[Gluster-users] Handling a fuse mount with a failed gluster node

Joe Julian joe at julianfamily.org
Mon Aug 31 22:00:28 UTC 2015


On 08/31/2015 12:35 PM, Grant Ridder wrote:
> Hi,
>
> I am testing out several failure scenarios with GlusterFS. I have a 3 
> node replicated gluster that i am testing with.
>
> One test i am having trouble solving is when a host dies.  (i.e. as if 
> someone pulled the power cord out).
> - Firewall off a host from the rest of the cluster
> - Test time it takes for a fuse mount to respond once the iptables 
> rule is added
>
> With the default settings, the mount hangs for 39 seconds. If i 
> change ping-timeout to 5 then the mount only hangs for 9.3 seconds.  
> Is there anyway to eliminate or get the hang time to a negligible 
> value (less than 1 second)?
>
> I have not seem much about handling GlusterFS failure scenarios with 
> my Googling around.
>
> Several blog posts i have looked at:
> http://thornelabs.net/2015/02/24/change-gluster-volume-connection-timeout-for-glusterfs-native-client.html
> https://joejulian.name/blog/keeping-your-vms-from-going-read-only-when-encountering-a-ping-timeout-in-glusterfs/
>
> Thanks,
> Grant
>
If a client disconnects from a server, you have to reestablish all the 
file descriptors and synchronize the locks when the client reconnects. 
This can be pretty expensive and there's no way to avoid it. To balance 
that, you don't want your clients to disconnect from the servers if a 
packet is lost or takes too long to get a response. That's why the 
connections are TCP, to help mitigate that, and why the client waits for 
some ping-timeout. If it was too short, even server load could trigger a 
disconnection which would be followed by high server load as the 
connection was reestablished, potentially causing a disconnection again.

Pulled power cords or complete system failures, should be a very rare 
occurrence. Typically this is much rarer than a temporary network issue 
which is much more likely to be mitigated in the network fabric and is 
transient enough to allow the ping-timeout to hold the connection long 
enough to avoid the reestablishment of FDs and locks. It's also only an 
issue if your file hash hits that specific replica out of the dht set 
(or the file doesn't exist). If you're using a cluster where server 
failure is frequent enough to be an issue, your dht distribution lowers 
the likelihood of the file being hit to an insignificant statistic.

If you're working with reasonably resilient hardware, you should easily 
be able to engineer for 5 or 6 nines even with a 42 second ping-timeout.


More information about the Gluster-users mailing list