votequorum_sync_init is only called once.
>>
>> Does this help explain the issue?
>
> It's definitively helpful. I will try to thing about what may be
> happening a little deeper. Can you please add similar debug info as you
> have for sync_init also to other sync_ and send me the log of both nodes
> when everything works and when do not?
Okay. I've rolled back to make the call to api->shutdown_request() on
config_version mismatch, and have added debug lines in sync.c just
before calls to sync_activate, sync_abort and sync_process.
When it's working correctly:
1508158482.991782 notice [TOTEM ] A new membership (10.71.218.17:2384)
was formed. Members joined: 1
1508158482.991930 notice [MAIN ] executing 'corosync vote quorum
service v1.0' exec_handler_fn 0x56492b0d6bf0 for node 1 (fn 0)
1508158482.992029 notice [VOTEQ ]
message_handler_req_exec_votequorum_nodeinfo (0x56492b0d6bf0) marking
node 1 as MEMBER
1508158482.992122 notice [VOTEQ ] get_total_votes: node 1 is a MEMBER
so counting vote
1508158482.992206 notice [VOTEQ ] get_total_votes: node 2 is a MEMBER
so counting vote
1508158482.992263 notice [QUORUM] This node is within the primary
component and will provide service.
1508158482.992307 notice [QUORUM] Members[1]: 2
1508158482.992351 notice [SYNC ] calling sync_init on service
'corosync configuration map access' (0) with my_member_list_entries = 2
1508158482.992382 notice [SYNC ] calling sync_process on service
'corosync configuration map access' (0)
1508158482.992425 notice [MAIN ] executing 'corosync configuration map
access' exec_handler_fn 0x56492b0cedf0 for node 1 (fn 0)
1508158482.992456 notice [MAIN ] executing 'corosync configuration map
access' exec_handler_fn 0x56492b0cedf0 for node 2 (fn 0)
1508158482.992498 notice [SYNC ] calling sync_activate on service
'corosync configuration map access' (0)
1508158482.992529 notice [SYNC ] calling sync_init on service
'corosync cluster closed process group service v1.01' (1) with
my_member_list_entries = 2
1508158482.992572 notice [SYNC ] calling sync_process on service
'corosync cluster closed process group service v1.01' (1)
1508158482.992603 notice [MAIN ] executing 'corosync cluster closed
process group service v1.01' exec_handler_fn 0x56492b0d2940 for node 2
(fn 5)
1508158482.992646 notice [MAIN ] executing 'corosync cluster closed
process group service v1.01' exec_handler_fn 0x56492b0d2940 for node 1
(fn 5)
1508158482.992677 notice [SYNC ] calling sync_activate on service
'corosync cluster closed process group service v1.01' (1)
1508158482.992720 notice [SYNC ] calling sync_init on service
'corosync vote quorum service v1.0' (2) with my_member_list_entries = 2
1508158482.992750 notice [VOTEQ ] votequorum_sync_init has 2
member_list_entries
1508158482.992792 notice [SYNC ] calling sync_process on service
'corosync vote quorum service v1.0' (2)
1508158482.992850 notice [TOTEM ] A new membership (10.71.218.18:2388)
was formed. Members left: 1
1508158482.992895 notice [MAIN ] executing 'corosync vote quorum
service v1.0' exec_handler_fn 0x56492b0d6bf0 for node 2 (fn 0)
1508158482.992938 notice [VOTEQ ]
message_handler_req_exec_votequorum_nodeinfo (0x56492b0d6bf0) marking
node 2 as MEMBER
1508158482.992968 notice [VOTEQ ] get_total_votes: node 1 is a MEMBER
so counting vote
1508158482.993011 notice [VOTEQ ] get_total_votes: node 2 is a MEMBER
so counting vote
1508158482.993042 notice [MAIN ] executing 'corosync vote quorum
service v1.0' exec_handler_fn 0x56492b0d6bf0 for node 2 (fn 0)
1508158482.993084 notice [SYNC ] calling sync_init on service
'corosync configuration map access' (0) with my_member_list_entries = 1
1508158482.993115 notice [SYNC ] calling sync_process on service
'corosync configuration map access' (0)
1508158482.993157 notice [MAIN ] executing 'corosync configuration map
access' exec_handler_fn 0x56492b0cedf0 for node 2 (fn 0)
1508158482.993188 notice [SYNC ] calling sync_activate on service
'corosync configuration map access' (0)
1508158482.993231 notice [SYNC ] calling sync_init on service
'corosync cluster closed process group service v1.01' (1) with
my_member_list_entries = 1
1508158482.993261 notice [SYNC ] calling sync_process on service
'corosync cluster closed process group service v1.01' (1)
1508158482.993304 notice [MAIN ] executing 'corosync cluster closed
process group service v1.01' exec_handler_fn 0x56492b0d2940 for node 2
(fn 5)
1508158482.993335 notice [SYNC ] calling sync_activate on service
'corosync cluster closed process group service v1.01' (1)
1508158482.993378 notice [SYNC ] calling sync_init on service
'corosync vote quorum service v1.0' (2) with my_member_list_entries = 1
1508158482.993409 notice [VOTEQ ] votequorum_sync_init has 1
member_list_entries
1508158482.993452 notice [VOTEQ ] votequorum_sync_init marking node 1
as DEAD
1508158482.993482 notice [SYNC ] calling sync_process on service
'corosync vote quorum service v1.0' (2)
1508158482.993525 notice [MAIN ] executing 'corosync vote quorum
service v1.0' exec_handler_fn 0x56492b0d6bf0 for node 2 (fn 0)
1508158482.993555 notice [VOTEQ ]
message_handler_req_exec_votequorum_nodeinfo (0x56492b0d6bf0) marking
node 2 as MEMBER
1508158482.993598 notice [VOTEQ ] get_total_votes: node 2 is a MEMBER
so counting vote
1508158482.993628 notice [MAIN ] executing 'corosync vote quorum
service v1.0' exec_handler_fn 0x56492b0d6bf0 for node 2 (fn 0)
1508158482.993673 notice [SYNC ] calling sync_activate on service
'corosync vote quorum service v1.0' (2)
1508158482.993703 notice [VOTEQ ] get_total_votes: node 2 is a MEMBER
so counting vote
1508158482.993746 notice [QUORUM] This node is within the non-primary
component and will NOT provide any services.
1508158482.993776 notice [QUORUM] Members[1]: 2
1508158482.993818 notice [MAIN ] Completed service synchronization,
ready to provide service.
When it's working incorrectly:
1508158493.905246 notice [TOTEM ] A new membership (10.71.218.17:2392)
was formed. Members joined: 1
1508158493.905392 notice [MAIN ] executing 'corosync vote quorum
service v1.0' exec_handler_fn 0x56492b0d6bf0 for node 1 (fn 0)
1508158493.905522 notice [VOTEQ ]
message_handler_req_exec_votequorum_nodeinfo (0x56492b0d6bf0) marking
node 1 as MEMBER
1508158493.905623 notice [VOTEQ ] get_total_votes: node 1 is a MEMBER
so counting vote
1508158493.905697 notice [VOTEQ ] get_total_votes: node 2 is a MEMBER
so counting vote
1508158493.905742 notice [QUORUM] This node is within the primary
component and will provide service.
1508158493.905773 notice [QUORUM] Members[1]: 2
1508158493.905815 notice [SYNC ] calling sync_init on service
'corosync configuration map access' (0) with my_member_list_entries = 2
1508158493.905889 notice [SYNC ] calling sync_process on service
'corosync configuration map access' (0)
1508158493.905921 notice [MAIN ] executing 'corosync configuration map
access' exec_handler_fn 0x56492b0cedf0 for node 1 (fn 0)
1508158493.905951 notice [MAIN ] executing 'corosync configuration map
access' exec_handler_fn 0x56492b0cedf0 for node 2 (fn 0)
1508158493.905993 notice [SYNC ] calling sync_activate on service
'corosync configuration map access' (0)
1508158493.906023 notice [SYNC ] calling sync_init on service
'corosync cluster closed process group service v1.01' (1) with
my_member_list_entries = 2
1508158493.906066 notice [SYNC ] calling sync_process on service
'corosync cluster closed process group service v1.01' (1)
1508158493.906096 notice [MAIN ] executing 'corosync cluster closed
process group service v1.01' exec_handler_fn 0x56492b0d2940 for node 2
(fn 5)
1508158493.906138 notice [TOTEM ] A new membership (10.71.218.18:2396)
was formed. Members left: 1
1508158493.906168 notice [SYNC ] calling sync_init on service
'corosync configuration map access' (0) with my_member_list_entries = 1
1508158493.906210 notice [SYNC ] calling sync_process on service
'corosync configuration map access' (0)
1508158493.906240 notice [MAIN ] executing 'corosync configuration map
access' exec_handler_fn 0x56492b0cedf0 for node 2 (fn 0)
1508158493.906282 notice [SYNC ] calling sync_activate on service
'corosync configuration map access' (0)
1508158493.906312 notice [SYNC ] calling sync_init on service
'corosync cluster closed process group service v1.01' (1) with
my_member_list_entries = 1
1508158493.906354 notice [SYNC ] calling sync_process on service
'corosync cluster closed process group service v1.01' (1)
1508158493.906384 notice [MAIN ] executing 'corosync cluster closed
process group service v1.01' exec_handler_fn 0x56492b0d2940 for node 2
(fn 5)
1508158493.906427 notice [SYNC ] calling sync_activate on service
'corosync cluster closed process group service v1.01' (1)
1508158493.906457 notice [SYNC ] calling sync_init on service
'corosync vote quorum service v1.0' (2) with my_member_list_entries = 1
1508158493.906499 notice [VOTEQ ] votequorum_sync_init has 1
member_list_entries
1508158493.906528 notice [SYNC ] calling sync_process on service
'corosync vote quorum service v1.0' (2)
1508158493.906570 notice [MAIN ] executing 'corosync vote quorum
service v1.0' exec_handler_fn 0x56492b0d6bf0 for node 2 (fn 0)
1508158493.906600 notice [VOTEQ ]
message_handler_req_exec_votequorum_nodeinfo (0x56492b0d6bf0) marking
node 2 as MEMBER
1508158493.906642 notice [VOTEQ ] get_total_votes: node 1 is a MEMBER
so counting vote
1508158493.906672 notice [VOTEQ ] get_total_votes: node 2 is a MEMBER
so counting vote
1508158493.906714 notice [MAIN ] executing 'corosync vote quorum
service v1.0' exec_handler_fn 0x56492b0d6bf0 for node 2 (fn 0)
1508158493.906743 notice [SYNC ] calling sync_activate on service
'corosync vote quorum service v1.0' (2)
1508158493.906785 notice [VOTEQ ] get_total_votes: node 1 is a MEMBER
so counting vote
1508158493.906815 notice [VOTEQ ] get_total_votes: node 2 is a MEMBER
so counting vote
1508158493.906856 notice [QUORUM] Members[1]: 2
1508158493.906886 notice [MAIN ] Completed service synchronization,
ready to provide service.
Now it seems that sync calls votequorum's exec_handler_fn in both
working and non-working cases. So now it relies on votequorum_sync_init
being called once with both members and once without node 1 in order to
set the node as NODESTATE_DEAD.
Thanks,
Jonathan
More information about the Users
mailing list