Add zbchaos commands for enabling tests to simulate multi-region dataloss and recover #230
Conversation
|
Hey @deepthidevaki had no deep look into your PR yet, but I feel This allows us to just run one experiment/action and if we take a look at the code the related setup code is also close to the action. Furthermore, when playing around with the tool it is not something you might miss during experimenting like you would if you had a separate command for it. I would argue that we can do here the same and move your config magic also to the data loss action. |
|
Thanks @Zelldon for the comment. |
deepthidevaki
force-pushed
the
dd-dataloss-sim
branch
from
3cb2943 to
5e2b2bf
Compare
For dataloss simulation, once a broker is deleted with dataloss, the broker should not be automatically restarted. To help control when a broker will be restarted, we add a init container which waits in an infinite loop until a flag is set in the config map.
The status of the Pid is Running even before it is ready. So checking the status is not enough.
deepthidevaki
force-pushed
the
dd-dataloss-sim
branch
from
5e2b2bf to
19398d8
Compare
|
Thanks @deepthidevaki 🙇 🙏 |
There was a problem hiding this comment.
Thanks @deepthidevaki great addition! Really interesting solution with the init container and configmap.
I have some remarks please have a look below, before we merge it.
I feel it is a bit too specialized for the two data center setup, I guess would be great if we could make it either configurable how many brokers we have or depend on the topology (meaning the configmap and 8 entries). Furthermore, I guess it would be also nice if we could use it for experiments like: follower of partition X experience a dataloss or leader of partition Y experience a dataloss. I think for that we would need some more parameters as we have in the disconnect/connect.
I understand if you don't want to do it right now, but maybe you could then create a follow-up issue :)
| } | ||
|
|
||
| // Adds init container patch | ||
| patch := []byte(`{ |
There was a problem hiding this comment.
🔧 was thinking whether we could extract this into an own function since it is quite long
| "block_6": "false", | ||
| "block_7": "false", | ||
| "block_8": "false", | ||
| }, |
There was a problem hiding this comment.
💭 🔧 Might make sense to parameterize this or do it based on the topology? 🤔
There was a problem hiding this comment.
I had thought about it. But I don't want to do it now. Now our tests are at max with 6 nodes, so here upto 8 nodeId would be enough. When we need to test on larger cluster we can then modify it to make it more flexible based on the topology.
| metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" | ||
| ) | ||
|
|
||
| func (c K8Client) DeletePvcOfBroker(podName string) error { |
There was a problem hiding this comment.
❌ Would be great to write a test for it, at least for the getVolumneForPodName
See related tests https://github.com/zeebe-io/zeebe-chaos/blob/main/go-chaos/internal/pods_test.go
I don't think so. The commands are generic enough - delete data of one node/recover one node. So you could use the commands to define experiment on a cluster with any number of brokers (except the hardcoded configmap which limits the clustersize to 9) and delete data of any broker. |
|
I think you're right. 👍 |
|
@Zelldon I have applied your comments. I have also updated the command to pause reconciliation before applying the init container patch. @npepinpe Would you like to take a look at it as well? For me it is ok if one of you approve it. |
|
Then since Chris already did a thorough review, I'll leave you two to it 😄 |
|
Thanks @Zelldon for the review 💯 |
Related to camunda/camunda#9960
This PR adds commands to support testing multi-region dataloss and recovery. We have added commands for
zbchaos preparePrepare the cluster by adding init container to the statefulset and adding a configMap. With the help of init container and the ConfigMap, we can control when a broker that suffered from dataloss is restarted.The configMap contains flags
block_{nodeId} = true|falsecorresponding to each nodeId. This is available to InitContainer in the mounted volume via a file corresponding to each flag/etc/config/block_{nodeId}. InitContainer is blocked if the flag is set to true. When the configMap is updated, this is reflected in the container eventually. There might be a delay, but eventually/etc/config/block_{nodeId}will have the updated value and the InitContainer can break out of the loop.zbchaos dataloss deleteDelete the broker and its data. Sets the flag in configMap to true to block the startup in InitContainer.zbchaos dataloss recoverRestarts a broker and wait until it has recovered the data. Resets the flag in configMap so that the initContainer can exit and the broker container can start. Also wait until the pods are ready, which is necessary to ensure that the broker have recovered all data.prepareis added as a generic command, not part of dataloss, because this can be used to apply other patches (eg:- apply patch for enabling network permissions). We have to run this command only once per cluster, and repeat the tests without re-running prepare.To test the dataloss and recovery, we want to setup a cluster with 4 brokers, and replication factor 4. Node 0 and 1 belongs to region 1 and Node 2 and 3 belongs to region 2. Assuming there is such a cluster in the given namespace, we can simulate the data loss and recovery by running the following commands:
The above commands simulates full data loss of region 1 and moving the failed pods from region 1 to region 2. You can then repeat steps 2-5 to simulate moving those pods back to region 1. Or run steps 2-5 with nodes 2 and 3 to simulate dataloss of region 2.
PS:- It works for clusters in our benchmark deployed via helm. It is not fully tested for SaaS yet.
PPS:- This PR contains only the supporting commands. The test is not automated yet.