hashicorp · notnoop · Jan 16, 2020 · Jan 16, 2020 · schmichael · Jan 16, 2020
diff --git a/nomad/leader.go b/nomad/leader.go
@@ -57,11 +57,26 @@ var defaultSchedulerConfig = &structs.SchedulerConfiguration{
 // as the leader in the Raft cluster. There is some work the leader is
 // expected to do, so we must react to changes
 func (s *Server) monitorLeadership() {
+	// We use the notify channel we configured Raft with, NOT Raft's
+	// leaderCh, which is only notified best-effort. Doing this ensures
+	// that we get all notifications in order, which is required for
+	// cleanup and to ensure we never run multiple leader loops.
+	leaderCh := s.leaderCh
+
 	var weAreLeaderCh chan struct{}
 	var leaderLoop sync.WaitGroup
 	for {
 		select {
-		case isLeader := <-s.leaderCh:
+		case isLeader := <-leaderCh:
+			// suppress leadership flapping
+			isLeader, suppressed := suppressLeadershipFlaps(isLeader, leaderCh)
+
+			// if gained and lost leadership immediately, move on without emitting error
+			if suppressed && !isLeader && weAreLeaderCh == nil {
+				s.logger.Info("cluster leadership acquired but lost immediately")
+				continue
+			}
+
 			switch {
 			case isLeader:
 				if weAreLeaderCh != nil {
@@ -96,6 +111,35 @@ func (s *Server) monitorLeadership() {
 	}
 }
 
+// suppressLeadershipFlaps suppresses cases where we gained but lost leadership immediately.
+// Protect against case where leadership transitions multiple times while server updates
+// internal leadership related structures.
+//
+// This uses a conservative approach - mainly avoid establishing leadership if server already lost it
+//
+// Params:
+//   isLeader: the last value dequeued from channel
+//   ch: leadership channel
+// Returns:
+//   leader: last buffered leadership state
+//   suppressed: true if method dequeued elements from channel
+func suppressLeadershipFlaps(isLeader bool, ch <-chan bool) (leader, suppressed bool) {
+	if !isLeader {
+		return isLeader, false
+	}
+
+	leader = isLeader
+	for {
+		select {
+		case v := <-ch:
+			leader = v
+			suppressed = true
+		default:
+			return leader, suppressed
+		}
+	}
+}
+
 // leaderLoop runs as long as we are the leader to run various
 // maintenance activities
 func (s *Server) leaderLoop(stopCh chan struct{}) {
@@ -148,16 +192,18 @@ RECONCILE:
 	// updates
 	reconcileCh = s.reconcileCh
 
+WAIT:
 	// Poll the stop channel to give it priority so we don't waste time
 	// trying to perform the other operations if we have been asked to shut
 	// down.
 	select {
 	case <-stopCh:
 		return
+	case <-s.shutdownCh:
+		return
 	default:
 	}
 
-WAIT:
 	// Wait until leadership is lost
 	for {
 		select {

diff --git a/nomad/leader_test.go b/nomad/leader_test.go
@@ -1234,3 +1234,93 @@ func waitForStableLeadership(t *testing.T, servers []*Server) *Server {
 
 	return leader
 }
+
+func TestSuppressLeadershipFlaps(t *testing.T) {
+	t.Run("steps down don't get surpressed", func(t *testing.T) {
+		init := false
+		ch := make(chan bool, 5)
+		ch <- true
+
+		leader, suppressed := suppressLeadershipFlaps(init, ch)
+		require.False(t, leader)
+		require.False(t, suppressed)
+
+		select {
+		case v := <-ch:
+			require.True(t, v)
+		default:
+			require.Fail(t, "ch should be ready")
+		}
+	})
+	t.Run("single steps up don't get surpressed", func(t *testing.T) {
+		init := true
+		ch := make(chan bool, 5)
+
+		leader, suppressed := suppressLeadershipFlaps(init, ch)
+		require.True(t, leader)
+		require.False(t, suppressed)
+
+		select {
+		case v := <-ch:
+			require.Failf(t, "channel has ready element unexpected", "element: %v", v)
+		default:
+			// channel isn't ready, yay
+		}
+	})
+	t.Run("single flap gets suppressed", func(t *testing.T) {
+		init := true
+		ch := make(chan bool, 5)
+		ch <- false
+
+		leader, suppressed := suppressLeadershipFlaps(init, ch)
+		require.False(t, leader)
+		require.True(t, suppressed)
+
+		select {
+		case v := <-ch:
+			require.Failf(t, "channel has ready element unexpected", "element: %v", v)
+		default:
+			// channel isn't ready, yay
+		}
+	})
+
+	t.Run("multiple transitions get suppressed, end at true", func(t *testing.T) {
+		init := true
+		ch := make(chan bool, 5)
+		ch <- false
+		ch <- true
+		ch <- false
+		ch <- true
+
+		leader, suppressed := suppressLeadershipFlaps(init, ch)
+		require.True(t, leader)
+		require.True(t, suppressed)
+
+		select {
+		case v := <-ch:
+			require.Failf(t, "channel has ready element unexpected", "element: %v", v)
+		default:
+			// channel isn't ready, yay
+		}
+
+	})
+	t.Run("multiple transitions get suppressed, end at false", func(t *testing.T) {
+		init := true
+		ch := make(chan bool, 5)
+		ch <- false
+		ch <- true
+		ch <- false
+
+		leader, suppressed := suppressLeadershipFlaps(init, ch)
+		require.False(t, leader)
+		require.True(t, suppressed)
+
+		select {
+		case v := <-ch:
+			require.Failf(t, "channel has ready element unexpected", "element: %v", v)
+		default:
+			// channel isn't ready, yay
+		}
+
+	})
+}
diff --git a/nomad/server.go b/nomad/server.go
@@ -1234,8 +1234,8 @@ func (s *Server) setupRaft() error {
 		}
 	}
 
-	// Setup the leader channel
-	leaderCh := make(chan bool, 1)
+	// Set up a channel for reliable leader notifications.
+	leaderCh := make(chan bool, 10)
 	s.config.RaftConfig.NotifyCh = leaderCh
 	s.leaderCh = leaderCh