Open chaochn47 opened 2 years ago
Please provide the info below,
etcdctl endpoint status -w json --cluster
# Run command below on each member
./etcd-dump-db iterate-bucket ~/tmp/etcd/infra1.etcd/ meta --decode
Thanks for the comment!
Unfortunately the point-in-time db state on each member was lost.
Corruption check on the new clusters will alarm and print CI in disk if this issue happened again.
if this issue happened again.
Is it easy to reproduce this issue in your environment (dev or production?) ?
Corruption check on the new clusters
Did you just create a new cluster or replace one problematic member with a new one?
Is it easy to reproduce this issue in your environment (dev or production?) ?
It happened in a production cluster created on demand.
I am not even sure where to start the reproduce the error range failed to find revision pair
. I suspect this corruption may happen in boltdb or fs layer or underlying disk.
Did you just create a new cluster or replace one problematic member with a new one?
The oncall operator replaced the problematic member with a new one and everything recovered..
The oncall operator replaced the problematic member with a new one and everything recovered..
Thanks for the feedback. If just one member has issue, in other words majorities are still working well, then most likely the db file of the problematic member was corrupted. Usually you will see panic when you try to execute boltDB CMD in this case, something like 13406. Had the oncall operator in your company tried any BoltDB CMD and confirmed this?
Yeah, I downloaded the snapshot taken from the impacted node before and after the panic.
I ran some bbolt cmds like bbolt check
and some other subcommands (stats) on both db files. The results returned OK and no panic like 13406
I'd like to keep this issue open until second occurrence with WAL log presence.
@chaochn47 do you still have data in your metric system? Can you post other metrics? Seams like something happened on 06/09
etcd_server_is_leader
- wondering if there was leader change on 06/09 or if there were too many leader changes indicating network/load issue.
etcd_server_heartbeat_send_failures_total
to make sure there were not hb failures
etcd_server_snapshot_apply_in_progress_total
just in case there was some anomaly.
rate(etcd_debugging_mvcc_compact_revision[1m])
- to see if all nodes competing at the same rate.
etcd_disk_defrag_inflight
- to see if there were any correlated defrags around 06/09
It's interesting why revision divergence happened on 06/09 but size divergence on 06/19.
Was cluster under heavy load/different load pattern?
@lavacat thanks for taking a look!
We do have data in the metrics and logging system.
etcd_server_is_leader
- wondering if there was leader change on 06/09 or if there were too many leader changes indicating network/load issue.
There is a leadership change around 5 mins before this event. However, we started to see 3 more similar issues happening on other production clusters. They does not have correlation to leader changes.
etcd_server_heartbeat_send_failures_total
to make sure there were not hb failuresetcd_server_snapshot_apply_in_progress_total
just in case there was some anomaly.
No heartbeat failures and no snapshot apply in progress.
rate(etcd_debugging_mvcc_compact_revision[1m])
- to see if all nodes competing at the same rate.etcd_disk_defrag_inflight
- to see if there were any correlated defrags around 06/09
Compaction is driven by kube-apiserver
every 5mins. The compact_revision is consistent until the event.
Defrag is performed by another on-host agent. It does not perform defrag because db_size - db_size_in_use
does not breach 200MiB threshold.
Was cluster under heavy load/different load pattern?
I think the cluster is under light load. The mvcc range, txn, put rate is low and db size is under 25MiB.
I suspected the write Txn failed to write back the buffer to read Txn buffer when a new concurrentReadTxn is created at the same time copied a stale read Txn buffer. But from the code perspective, this seems like not a issue.
The only possibility is the disk write failed and mmap'd data is not reflected somehow.. But disk write failure should have been poped up to the etcd at the same time..
But we are enabling corrupt check, alarming faster, retaining more WAL files, better tooling to investigate, etc. So hopefully next time there will be more information..
Provide a similar case we observed on September 12, 2023.
A 3 etcd cluster returned inconsistent data.
The last 3 relevant logs before the first revision error occurred in the bad node. There is not panic log, such as range failed to find revision pair
.
{
"level": "info",
"ts": "2023-09-12T13:30:55.970Z",
"caller": "mvcc/index.go:189",
"msg": "compact tree index",
"revision": 540040293
}
{
"level": "info",
"ts": "2023-09-12T13:30:56.278Z",
"msg": "finished scheduled compaction",
"compact-revision": 540040293,
"took": "300.432453ms"
}
{
"level": "info",
"ts": "2023-09-12T13:33:06.694Z",
"msg": "purged",
"path": "/mnt/<subpath>/member/snap/0000000000000025-00000000216876b7.snap"
}
kube-controller-manager continuously fail for mvcc revision error.
W0912 13:53:03.296333 11 watcher.go:220] watch chan error: etcdserver: mvcc: required revision has been compacted
E0912 13:49:48.143489 11 status.go:71] apiserver received an error that is not an metav1.Status: rpctypes.EtcdError{code:0xb, desc:"etcdserver: mvcc: required revision is a future revision"}: etcdserver: mvcc: required revision is a future revision
$ etcd --version 3.4.20
It seems the names "revision divergency" and "db size total divergency" confused. m1-m2
seems actually to be db size total divergency
.
Please
etcdctl endpoint status -w json --cluster
, and provide the output.Thanks, updated.
FYI,
{
"Endpoint": "http://xxx:2379/",
"Status": {
"header": {
"cluster_id": 11216169436736817000,
"member_id": 3380614885785619000,
"revision": 540470663,
"raft_term": 37
},
"version": "3.4.20",
"dbSize": 401346560,
"leader": 3587062029378754000,
"raftIndex": 560998036,
"raftTerm": 37,
"raftAppliedIndex": 560998036,
"dbSizeInUse": 207654912
}
}
{
"Endpoint": "http://xxx:2379/",
"Status": {
"header": {
"cluster_id": 11216169436736817000,
"member_id": 3587062029378754000,
"revision": 540470663,
"raft_term": 37
},
"version": "3.4.20",
"dbSize": 401272832,
"leader": 3587062029378754000,
"raftIndex": 560998036,
"raftTerm": 37,
"raftAppliedIndex": 560998036,
"dbSizeInUse": 207732736
}
}
{
"Endpoint": "http://xxx:2379/",
"Status": {
"header": {
"cluster_id": 11216169436736817000,
"member_id": 15037885980601823000,
"revision": 540057523,
"raft_term": 37
},
"version": "3.4.20",
"dbSize": 401489920,
"leader": 3587062029378754000,
"raftIndex": 560998036,
"raftTerm": 37,
"raftAppliedIndex": 560998036,
"dbSizeInUse": 192278528
}
}
We’re not allowed to share customer data.
$ ./etcd-dump-db iterate-bucket path-2-db meta --decode
key="scheduledCompactRev", value={2804621 0}
key="finishedCompactRev", value={2804621 0}
key="consistent_index", value=3050985
Provide a case we observed on Nov 1, 2023.
A 3 etcd cluster returned inconsistent data.
etcd version: 3.4.18
Run etcdctl
get 3 netmaster
pods on 2 normal nodes. But get 5 netmaster
pods on the 1 bad node(we have deleted the 2 netmaster
pods)
A panic occurred during operation, it seems that the data is inconsistent after etcd restarting, no errors were detected at startup. ( I don't think it's related with #266 )
RaftIndex
、AppliedIndex
of the 3 nodes is consistentbbolt check
returns OK
etcd-dump-db
, there are indeed 5 netmaster
pods in bbolt. But it seems that the revision
gap is relatively large with the normal node, but I am not completely sure that the pod has not been deleted and rebuilt. experimental-initial-corrupt-check
is disabled.Bad node
Normal node
Do you have any suggestions on the direction of investigation? I haven't been able to reproduce it yet. @ahrtr @serathius
I am working on reproducing for bbolt data inconsistency. Will update it if I find out something. @Tachone
@Tachone Would you mind sharing what experimental-backend-bbolt-freelist-type
value you are using? thanks
@Tachone Would you mind sharing what
experimental-backend-bbolt-freelist-type
value you are using? thanks
--experimental-backend-bbolt-freelist-type 'array', default value in 3.4.18 @fuweid
@fuweid
I think there are some important information to help reproduce
@Tachone Thanks!
- the machine may under heavy load when the problem occurred
The machine wasn't restarted, is it correct? Is there any useful kernel message in dmesg
?
- bbolt panic twice on different pages in 2 days, etcd restarted normally
After bbolt panic, etcd still can restart and serve requests?
- the bad etcd node has no consistent <rev,KeyValue> data in bbolt with other nodes since rev={main:1054916837, sub:0}
For the bad etcd node, after leader replicated the log, it can catch up with other two nodes?
@fuweid
I have seen couple of corruptions, but nothing following a single pattern that would suggest a application issue. I would attribute them mostly to memory stamping (page is written under wrong page id). Still investigating them would be useful to propose additional debug information and safeguards that would give us more insight into the problem.
My suggestion would be to separate the investigation, handle each report as independent issue as long as there is no strong suggestion that they have exactly the same root cause.
Discussed during sig-etcd triage meeting, @ahrtr is this issue still valid? There is a suggestion above we handle each report of this data corruption as it's own issue as the root cause may not be the same.
What happened?
A 3 etcd cluster returned inconsistent data.
'bad' Node
kube-controller-manager continuously cannot update its lock due to partial data in etcd.
What did you expect to happen?
The error
range failed to find revision pair
should never ever happen because read transaction will either read from write buffer or boltdb.We reported this case as a reference.
How can we reproduce it (as minimally and precisely as possible)?
Unfortunately, I don't have any clue to reproduce it.
Anything else we need to know?
Etcd version (please run commands below)
Etcd configuration (command line flags or environment variables)
Etcd debug information (please run commands blow, feel free to obfuscate the IP address or FQDN in the output)
Relevant log output
No response