HDDS-13772. Snapshot Paths to be re read from om checkpoint db inside lock again.

[sadanand48]

What changes were proposed in this pull request?

Snapshot Paths to be re read from om checkpoint db inside lock again from the checkpoint DB's metadataManager instance.

What is the link to the Apache JIRA

https://issues.apache.org/jira/browse/HDDS-13772

How was this patch tested?

unit test.

[Copilot]

Pull Request Overview

This PR addresses a concurrency issue where snapshot paths were read from the live OM metadata manager instead of the checkpoint's metadata manager, potentially including stale or purged snapshots during checkpoint transfers. The fix ensures snapshot paths are re-read from the checkpoint database inside the lock to maintain consistency.

• Re-reads snapshot paths from checkpoint metadata manager instead of live metadata manager
• Adds proper resource cleanup for the checkpoint metadata manager
• Changes method visibility from private to package-private for testing

Reviewed Changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 3 comments.

File	Description
OMDBCheckpointServletInodeBasedXfer.java	Adds code to re-read snapshot paths from checkpoint metadata manager and changes method visibility for testing
TestOMDbCheckpointServletInodeBasedXfer.java	Adds unit test to verify snapshot paths are correctly read from checkpoint after purge scenarios

---

_{Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.}

[swamirishi]

@sadanand48 thanks for the patch left a few review comments

[smengcl]

Thanks @sadanand48 . Could you rebase the patch?

[swamirishi]

@sadanand48 there are still some minor nitpicky changes on this patch once it is addressed we can merge this

[swamirishi]

nit: Do we need a mini ozone cluster test case for this? I believe we can do with a unit test case here instead of a full mini ozone cluster test. We can think about moving this test into unit test later

[swamirishi]

This needs a few more changes

[swamirishi]

Suggested change

	when(spyDbStore.getCheckpoint(true)).thenAnswer(invocation -> {
	DBCheckpoint checkpoint = spy(dbStore.getCheckpoint(true));
	doNothing().when(checkpoint).cleanupCheckpoint(); // Don't cleanup for verification
	capturedCheckpoint.set(checkpoint);
	return checkpoint;
	});
	when(spyDbStore.getCheckpoint(eq(true))).thenAnswer(invocation -> {
	client.getObjectStore().deleteSnapshot(volumeName, bucketName, "snapshot2");
	client.getObjectStore().createSnapshot(volumeName, bucketName, "snapshot3");
	// wait for snapshot2 to get purged and snapshot3 to get created.
	DBCheckpoint checkpoint = spy(Mockito.callRealMethod());
	doNothing().when(checkpoint).cleanupCheckpoint(); // Don't cleanup for verification
	capturedCheckpoint.set(checkpoint);
	return checkpoint;
	});

[swamirishi]

@sadanand48 Let us purge the snapshot just before we are trying to take a checkpoint which means that we should purge the snapshot in this block

[sadanand48]

the checkpoint is taken after the bootstrap lock is acquired so once bootstrap lock is aquired the purge won't be succesful in this block as SDS needs to acquire this lock to do the purge. We need to do it outside the lock itself

[swamirishi]

Can we do the bootstrap on the follower OM? Bootstrap lock there won't mean anything when this runs on the follower. To get into this condition maybe we should mock bootstrap lock to do a noop here.
Actually what we should do is during BootstrapLock we should pause the double buffer thread delete the snapshot and acquire the bootstrap lock. Now just before the checkpoint we should unpause the double buffer thread and let the snapshot purge get flushed this would do it.

[sadanand48]

done

[swamirishi]

If that is the case I don't think purge snapshot race condition is even possible. Then we should just deal with the create snapshot race condition

[swamirishi]

Why can't we use pauseDeamon() and resume() again?

[swamirishi]

Just saw the code we cannot use that

[swamirishi]

LGTM I believe we can remove the testing race condition here and maybe add a test case to check if the bootstrapHandler lock actually waits for the double buffer flush. I see that we don't have a unit test for this class. Please add a unit test for this class which ensure we are taking a lock on all the background services and a double buffer wait happens

ozone/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/om/OMDBCheckpointServlet.java

Lines 657 to 698 in de683aa

	static class Lock extends BootstrapStateHandler.Lock {
	private final List<BootstrapStateHandler.Lock> locks;
	private final OzoneManager om;
	Lock(OzoneManager om) {
	Preconditions.checkNotNull(om);
	Preconditions.checkNotNull(om.getKeyManager());
	Preconditions.checkNotNull(om.getMetadataManager());
	Preconditions.checkNotNull(om.getMetadataManager().getStore());
	this.om = om;
	locks = Stream.of(
	om.getKeyManager().getDeletingService(),
	om.getKeyManager().getDirDeletingService(),
	om.getKeyManager().getSnapshotSstFilteringService(),
	om.getKeyManager().getSnapshotDeletingService(),
	om.getMetadataManager().getStore().getRocksDBCheckpointDiffer()
	)
	.filter(Objects::nonNull)
	.map(BootstrapStateHandler::getBootstrapStateLock)
	.collect(Collectors.toList());
	}
	@Override
	public BootstrapStateHandler.Lock lock()
	throws InterruptedException {
	// First lock all the handlers.
	for (BootstrapStateHandler.Lock lock : locks) {
	lock.lock();
	}
	// Then wait for the double buffer to be flushed.
	om.awaitDoubleBufferFlush();
	return this;
	}
	@Override
	public void unlock() {
	locks.forEach(BootstrapStateHandler.Lock::unlock);
	}
	}

[sadanand48]

I see that we don't have a unit test for this class. Please add a unit test for this class which ensure we are taking a lock on all the background services and a double buffer wait happens

We do have a unit test that verifies this and 2 tests that verify bootstrap lock co-ordinationi.e testBootstrapLockCoordination and testBootstrapLockBlocksMultipleServices

ozone/hadoop-ozone/integration-test/src/test/java/org/apache/hadoop/ozone/om/TestOMDbCheckpointServletInodeBasedXfer.java

Line 498 in 833e955

verify(mockOM).awaitDoubleBufferFlush();

I have updated the patch to remove the purge snapshot condition as you suggested.

[swamirishi]

I see that we don't have a unit test for this class. Please add a unit test for this class which ensure we are taking a lock on all the background services and a double buffer wait happens

We do have a unit test that verifies this and 2 tests that verify bootstrap lock co-ordinationi.e testBootstrapLockCoordination and testBootstrapLockBlocksMultipleServices

ozone/hadoop-ozone/integration-test/src/test/java/org/apache/hadoop/ozone/om/TestOMDbCheckpointServletInodeBasedXfer.java

Line 498 in 833e955

verify(mockOM).awaitDoubleBufferFlush();

I have updated the patch to remove the purge snapshot condition as you suggested.

Should we also write a test for OmDBCheckpointServletInodeBasedXfer is actually using OMDbCheckpointServlet.Lock and not something else? Here we are creating a new instance of the lock

ozone/hadoop-ozone/integration-test/src/test/java/org/apache/hadoop/ozone/om/TestOMDbCheckpointServletInodeBasedXfer.java

Line 488 in 833e955

OMDBCheckpointServlet.Lock bootstrapLock = new OMDBCheckpointServlet.Lock(mockOM);

[swamirishi]

LGTM thanks @sadanand48 for the patch

[swamirishi]

@sadanand48 Let us create a follow up jira for changing the test to initialize the lock from the Servlet object itself instead of creating a new instance. Here we are not testing whether the InodeBasedCheckpointServlet instance is actually using the correct implementation of BootstrapLock or not

[adoroszlai]

@swamirishi When merging PRs, please remove co-author information if it's the same person with different email address.

Author: Sadanand Shenoy <sadanand.shenoy4898@...>
Date:   Sun Nov 2 19:49:07 2025 +0530

    HDDS-13772. Snapshot Paths to be re read from om checkpoint db inside lock again. (#9131)
    
    Co-authored-by: Sadanand Shenoy <sadanand.shenoy@...>

Also, please set fix version when resolving Jira issue after PR merge.