HDDS-12929. Datanode Should Immediately Trigger Container Close when Volume Full #8460
Conversation
|
@peterxcli you may also be interested in reviewing this. For some reason your username doesn't appear in the "Request reviewers" UI. |
| In HddsDispatcher, on detecting that the volume being written to is close to full, we add a CloseContainerAction for | ||
| that container. This is sent to the SCM in the next heartbeat and makes the SCM close that container. This reaction time | ||
| is OK for a container that is close to full, but not if the volume is close to full. |
There was a problem hiding this comment.
How does this account for the 5GB of reserved/committed space for open containers? I believe that will be counted against the volume's capacity as well. We need to break down what measures are being used to consider a "full" volume.
There was a problem hiding this comment.
We also have the ability to immediately trigger a heartbeat at any time. We do this for volume failure already. Seems the issue could be resolved by leaving the CloseContainerAction handling as is and just calling this method when the volume is getting full. This leaves the volume to container mapping inside the datanode without needing to add it to SCM.
There was a problem hiding this comment.
How does this account for the 5GB of reserved/committed space for open containers? I believe that will be counted against the volume's capacity as well. We need to break down what measures are being used to consider a "full" volume.
Yes, and we will use the existing method in the current code to determine whether a volume is full. It accounts for committed space, min free space and reserved space.
private boolean isVolumeFull(Container container) {
boolean isOpen = Optional.ofNullable(container)
.map(cont -> cont.getContainerState() == ContainerDataProto.State.OPEN)
.orElse(Boolean.FALSE);
if (isOpen) {
HddsVolume volume = container.getContainerData().getVolume();
StorageLocationReport volumeReport = volume.getReport();
boolean full = volumeReport.getUsableSpace() <= 0;
if (full) {
LOG.info("Container {} volume is full: {}", container.getContainerData().getContainerID(), volumeReport);
}
return full;
}
return false;
}
There was a problem hiding this comment.
We also have the ability to immediately trigger a heartbeat at any time. We do this for volume failure already. Seems the issue could be resolved by leaving the CloseContainerAction handling as is and just calling this method when the volume is getting full.
Yes, that's what I'm planning to do. However before sending the heartbeat we need to generate the latest storage report and add it to the heartbeat. Also, the CloseContainerAction is currently only for that one container. We either need to add an action for all containers on that volume, or send a list of all container ids in that volume in the heartbeat.
Actually one idea I've got from this convo is that adding an action for each container might be easier, as we already have a framework in-place in the SCM for handling these actions. Let me think a bit more about this. An immediate hurdle is that the number of actions that can be sent is also throttled as of now.
| is OK for a container that is close to full, but not if the volume is close to full. | ||
|
|
||
| ### Proposal | ||
| This is the proposal, explained via a diagram. |
There was a problem hiding this comment.
I don't think the diagram adequately explains the proposal. When talking about proposed proto updates writing out code examples is helpful. Throttling implementation needs to be specified.
There was a problem hiding this comment.
I had thought of the throttling implementation and even tried it out in code while thinking of the design, but I didn't specify it in the doc. I've added it to the design now. There's also a pull request which implements a part of this design, including throttling - #8492.
Please bear with me as I try to balance too much vs too less content in my designs!
When talking about proposed proto updates writing out code examples is helpful.
Still thinking about what information we can send over the wire. I'll add it once I've decided. There are a couple of high level ideas to prevent over allocating blocks to a container/volume in the SCM -
- Track how much allocation is done at the SCM, similar to used space and committed space at the DN. Proposed by @sumitagrawl.
- Send reports of open containers every 30 seconds to SCM, which @ChenSammi proposed. Also handle these reports so that any containers with size >= max size are closed.
- Decide which containers should be closed in the DN, and send CloseContainerAction for all these containers in the heartbeat (which we briefly discussed in a previous comment).
We may need to do some of these or a mix of all of these. As I think it through I'll add more info.
| ## Problem | ||
| When a Datanode volume is close to full, the SCM may not be immediately aware because storage reports are only sent | ||
| to it every thirty seconds. This can lead to the SCM allocating multiple blocks to containers on a full DN volume, | ||
| causing performance issues when the write fails. The proposal will partly solve this problem. |
There was a problem hiding this comment.
SCM will check the container size before allocating block for this container. Currently the container size is reported when container report is full, or container state is changed from open to other state. So SCM is kindly allocating the blocks blindly. In this 30s storage reports, I think we should consider report the open containers too, to help SCM better understand the open container state and avoid over allocate blocks for one container. @siddhantsangwan , what do you think?
There was a problem hiding this comment.
So you mean include a full container report for all containers in the DN, not just the ones on the full volume? We can use the method StateContext#getFullContainerReportDiscardPendingICR.
There was a problem hiding this comment.
Open containers report, not full container report. As only open container will grow its size. Other container's size will just shrink if there is any change. And a timely open container size update will help SCM allocating block more precisely.
There was a problem hiding this comment.
@siddhantsangwan
When container is 90% full, we add ICR for closeContainer action to be send for next HB. This can be send immediately with this which is already present, and no need wait for next HB for these.
I think when sending ICR for this, it would have been added, can be verified.
@ChenSammi Since DN is already taking decision to stop block allocation when 90% is full and send is send, May be SCM sending open container list will not provide any further benefits as action is already taken by DN.
Need to see if any additional benefits we can having sending OpenContainer information also. This may be tracked to send Open Containers on every HB with separate JIRA and based on benefits, this can be implemented.
|
|
||
|  | ||
|
|
||
| Throttling is required so the Datanode doesn't cause a heartbeat storm on detecting that some volumes are full in multiple write calls. |
There was a problem hiding this comment.
These are the activities that use DN volume space,
a. create a new container, reserved 5GB
b. write a new chunk
c. download an import a container, reserved 10GB
d. container metadata rocksdb, no reservation
IIRC, when SCM allocates a new pipeline, SCM checks whether DN has enough space to hold pipeline metainfo(raft, 1GB), and one container(5GB). A volume full report can help SCM quickly aware of this. Maybe a full storage report, instead of single volume full report.
As for carrying the list of containers on this volume in disk full report proposal, because open container has already reserved space in volume, same for container replication import, although disk volume is full, these open containers many still have room for new blocks, as long as the total container size doesn't exceed 5GB. So closing all open containers of this disk full volume immediately might not a necessary step. But closing open containers whose size beyonds 5GB is one thing we can do.
And when disk is full, DN will and is responsible for not allocate new container on this volume and pick volume as target volume for container import.
So overall my suggestion is
a. carry open container state in periodic storage report
b. when one disk is full, sent a full storage report immediately with open container state to SCM out of cycle.
c. make sure these kind of reports are get handled with priority in SCM. We may consider introduce a new port in SCM, for just DN heartbeat with storage report. Currently all reports are sent to one single port.
There was a problem hiding this comment.
IIRC, when SCM allocates a new pipeline, SCM checks whether DN has enough space to hold pipeline metainfo(raft, 1GB), and one container(5GB). A volume full report can help SCM quickly aware of this. Maybe a full storage report, instead of single volume full report.
Agreed, I'm planning to send a full storage report containing info about all the volumes.
As for carrying the list of containers on this volume in disk full report proposal, because open container has already reserved space in volume, same for container replication import, although disk volume is full, these open containers many still have room for new blocks, as long as the total container size doesn't exceed 5GB. So closing all open containers of this disk full volume immediately might not a necessary step. But closing open containers whose size beyonds 5GB is one thing we can do.
Good point. I'm planning to use HddsDispatcher#isVolumeFull for checking if a volume is full. This method ultimately checks whether available - committed - min free space <= 0. So if this method returns true, that means we only need to close containers whose size >= max size (5 GB). All containers on this volume need not be closed.
| Throttling is required so the Datanode doesn't cause a heartbeat storm on detecting that some volumes are full in multiple write calls. | ||
|
|
||
| ## Benefits | ||
| 1. SCM will not include a Datanode in a new pipeline if all the volumes on it are full. The logic to do this already exists, we just update the volume stats in the SCM faster. |
There was a problem hiding this comment.
Does the SCM logic to allocate pipelines take into account the min free space setting? say volume reached 95GB/100GB disk space and triggered close for that container and sent volume report and SCM updated volume stats for the node. Does SCM ensure that it does not allocate containers at 95GB usage or it waits till 100GB? I believe SCM should be aware/ have a similar or more liberal config.
There was a problem hiding this comment.
Yes, it takes min free space into account
| A: Last, regular heartbeat | ||
| B: Volume 1 detected as full, heartbeat triggered | ||
| C: Volume 1 again detected as full, heartbeat throttled | ||
| D: Volume 2 detected as full, heartbeat throttled | ||
| E: Volume 3 detected as full, heartbeat triggered (30 seconds after B) |
There was a problem hiding this comment.
If vol 1 is full and has already been reported, but then vol 2 becomes full shortly after, the current global throttling would delay the notification about vol 2 to the SCM until the throttle interval passes. During this period, containers on vol 2 would continue to receive data from the SCM, which could lead to more write failures. I suggest throttling heartbeats independently for each volume, so that a full volume can be reported to the SCM as soon as it is detected, regardless of the status of other volumes.
There was a problem hiding this comment.
I mostly agree with your suggestion. The only disadvantage I can think of is that DN may end up sending multiple node reports at the same time (around 20 reports considering 20 volumes in the DN) in the worst case, where each report anyway contains data about all the volumes.
There was a problem hiding this comment.
We could make sure that only one ‘volume-full’ heartbeat is sent at any given time—if the feature is supported, which may require refactoring DatanodeStateMachine.
There was a problem hiding this comment.
When triggering immediate heartbeat, we're sending storage reports for all volumes. To keep complexity low, I think that's good enough for now. Let's see how it works in prod and in a new jira we can do per-volume throttling if needed. What do you think?
Also tagging @ChenSammi who was discussing this here.
There was a problem hiding this comment.
Do you want to open a ticket for this?
|
I discussed this design with several people in a meeting. Here are some of the important points:
In summary, the only change this design proposes is to immediately trigger a heartbeat containing storage reports of all volumes when the This is the only remaining open point for discussion - #8460 (comment). |
|
Updated the doc to reflect the latest discussion, please take a look. |
|
@errose28 would you like to take another look? |
| A: Last, regular heartbeat | ||
| B: Volume 1 detected as full, heartbeat triggered | ||
| C: Volume 1 again detected as full, heartbeat throttled | ||
| D: Volume 2 detected as full, heartbeat throttled | ||
| E: Volume 3 detected as full, heartbeat triggered (30 seconds after B) |
There was a problem hiding this comment.
Do you want to open a ticket for this?
| ## Benefits | ||
| 1. SCM will not include a Datanode in a new pipeline if all the volumes on it are full. The logic to do this already exists, we just update the volume stats in the SCM faster. | ||
| 2. Close to full volumes won't cause frequent write failures. | ||
| ## Preventing over allocation of blocks in the SCM |
There was a problem hiding this comment.
I guess you forgot to add a h2 "Alternatives" or "Rejected Approaches" here. And the "Preventing over allocation of blocks in the SCM" should be h3, just like "Regularly sending open container reports."
There was a problem hiding this comment.
Good catch, fixed this in the latest commit.
| because the client will have to request for a different set of blocks. We will discuss how we tried to solve this, | ||
| but ultimately decided to not go ahead with the solution. |
There was a problem hiding this comment.
I'm confused on the status of this doc. What part of it maps to what we actually plan to implement?
There was a problem hiding this comment.
The design changed a lot. We've already merged the corresponding implementation - #8590, and I've updated this doc now.
This comment will tell you why and what changed - #8492 (comment)
This comment and the design doc itself will tell you what we implemented - #8590 (comment)
In short, we trigger heartbeat immediately including the close container action. Per container throttling. Not sending storage reports.
|
I've updated this design doc to reflect the implementation that's already been merged - #8590 |
sumitagrawl
left a comment
sumitagrawl
left a comment
There was a problem hiding this comment.
@siddhantsangwan Plz update design doc
|
@sumitagrawl thanks for the review, I've addressed your comments. |
6 participants
What changes were proposed in this pull request?
This is a design discussion for HDDS-12929. Please see the changes for all the details.
What is the link to the Apache JIRA
https://issues.apache.org/jira/browse/HDDS-12929
How was this patch tested?
Rendered the markdown in IntelliJ, it looked fine.