Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CSI: discard claims on GC'd nodes #13264

Closed
tgross opened this issue Jun 6, 2022 · 2 comments · Fixed by #13301
Closed

CSI: discard claims on GC'd nodes #13264

tgross opened this issue Jun 6, 2022 · 2 comments · Fixed by #13301
Assignees
@tgross
Labels
hcc/cst Admin - internal theme/storage type/enhancement

Comments

@tgross
Copy link
Member

tgross commented Jun 6, 2022

From #12346 (comment):

There's no way for the server to send a node unpublish command to the node plugin that's running on a down node. What's becoming clear here is that the CSI specification as written cannot guarantee correct behavior in the case of downed nodes, so what K8s apparently does is just gives up and lets you potentially corrupt your data in the multi-writer volume use case. User expectations seem to agree, so we may need to rework the design here to make it possible to discard claims for lost nodes and just assume that they're never coming back. This is why we built stop_after_client_disconnect but maybe we'll need to enforce that setting for CSI-claiming tasks unless specifically disabled by the user.

  • We'll alter the claim Unpublish workflow to skip the Node Unpublish RPCs for any node that is marked as lost, disconnected, or nil (GC'd). Just log the fault and send the controller RPCs, if any.
  • If users want correct behavior on the clients, they'll include stop_after_client_disconnect. We should consider making this the default behavior for allocations that include CSI volume claims, but this might cause us backwards compatibility grief.
  • In later work as a performance optimization, we should also update the volumewatcher to watch for updates to the Node table. When a node is GC'd or marked as lost, emit a volume reap on any volumes that have claims on that node.
@tgross tgross self-assigned this Jun 6, 2022
@tgross tgross mentioned this issue Jun 6, 2022
Closed
@tgross tgross added the hcc/cst Admin - internal label Jun 6, 2022
@tgross
Copy link
Member Author

tgross commented Jun 8, 2022
edited
Loading

Draft branch for the unpublish workflow changes is csi-discard-claims-on-gcd-nodes but this needs a lot of testing and probably some rework of whether we're snapshotting the state store for the entire CSIVolume.Unpublish RPC.

Update: I've bench-tested this out on a real cluster to my satisfaction. Going to follow up with some automated testing to probe out the edge cases and then open a PR.

@tgross tgross mentioned this issue Jun 8, 2022
Merged
@tgross tgross mentioned this issue Jun 17, 2022
Closed
Merged
@github-actions
Copy link

github-actions bot commented Oct 8, 2022

I'm going to lock this issue because it has been closed for 120 days ⏳. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Oct 8, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@tgross tgross

Labels
hcc/cst Admin - internal theme/storage type/enhancement
Projects
Nomad - Community Issues Triage
Archived in project
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

CSI: skip node unpublish on GC'd or down nodes hashicorp/nomad
1 participant
@tgross