HADOOP-16746 mkdirs and s3guard auth mode #1810
Conversation
Not yet finished: * new BulkOperationState type of mkdirs for log * no longer (accidentally) removing auth flag passed in. * ignored test now works * other tests fail because they need a way to mark a dir as non-auth Change-Id: I975931b22756bc51235868b782aff20286d55681
More testing on newly discovered issue: listStatus marks a child dir as unauth, even if it was auth Change-Id: I7d8ab25f5e73e9ea4767e8456f7e0afc92dec28c
steveloughran
added
bug
fs/s3
This fixes the problem wherein a listStatus of a parent dir would stamp on the isAuthoritative flag of every child entry. This was caused by us blindly overriding entries with new ones. This patch * avoids writing unchanged entries by building a list of those and passing it down to the meta store in the put(DirListMeta) call. * in DDB: filter out of those entries. * in non-auth mode, build up a list of entries to add, and write in a batch at the end. This is more efficient than the one-by-one operation which was being performed, especially as there is no BulkOperationState to cache previous work. * adds tests to verify no DDB writes take place on repeated lists * fixes up all calls of put() to handle the new list of unchanged entries * Fixes a bug in TestS3Guard which caused NPEs The code in S3Guard.dirListingUnion() is a bit ugly as it has two very different sequences (auth vs nonauth) intermingled. We should consider splitting up the two union mechanisms, so as to make it easier to understand how the different update/unions work. Change-Id: If5f2427f49a46cb7827f1634b6528ddd0e265778
|
The lates patch fixes the problem wherein a listStatus of a parent dir This was caused by us blindly overriding entries with new ones. This patch
The code in S3Guard.dirListingUnion() is a bit ugly as it Note: we should see a reduction in DDB writes here, in both modes. Updated PR is failing two tests, both clearly related |
|
@bgaborg this is becoming ready to look at, though there are still tests failing. |
|
Ok, my patch changes behaviour slightly (I'd actually thought it was a bug, but ITestS3GuardWriteBack thinks it is expected) With my patch, when you list a dir in nonauth mode, it adds records in DDB for any which don't exist, so helps to build up that full list of files. Currently, in nonauth, we only add changed files. What to do? We add files to S3Guard on creation, import etc, and in auth-mode we do build up that list. So why not nonauth Side issue: when we do that listing of a nonauth dir in auth mode, it lasts until the bit is cleared. (which deletes of files do, needlessly). But when reconciling the lists, we don't worry about files listed in S3Guard but not found in the FS. So we mark the dir as authoritative even though it could be that there are errors in the listing. Seems to me we should be looking at the TTL of entries in the original DDB listing and considering missing (expired) files as deleted. Oh, S3Guard is the pain of my life. |
* Out of date entries only propagate from S3 to DDB *when there's a DDB entry*. This is the current policy; there's now a constant to change behaviour and more discussion about the details. So the next person maintaining it will understand what is going on better. * Only writes the auth bit to an empty dir when the path is auth, rather than do it whenever an empty dir is recorded in S3Guard. ITestRestrictedReadAccess showed that problem; there's been a bit of tuning in that test to make it more robust to configs and previous test runs. Tune ITestDynamoDBMetadataStoreAuthoritativeMode * remove superfluous test case * more asserts about directory states during rename * enable another ignored test case Change-Id: I309376f38e9983c901a53a26f89cbf372c7a01da
|
latest PR is up; tested s3 ireland with and without ddb, at scale
Tune ITestDynamoDBMetadataStoreAuthoritativeMode
|
steveloughran
removed
the
work in progress
test tweaks * remove unused imports * in MetaStoreTestBase name empty list EMPTY_LIST To make clear that is what it is Change-Id: If53bf1c4810d397fe1b8d3d7b4c7c9ceb1344173
| // in non-auth listings, we compare the file status of the metastore | ||
| // list with those in the FS, and overwrite the MS entry if | ||
| // either of two conditions are met | ||
| // - there is no entry in the metadata and |
There was a problem hiding this comment.
nit: there is no entry in the metastore and
| @@ -55,7 +53,7 @@ | |||
| import static org.apache.hadoop.fs.s3a.S3ATestUtils.removeBaseAndBucketOverrides; | |||
| import static org.apache.hadoop.fs.s3a.S3AUtils.applyLocatedFiles; | |||
| import static org.apache.hadoop.fs.s3a.Statistic.OBJECT_LIST_REQUESTS; | |||
| import static org.apache.hadoop.fs.s3a.Statistic.S3GUARD_METADATASTORE_AUTHORITATIVE_DIRECTORIES_UPDATED; | |||
| import static org.apache.hadoop.fs.s3a.Statistic.S3GUARD_METADATASTORE_AUTHORITATIVE_DIRECTORIES_UPDATED;import static org.apache.hadoop.fs.s3a.Statistic.S3GUARD_METADATASTORE_RECORD_WRITES; | |||
There was a problem hiding this comment.
sorry, accident. Never even realised you could do that, though i guess it makes sense from a parser perspective
| // collection | ||
| PathMetadata pathMetadata = originalMD; | ||
|
|
||
| if (!isAuthoritative) { |
There was a problem hiding this comment.
Could we factor out this to another method? Just to make Uncle Bob happy :).
Jokes aside this grew really huge, and we should split the auth and non-auth execution paths to be more maintainable in the future. It was your idea in one of your comments on the PR, and that was a good idea.
|
thanks, I'll fix the nits and split the two modes out. As noted, I was starting to think that way |
Move from to intermingled dirListingUnion algorithms in the same method, the auth and nonauth merge/update operations have been split into their own methods. There is a bit of duplication -but at least now the different operations are isolated enough it's possible to understand them. TestS3Guard has been extended to help test of some of this. We can't verify that existing entries don't get overwritten, but the unit tests are at least checking both algorithms. Change-Id: I24f3787e31dc3739d0f71b800ed3732b2fd15b94
|
Move from to intermingled dirListingUnion algorithms in the same method, the auth and nonauth merge/update operations have been split into their own methods. There is a bit of duplication -but at least now the different operations are isolated enough it's possible to understand them. TestS3Guard has been extended to help test of some of this. We can't verify that existing entries don't get overwritten, but the unit tests are at least checking both algorithms. Tested: S3 Ireland. One odd test failure which has me worried -but I've seen it happen on another branch without any of this change, or its predecessor in what is happening is we've deleted a file, "spun" for it to go way from the unguarded FS, then when opening in the guarded FS we see data back. Need to look more -it could be because my store is versioned -but if so, why fail so fast? |
|
🎊 +1 overall
This message was automatically generated. |
There was a problem hiding this comment.
@steveloughran thanks for fixing this.
+1, tests were running without any error.
|
thanks! I've accrued a whole set of intermittents and one failure if the bucket is versioned -I should do a fix all patch |
This fixes two problems with auth directory flags
Issue 2 is possibly the most expensive, as any treewalk using listStatus (e.g globfiles) would clear the auth bit for all child directories before listing them. And this would happen every single time... Essentially you weren't getting authoritative directory listings.