Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Reconfigurator: Decommission cockroach nodes that belong to expunged cockroach omicron zones #5903

Merged
merged 10 commits into from
Jul 2, 2024

Conversation

jgallagher
Copy link
Contributor

This adds a "decommission a node" endpoint to the cockroach-admin server, and a step to blueprint execution to clean up any expunged zones (which for now, only does anything for cockroach).

Before merging, I need to run this through a4x2 and try expunging a sled running cockroach to ensure this is all working end-to-end, but I think it's close enough to be ready for review.

.await
}

async fn invoke_cli_with_format_csv<'a, F, I, T>(
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fancy schmancy

@@ -203,17 +229,146 @@ impl NodeStatus {
}
}

// The cockroach CLI and `crdb_internal.gossip_liveness` table use a string for
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice way to deal with this!

@@ -435,4 +653,82 @@ mod tests {
db.cleanup().await.unwrap();
logctx.cleanup_successful();
}

// Ensure that if `cockroach node decommission` changes in a future CRDB
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I was going to suggest something like this, and here it is! Thanks for adding this.

@@ -914,8 +914,8 @@ impl Nexus {
*mid
}

pub(crate) async fn resolver(&self) -> internal_dns::resolver::Resolver {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I definitely came across this recently as well. Good fix.

@@ -85,29 +100,235 @@ pub(crate) async fn deploy_zones(
}
}

/// Idempontently perform any cleanup actions necessary for expunged zones.
///
/// # Panics
Copy link
Contributor

@andrewjstone andrewjstone Jun 17, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Presumably we could instead log an error and return rather than taking out Nexus. I'm a bit concerned about taking out nexus, because it limits our debugging ability via omdb and the API. This is a pretty serious error, and hard to do accidentally though. It also leaves things in a state where invariants may be violated, which is almost certainly why a panic is the right thing to do.

Presumably in the future we will have an E2E test that actually runs the reconfigurator and will panic if the caller in execution/src/lib.rs gets changed. However, even with that test we cannot guarantee the absence of new callers doing the wrong thing.

Thinking about whether it's better to panic or log is definitely a false dichotomy also, and only exists because we don't have other options. It would be pretty great if we could instead trigger an alert and prevent the reconfigurator from running without an override rather than killing nexus, which will end up in all Nexuses eventually panicking because of the timer based activation of the executor.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think we can also reasonably do nothing here; just make this function filter out any non-expunged zones. It's a little less obvious, but much easier to use safely - call it with whatever zones you want, and it cleans up any expunged ones. Changed in 2d0c388

@jgallagher
Copy link
Contributor Author

Testing this in a4x2 looks good. I used reconfigurator-cli (with a new blueprint-edit ... add-cockroach ... commanded added in 7da5709) to add a sixth CRDB to a newly-added sled (g2):

 MODIFIED SLEDS:

  sled 7a8d1c79-1948-4bfc-b67b-7f8cf79448b7:

    physical disks at generation 1:
    -------------------------------------------------------------
    vendor             model                serial
    -------------------------------------------------------------
    synthetic-vendor   synthetic-model-U2   synthetic-serial-g2_0
    synthetic-vendor   synthetic-model-U2   synthetic-serial-g2_1
    synthetic-vendor   synthetic-model-U2   synthetic-serial-g2_2
    synthetic-vendor   synthetic-model-U2   synthetic-serial-g2_3
    synthetic-vendor   synthetic-model-U2   synthetic-serial-g2_4


    omicron zones generation 3 -> 4:
    ------------------------------------------------------------------------------------------
    zone type      zone id                                disposition   underlay IP
    ------------------------------------------------------------------------------------------
    crucible       1eb6a322-5944-4dcf-a14f-86142948ac17   in service    fd00:1122:3344:121::26
    crucible       b0f3b746-b971-4c02-95cd-dd1f303ac110   in service    fd00:1122:3344:121::24
    crucible       d8c99c7e-dafa-41c5-9c27-dfca1c6ebef4   in service    fd00:1122:3344:121::22
    crucible       e542e13b-a4a1-4f7b-9c07-87eeadcc2b2a   in service    fd00:1122:3344:121::23
    crucible       f6d65582-bd2c-47ba-acde-80ec3fb03ae0   in service    fd00:1122:3344:121::25
    internal_ntp   588da6a1-bbfc-495c-ac04-b7e7e84eea70   in service    fd00:1122:3344:121::21
+   cockroach_db   24a16f17-ce43-488d-855d-9ee8de942ee9   in service    fd00:1122:3344:121::27

Confirming that the add sled / add crdb worked, we see that new sixth CRDB in DNS:

root@oxz_switch:~# omdb db dns names internal 4 | grep -A 10 cockroach
  _cockroach._tcp                                    (records: 6)
      SRV  port 32221 10521aa3-e076-4f9c-9029-48e021b5a2b0.host.control-plane.oxide.internal
      SRV  port 32221 24a16f17-ce43-488d-855d-9ee8de942ee9.host.control-plane.oxide.internal
      SRV  port 32221 9858dad0-d2b0-4b73-af79-23080efcb385.host.control-plane.oxide.internal
      SRV  port 32221 a5e89402-f9d5-4667-845a-05b928727a5e.host.control-plane.oxide.internal
      SRV  port 32221 ac17441a-c0e3-46c4-992c-deb2608146bf.host.control-plane.oxide.internal
      SRV  port 32221 c96d8069-ae05-4f42-8d24-ace851097891.host.control-plane.oxide.internal
  _crucible-pantry._tcp                              (records: 3)
      SRV  port 17000 3dcd800b-0421-4402-992c-72978f4965c0.host.control-plane.oxide.internal

and as part of the cockroach cluster:

root@oxz_cockroachdb_10521aa3:~# /opt/oxide/cockroachdb/bin/cockroach node status --url postgresql://root@[fd00:1122:3344:121::27]:32221 --insecure
  id |            address             |          sql_address           |     build     |         started_at         |         updated_at         | locality | is_available | is_live
-----+--------------------------------+--------------------------------+---------------+----------------------------+----------------------------+----------+--------------+----------
   1 | [fd00:1122:3344:101::3]:32221  | [fd00:1122:3344:101::3]:32221  | v22.1.9-dirty | 2024-07-02 15:44:28.454757 | 2024-07-02 19:28:00.27529  |          | true         | true
   2 | [fd00:1122:3344:102::3]:32221  | [fd00:1122:3344:102::3]:32221  | v22.1.9-dirty | 2024-07-02 15:46:32.222943 | 2024-07-02 19:28:02.408237 |          | true         | true
   3 | [fd00:1122:3344:103::3]:32221  | [fd00:1122:3344:103::3]:32221  | v22.1.9-dirty | 2024-07-02 15:39:25.594933 | 2024-07-02 19:28:00.421985 |          | true         | true
   4 | [fd00:1122:3344:102::4]:32221  | [fd00:1122:3344:102::4]:32221  | v22.1.9-dirty | 2024-07-02 15:45:50.134066 | 2024-07-02 19:28:03.167181 |          | true         | true
   5 | [fd00:1122:3344:101::4]:32221  | [fd00:1122:3344:101::4]:32221  | v22.1.9-dirty | 2024-07-02 15:44:23.103929 | 2024-07-02 19:28:02.857034 |          | true         | true
   6 | [fd00:1122:3344:121::27]:32221 | [fd00:1122:3344:121::27]:32221 | v22.1.9-dirty | 2024-07-02 19:24:30.06719  | 2024-07-02 19:28:01.690893 |          | true         | true
(6 rows)

I then hyperstopped g2, and cockroach realized the node was no longer available / live:

  id |            address             |          sql_address           |     build     |         started_at         |         updated_at         | locality | is_available | is_live
-----+--------------------------------+--------------------------------+---------------+----------------------------+----------------------------+----------+--------------+----------
   1 | [fd00:1122:3344:101::3]:32221  | [fd00:1122:3344:101::3]:32221  | v22.1.9-dirty | 2024-07-02 15:44:28.454757 | 2024-07-02 19:29:48.269715 |          | true         | true
   2 | [fd00:1122:3344:102::3]:32221  | [fd00:1122:3344:102::3]:32221  | v22.1.9-dirty | 2024-07-02 15:46:32.222943 | 2024-07-02 19:29:45.899391 |          | true         | true
   3 | [fd00:1122:3344:103::3]:32221  | [fd00:1122:3344:103::3]:32221  | v22.1.9-dirty | 2024-07-02 15:39:25.594933 | 2024-07-02 19:29:48.411713 |          | true         | true
   4 | [fd00:1122:3344:102::4]:32221  | [fd00:1122:3344:102::4]:32221  | v22.1.9-dirty | 2024-07-02 15:45:50.134066 | 2024-07-02 19:29:46.664649 |          | true         | true
   5 | [fd00:1122:3344:101::4]:32221  | [fd00:1122:3344:101::4]:32221  | v22.1.9-dirty | 2024-07-02 15:44:23.103929 | 2024-07-02 19:29:46.344012 |          | true         | true
   6 | [fd00:1122:3344:121::27]:32221 | [fd00:1122:3344:121::27]:32221 | v22.1.9-dirty | 2024-07-02 19:24:30.06719  | 2024-07-02 19:29:24.017146 |          | false        | false
(6 rows)

I then expunged the sled and generated a new blueprint which expunged all its zones:

 MODIFIED SLEDS:

  sled 7a8d1c79-1948-4bfc-b67b-7f8cf79448b7:

    physical disks from generation 1:
    -------------------------------------------------------------
    vendor             model                serial
    -------------------------------------------------------------
-   synthetic-vendor   synthetic-model-U2   synthetic-serial-g2_0
-   synthetic-vendor   synthetic-model-U2   synthetic-serial-g2_1
-   synthetic-vendor   synthetic-model-U2   synthetic-serial-g2_2
-   synthetic-vendor   synthetic-model-U2   synthetic-serial-g2_3
-   synthetic-vendor   synthetic-model-U2   synthetic-serial-g2_4


    omicron zones generation 4 -> 5:
    -------------------------------------------------------------------------------------------
    zone type      zone id                                disposition    underlay IP
    -------------------------------------------------------------------------------------------
*   cockroach_db   24a16f17-ce43-488d-855d-9ee8de942ee9   - in service   fd00:1122:3344:121::27
     └─                                                   + expunged
*   crucible       1eb6a322-5944-4dcf-a14f-86142948ac17   - in service   fd00:1122:3344:121::26
     └─                                                   + expunged
*   crucible       b0f3b746-b971-4c02-95cd-dd1f303ac110   - in service   fd00:1122:3344:121::24
     └─                                                   + expunged
*   crucible       d8c99c7e-dafa-41c5-9c27-dfca1c6ebef4   - in service   fd00:1122:3344:121::22
     └─                                                   + expunged
*   crucible       e542e13b-a4a1-4f7b-9c07-87eeadcc2b2a   - in service   fd00:1122:3344:121::23
     └─                                                   + expunged
*   crucible       f6d65582-bd2c-47ba-acde-80ec3fb03ae0   - in service   fd00:1122:3344:121::25
     └─                                                   + expunged
*   internal_ntp   588da6a1-bbfc-495c-ac04-b7e7e84eea70   - in service   fd00:1122:3344:121::21
     └─                                                   + expunged

After setting this as the new target blueprint, the sixth CRDB was removed from the cluster:

root@oxz_cockroachdb_10521aa3:~# /opt/oxide/cockroachdb/bin/cockroach node status --url postgresql://root@[fd00:1122:3344:101::4]:32221 --insecure
  id |            address            |          sql_address          |     build     |         started_at         |         updated_at         | locality | is_available | is_live
-----+-------------------------------+-------------------------------+---------------+----------------------------+----------------------------+----------+--------------+----------
   1 | [fd00:1122:3344:101::3]:32221 | [fd00:1122:3344:101::3]:32221 | v22.1.9-dirty | 2024-07-02 15:44:28.454757 | 2024-07-02 19:31:18.257903 |          | true         | true
   2 | [fd00:1122:3344:102::3]:32221 | [fd00:1122:3344:102::3]:32221 | v22.1.9-dirty | 2024-07-02 15:46:32.222943 | 2024-07-02 19:31:15.89025  |          | true         | true
   3 | [fd00:1122:3344:103::3]:32221 | [fd00:1122:3344:103::3]:32221 | v22.1.9-dirty | 2024-07-02 15:39:25.594933 | 2024-07-02 19:31:18.404211 |          | true         | true
   4 | [fd00:1122:3344:102::4]:32221 | [fd00:1122:3344:102::4]:32221 | v22.1.9-dirty | 2024-07-02 15:45:50.134066 | 2024-07-02 19:31:16.650965 |          | true         | true
   5 | [fd00:1122:3344:101::4]:32221 | [fd00:1122:3344:101::4]:32221 | v22.1.9-dirty | 2024-07-02 15:44:23.103929 | 2024-07-02 19:31:16.347864 |          | true         | true
(5 rows)

If I ask for the status of --all nodes, it shows up as decommissioning:

root@oxz_cockroachdb_10521aa3:~# /opt/oxide/cockroachdb/bin/cockroach node status --url postgresql://root@[fd00:1122:3344:101::4]:32221 --insecure --all
  id |            address             |          sql_address           |     build     |         started_at         |         updated_at         | locality | is_available | is_live | replicas_leaders | replicas_leaseholders | ranges | ranges_unavailable | ranges_underreplicated | live_bytes | key_bytes | value_bytes | intent_bytes | system_bytes | gossiped_replicas | is_decommissioning |   membership    | is_draining
-----+--------------------------------+--------------------------------+---------------+----------------------------+----------------------------+----------+--------------+---------+------------------+-----------------------+--------+--------------------+------------------------+------------+-----------+-------------+--------------+--------------+-------------------+--------------------+-----------------+--------------
   1 | [fd00:1122:3344:101::3]:32221  | [fd00:1122:3344:101::3]:32221  | v22.1.9-dirty | 2024-07-02 15:44:28.454757 | 2024-07-02 19:31:27.260005 |          |         true |    true |               30 |                    30 |    137 |                  0 |                     28 |  306301585 |  10806486 |   324412309 |          606 |       153020 |        137        |              false |     active      |  false
   2 | [fd00:1122:3344:102::3]:32221  | [fd00:1122:3344:102::3]:32221  | v22.1.9-dirty | 2024-07-02 15:46:32.222943 | 2024-07-02 19:31:24.892597 |          |         true |    true |               35 |                    35 |    137 |                  0 |                     29 |    8916831 |  10394417 |    23780581 |          606 |       163821 |        137        |              false |     active      |  false
   3 | [fd00:1122:3344:103::3]:32221  | [fd00:1122:3344:103::3]:32221  | v22.1.9-dirty | 2024-07-02 15:39:25.594933 | 2024-07-02 19:31:27.399052 |          |         true |    true |               29 |                    29 |    137 |                  0 |                     24 |  303820064 |  11936990 |   318174497 |          606 |       152979 |        137        |              false |     active      |  false
   4 | [fd00:1122:3344:102::4]:32221  | [fd00:1122:3344:102::4]:32221  | v22.1.9-dirty | 2024-07-02 15:45:50.134066 | 2024-07-02 19:31:25.654523 |          |         true |    true |               30 |                    30 |    136 |                  0 |                     30 |  304676273 |  12291385 |   323314799 |            0 |       151330 |        136        |              false |     active      |  false
   5 | [fd00:1122:3344:101::4]:32221  | [fd00:1122:3344:101::4]:32221  | v22.1.9-dirty | 2024-07-02 15:44:23.103929 | 2024-07-02 19:31:25.335301 |          |         true |    true |               27 |                    27 |    136 |                  0 |                     21 |  301294241 |  11345728 |   311795075 |         2927 |       160575 |        136        |              false |     active      |  false
   6 | [fd00:1122:3344:121::27]:32221 | [fd00:1122:3344:121::27]:32221 | v22.1.9-dirty | 2024-07-02 19:24:30.06719  | 2024-07-02 19:31:18.300583 |          |        false |   false |               33 |                    33 |    132 |                  0 |                      0 |  303161512 |   7467433 |   318837977 |          606 |       158108 |         0         |               true | decommissioning |  false
(6 rows)

I also confirmed we had a DNS version bump that goes back to just the original 5 CRDB zones:

root@oxz_switch:~# omdb db dns show
GROUP    ZONE                         ver UPDATED              REASON
internal control-plane.oxide.internal 5   2024-07-02T19:31:17Z blueprint 34bc1f2e-fdbb-45b8-a421-02da39c02a40 (sled 7a8d1c79-1948-4bfc-b67b-7f8cf79448b7: expunged 7 zones because: sled policy is expunged)
external oxide.test                   2   2024-07-02T15:48:24Z create silo: "recovery"
root@oxz_switch:~# omdb db dns names internal 5 | grep -A 10 cockroach
  _cockroach._tcp                                    (records: 5)
      SRV  port 32221 10521aa3-e076-4f9c-9029-48e021b5a2b0.host.control-plane.oxide.internal
      SRV  port 32221 9858dad0-d2b0-4b73-af79-23080efcb385.host.control-plane.oxide.internal
      SRV  port 32221 a5e89402-f9d5-4667-845a-05b928727a5e.host.control-plane.oxide.internal
      SRV  port 32221 ac17441a-c0e3-46c4-992c-deb2608146bf.host.control-plane.oxide.internal
      SRV  port 32221 c96d8069-ae05-4f42-8d24-ace851097891.host.control-plane.oxide.internal
  _crucible-pantry._tcp                              (records: 3)
      SRV  port 17000 3dcd800b-0421-4402-992c-72978f4965c0.host.control-plane.oxide.internal

It took about 6 minutes for cockroach to transition the node from decommissioning to decommissioned, but that did eventually happen:

root@oxz_cockroachdb_10521aa3:~# /opt/oxide/cockroachdb/bin/cockroach node status --url postgresql://root@[fd00:1122:3344:101::4]:32221 --insecure --all
  id |            address             |          sql_address           |     build     |         started_at         |         updated_at         | locality | is_available | is_live | replicas_leaders | replicas_leaseholders | ranges | ranges_unavailable | ranges_underreplicated | live_bytes | key_bytes | value_bytes | intent_bytes | system_bytes | gossiped_replicas | is_decommissioning |   membership   | is_draining
-----+--------------------------------+--------------------------------+---------------+----------------------------+----------------------------+----------+--------------+---------+------------------+-----------------------+--------+--------------------+------------------------+------------+-----------+-------------+--------------+--------------+-------------------+--------------------+----------------+--------------
   1 | [fd00:1122:3344:101::3]:32221  | [fd00:1122:3344:101::3]:32221  | v22.1.9-dirty | 2024-07-02 15:44:28.454757 | 2024-07-02 19:40:09.202072 |          |         true |    true |               33 |                    33 |    163 |                  0 |                      0 |  318422979 |  13519615 |   337977059 |          606 |       227082 |        163        |              false |     active     |    false
   2 | [fd00:1122:3344:102::3]:32221  | [fd00:1122:3344:102::3]:32221  | v22.1.9-dirty | 2024-07-02 15:46:32.222943 | 2024-07-02 19:40:11.347991 |          |         true |    true |               38 |                    38 |    163 |                  0 |                      0 |  318467219 |  13519699 |   338021454 |          606 |       227082 |        163        |              false |     active     |    false
   3 | [fd00:1122:3344:103::3]:32221  | [fd00:1122:3344:103::3]:32221  | v22.1.9-dirty | 2024-07-02 15:39:25.594933 | 2024-07-02 19:40:09.359676 |          |         true |    true |               31 |                    31 |    163 |                  0 |                      0 |  318334499 |  13519543 |   337888447 |          606 |       227082 |        163        |              false |     active     |    false
   4 | [fd00:1122:3344:102::4]:32221  | [fd00:1122:3344:102::4]:32221  | v22.1.9-dirty | 2024-07-02 15:45:50.134066 | 2024-07-02 19:40:12.104576 |          |         true |    true |               32 |                    32 |    163 |                  0 |                      0 |  318422979 |  13519639 |   337977105 |          606 |       227082 |        163        |              false |     active     |    false
   5 | [fd00:1122:3344:101::4]:32221  | [fd00:1122:3344:101::4]:32221  | v22.1.9-dirty | 2024-07-02 15:44:23.103929 | 2024-07-02 19:40:11.784579 |          |         true |    true |               29 |                    29 |    163 |                  0 |                      0 |  318422979 |  13519687 |   337977193 |          606 |       227082 |        163        |              false |     active     |    false
   6 | [fd00:1122:3344:121::27]:32221 | [fd00:1122:3344:121::27]:32221 | v22.1.9-dirty | 2024-07-02 19:24:30.06719  | 2024-07-02 19:37:41.5104   |          |        false |   false |             NULL |                  NULL |   NULL |               NULL |                   NULL |       NULL |      NULL |        NULL |         NULL |         NULL |         0         |               true | decommissioned |    false
(6 rows)

@jgallagher jgallagher merged commit 6179905 into main Jul 2, 2024
21 checks passed
@jgallagher jgallagher deleted the john/decommission-expunged-crdb-nodes branch July 2, 2024 20:58
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants