HomeMesosphereNo notifications. 4 unresolved issues.
  • Search
Differential D733

Simplify leader election code
ClosedAll Users
Actions

Authored by ichernetsky on Apr 26 2017, 6:34 PM.

Details

Reviewers
timcharper
meichstedt
jeschkies
zen-dog
kensipe
unterstein
jdef
jenkins
Commits
rMARATHONc85639f12298: Simplify leader election code
rMARATHON8cd913e203f4: Update a few comments per Aleksey's request
rMARATHON0ebe9270cd0f: Simplify leader election code
rMARATHON6b2c45b12adb: Simplify leader election code
rMARATHONa67a7e44339d: Simplify leader election code
JIRA Issues
JIRA MARATHON-4083 Provide and use crashing strategy interface
JIRA MARATHON-2008 Simplify leadership election code
Summary

"Simplify" means here basically two things: 1) reduce the number of states and their transitions, and 2) fail-fast instead of doing complex state-machine logic

Test Plan

Manual testing of various failure scenarious + run all kinds of automated testing

Diff Detail

Repository
rMARATHON marathon
Lint
Automatic diff as part of commit; lint not applicable.
Unit
Automatic diff as part of commit; unit tests not applicable.
There are a very large number of changes, so older changes are hidden. Show Older Changes
timcharper added a comment.Jun 23 2017, 10:01 PM

@zen-dog I think we might have some further simplification potential here; what would you think if we continued to boil this down to it's essence before embarking on effort to fix? @ichernetsky and I are going to talk on Tuesday

timcharper added a comment.Jun 23 2017, 10:03 PM

Also, what do you think if we land the patch as is? There is substantial improvement already and the history for this one is getting quite long.

timcharper added a comment.Jun 23 2017, 10:03 PM

(oh, except for our test coverage went down significantly :) we should address this)

kensipe accepted this revision.Jun 27 2017, 5:19 PM

I support merging this is and any additional enhancement coming from another PR.
Long review and lgtm

ichernetsky planned changes to this revision.Jun 27 2017, 8:00 PM

@zen-dog, I added a few words to ElectionService's Scaladoc comment. And since we don't have an (explicit) FSM anymore, I think there is not much to add at this point.

@timcharper, I've restored CuratorElectionServiceTest. Previously most of the state transitions/method invocations were tested using ElectionServiceBase. Now a real ZK is required to do so, which means we need to have integration tests to achieve that, I believe. Partially, the test coverage went down because of that. The other reason is the total number of state transitions got reduced.

ichernetsky updated this revision to Diff 3641.Jun 27 2017, 8:00 PM
  • Restore CuratorElectionServiceTest
  • Expand ElectionService's Scaladoc comment
jenkins requested changes to this revision.Jun 27 2017, 8:20 PM
This revision now requires changes to proceed.Jun 27 2017, 8:20 PM
jenkins added a comment.Jun 27 2017, 8:20 PM
✗ Build of 3641 failed jenkins-public-marathon-phabricator-362.

Error message:

Stage Compile and Test failed.

(๑′°︿°๑)

zen-dog added a comment.Jun 29 2017, 10:03 AM

Could you please go through https://jira.mesosphere.com/browse/MARATHON_EE-1542 and verify that that condition is not possible after your fix? I know writing a test would probably be very hard so a "thought experiment" would suffice. Thx.

ichernetsky added a comment.Jun 29 2017, 4:48 PM

@zen-dog, I will do it, but is it somehow connected to the fact that you kept "reject" to this patch?

timcharper accepted this revision.Jun 29 2017, 10:49 PM

Checking for that case is wise. I haven't looked into it too deeply and am not currently sure if there is a way we can make more obvious the case mentioned by Aleksey, or what's been explored in that area. But having an explanation for why it does not affect the post-refactor here is good. Pending that, I approve! Great work!

zen-dog added a comment.Jul 4 2017, 4:14 PM

I have to say that the logic looks much cleaner and I like the fact that it's flat now. I have a couple of questions/nits/better docs request but nothing that would justify a reject.
However before you merge please:

  • create a jenkins loop (copy of the existing ones, edit and put your branch) and let it run for at least 24h - I'd like to make sure we're not adding to existing flakiness

after the merge we should soak test this:

  • talk to Armand/Viktor so we can soak-test an according snapshot (will probably require to merge it to dcos-ee)
  • you should also talk to our chaos-engineering team so they run the chaos-tests with this snapshot - last bug in re-election code was found by them

Thx again for great patch!

src/main/scala/mesosphere/marathon/MarathonSchedulerService.scala
235

I don't think this comment still makes sense since we removed the extra abdication parameters.

src/main/scala/mesosphere/marathon/core/election/ElectionService.scala
21

This is a good start for a class doc :thumbup: However I would be also interested in the complete chain of events e.g.:

  • -> where do ZK/CuratorService events come in?
  • -> what happens after we're elected? What events are sent through the system?
  • -> what parts of the chain happens synchronously vs. asynchronously and can happen parallel to other events?

I know that "the code is self-explanatory" and "why dont you just read the code" but having full chain of events, concurrency model and guaranties explained goes a long way. Sry if it feels like I'm the pain in the neck :)

src/main/scala/mesosphere/marathon/core/election/impl/CuratorElectionService.scala
106

So if we were offered leadership twice in a short period of time, neither will succeed and marathon will exit? Can't this lead to a scenario where marathon gets too many leadership offers but is not able to act on them successfully?

zen-dog accepted this revision.Jul 4 2017, 4:14 PM
ichernetsky marked 3 inline comments as done.Jul 6 2017, 8:44 PM

Regarding a Jenkins loop job, soaking it and probably getting in touch with the Chaos engineering team — it all makes sense and I will do it. Thanks for the review.

src/main/scala/mesosphere/marathon/MarathonSchedulerService.scala
235

I think it still makes sense because it is more about leadership abdication, not the method's parameters. It is more about the fact that driver.foreach is used, because it can be set to None in stopDriver() before this line gets to execute. What do you think?

src/main/scala/mesosphere/marathon/core/election/ElectionService.scala
21

where do ZK/CuratorService events come in? — I don't get what you mean here.
what happens after we're elected? — it is already documented in both ElectionService and ElectionCandidate.
what events are sent through the system? — done.
what parts of the chain happens synchronously vs. asynchronously and can happen parallel to other events? — All methods are synchronous which should be expected by default because no future is returned and no callback is accepted in any method.

src/main/scala/mesosphere/marathon/core/election/impl/CuratorElectionService.scala
106

If a leadership is offered more than once, then it is a (I would say, severe) bug in the code. As of now, only MarathonScheculerService invokes this method, and surely it is supposed to do so only once during start-up. Therefore, stopping is a proper action here, I deem.

ichernetsky updated this revision to Diff 3723.Jul 6 2017, 8:45 PM
ichernetsky marked 3 inline comments as done.
  • Update a few comments per Aleksey's request
jenkins requested changes to this revision.Jul 6 2017, 8:48 PM
This revision now requires changes to proceed.Jul 6 2017, 8:48 PM
jenkins added a comment.Jul 6 2017, 9:03 PM
✗ Build of 3723 failed jenkins-public-marathon-phabricator-443.

Error message:

Stage Compile and Test failed.

(๑′°︿°๑)

ichernetsky updated this revision to Diff 3763.Jul 12 2017, 6:28 PM

Make tests stable again on Amazon instances by getting rid of intercepting calls to shutdown JVM

jenkins requested changes to this revision.Jul 12 2017, 6:28 PM
This revision now requires changes to proceed.Jul 12 2017, 6:28 PM
jenkins added a comment.Jul 12 2017, 6:44 PM
✗ Build of 3763 failed jenkins-public-marathon-phabricator-487.

Error message:

Stage Compile and Test failed.

(๑′°︿°๑)

timcharper added a comment.Jul 12 2017, 8:20 PM

Thanks for introducing crashing strategy; does it make sense to link the patch to the issue? Great work, Ivan!

src/main/scala/mesosphere/marathon/core/election/impl/ElectionServiceMetrics.scala
23

I commented in a ticket that reporting leader metrics for non-ha mode is misleading. But, it matches old behavior and I think this is great for now. Let's move forward.

timcharper accepted this revision.Jul 12 2017, 8:21 PM
ichernetsky added 1 JIRA issue(s): MARATHON-4083.Jul 12 2017, 8:22 PM

Linked it to the Jira issue. Thanks for the quick review, Tim.

jenkins added a comment.Jul 12 2017, 8:49 PM
✗ Build of 3763 failed jenkins-public-marathon-phabricator-490.

Error message:

Stage Compile and Test failed.

(๑′°︿°๑)

jenkins added a comment.Jul 12 2017, 9:03 PM
✗ Build of 3763 failed jenkins-public-marathon-phabricator-491.

Error message:

Stage Compile and Test failed.

(๑′°︿°๑)

jenkins accepted this revision.Jul 12 2017, 10:17 PM
This revision is now accepted and ready to land.Jul 12 2017, 10:17 PM
jenkins added a comment.Jul 12 2017, 10:17 PM
✔ Build of 3763 completed jenkins-public-marathon-phabricator-492.

You can create a DC/OS with your patched Marathon by creating a new pull
request with the following changes in buildinfo.json:

"url": "https://downloads.mesosphere.io/marathon/snapshots/marathon-1.5.0-SNAPSHOT-643-gf8e47a6.tgz",
"sha1": "32a6184e86fb67c2956629e1508ff3dc8096e0a0"

\\ ٩( ᐛ )و //

jeschkies added inline comments.Jul 13 2017, 11:28 AM
src/main/scala/mesosphere/marathon/core/election/impl/PseudoElectionService.scala
25–26

Hm, it seems this class shares a lot of logic with CuratorElectionService. How are they different? Is there a way to share some logic?

src/test/scala/mesosphere/marathon/core/election/impl/PseudoElectionServiceTest.scala
33

It seems we are not testing CuratorElectionService. Is this impression correct?

63–64

Sweet!

ichernetsky added inline comments.Jul 13 2017, 4:34 PM
src/main/scala/mesosphere/marathon/core/election/impl/PseudoElectionService.scala
25–26

I see a vicious circle right there. I feel like I can write a book about trade-offs when implementing leader election which relies on an external service like ZooKeeper. :)

This is exactly what I was asked for from the very beginning: get rid of ElectionServiceBase. My first step was to simplify things, and reduce the number of states and their transitions in ElectionServiceBase, which lead to to renaming of it to ElectionServiceFSM because it started to look like a real FSM. It wasn't enough, and it led to this further simplification at the expense of having this duplicated code. It seems we are headed towards Akka Streams. This code duplication won't be there anymore after another round of refactoring of this code. On the other hand, if one imagines a two-level inheritance tree with one parent and multiple children as a horizontal thing as a apposed to a vertical thing, where the parent make calls into children and vice versa, it can be seen very well as a message-passing with compile-time checks of it.

Long story short, it is what it is. The decision was made, it is too late to change it drastically at this point. Though I do see that

  1. CuratorElectionService is harder to test now, because previously most of it was tested by testing ElectionServiceBase
  2. There is code duplication.

we should keep this intermediate approach, move on, and have it refactored to make it leverage Akka Streams later, after 1.10 release.

src/test/scala/mesosphere/marathon/core/election/impl/PseudoElectionServiceTest.scala
33

It is correct. Please refer to my comment to your first one. Most of it was tested using ElectionServiceBase/FSM before, but since most of the code is not shared between CuratorElectionService and PseudoElectionService, it is gone. Now testing of it would require running ZK, which looks more like SI testing at least.

kensipe accepted this revision.Jul 17 2017, 8:14 PM
jdef added inline comments.Jul 17 2017, 10:18 PM
build.sbt
22

seems unrelated to leader election. why is this change here?

src/main/scala/mesosphere/marathon/MarathonSchedulerActor.scala
442

why is this linter rule needed?

src/main/scala/mesosphere/marathon/core/base/CrashStrategy.scala
10

why not a sealed trait here?

14

case object (if we use sealed trait above)?

src/main/scala/mesosphere/marathon/core/election/impl/CuratorElectionService.scala
52

not that it's related to this change (because this just looks like a rename) but what's the impact of using a separate execution context here, vs. the "global" one that has support for the injected Context stuff Jason wrote?

https://github.com/mesosphere/marathon/blob/master/src/main/scala/mesosphere/marathon/core/async/ExecutionContexts.scala

55

leadershipOffered and acquiringLeadership function more like single-use latches. it might make sense to either (a) document that, or else; (b) wrap with a helper type that only allows a single-use one-way transition:

package mesosphere.marathon;
package core.async;

final class Latch {
  private[this] val counter = new Semaphore(1)
  def acquire: Option[Done] = 
    // use of Option return type forces pattern matches to deal w/ all alternatives, likely highly desirable
    if(counter.tryAcquire()) Some(Done) else None 
}

I like the idea of limiting transitions via a Latch type because it enforces the design as intended

145

nit: extract constant

220–231

looks like the ACLs changed here. why is this part of this PR and not a separate changeset? seems significant enough?

233

nit: extract constants

src/main/scala/mesosphere/marathon/core/election/impl/ElectionServiceMetrics.scala
17

is it possible that startMetrics and stopMetrics could be called concurrently? if so, the atomic boolean guard won't help you avoid a data race. if not, then i'd like to see that assumption documented someplace

src/main/scala/mesosphere/marathon/core/election/impl/PseudoElectionService.scala
45

ditto re: Latch suggestion

86

nit: extract constant

ichernetsky planned changes to this revision.Jul 17 2017, 11:20 PM
ichernetsky marked 6 inline comments as done.
ichernetsky added inline comments.
build.sbt
22

This patch has been in review for 3 months. And I address compiler warning every time I merge in origin/master.

src/main/scala/mesosphere/marathon/MarathonSchedulerActor.scala
442
[warn] /Users/ivanchernestsky/dev/marathon/src/main/scala/mesosphere/marathon/MarathonSchedulerActor.scala:442: [UseIfExpression] Assign the result of the if expression to variable ifres$macro$26 directly.
[warn]     if (knownTaskStatuses.nonEmpty) driver.reconcileTasks(knownTaskStatuses.asJavaCollection)
src/main/scala/mesosphere/marathon/core/election/impl/CuratorElectionService.scala
52

As far as I understand, it was done to let Curator be blocked in a separate thread, not in the one of https://github.com/mesosphere/marathon/blob/master/src/main/scala/mesosphere/marathon/core/async/ExecutionContexts.scala#L50

55

I don't think it'd better to replace those two variables with one Latch (if you meant this) because they used in two different places. It is correct that both of them are one-way (from false to true). If you meant with replacing them with two Latches, I think it is better not to do it at this point (frankly, it is quite late), because it will have to be full re-tested.

220–231

I noticed that the ACLs were incorrect a few days after I started working on the leader election simplification, and at that point I was new to the dev workflow here, and it seemed that I would take just a few more days to land this patch.

src/main/scala/mesosphere/marathon/core/election/impl/ElectionServiceMetrics.scala
17

It is done to avoid calling stopMetrics if startMetrics was not invoked before, or call stopMetrics twice (on both leader abdication and JVM shutdown).

ichernetsky updated this revision to Diff 3802.Jul 17 2017, 11:21 PM
ichernetsky marked an inline comment as done.
  • Address some of @jdef's comments
This revision is now accepted and ready to land.Jul 17 2017, 11:21 PM
jenkins requested changes to this revision.Jul 17 2017, 11:22 PM
This revision now requires changes to proceed.Jul 17 2017, 11:22 PM
ichernetsky updated this revision to Diff 3803.Jul 17 2017, 11:34 PM
  • Wrap ExecutionContent with ContextPropagatingExecutionContextWrapper
jenkins requested changes to this revision.Jul 17 2017, 11:38 PM
This revision now requires changes to proceed.Jul 17 2017, 11:38 PM
jenkins added a comment.Jul 17 2017, 11:38 PM
✗ Build of 3802 failed jenkins-public-marathon-phabricator-522.

Error message:

Stage Compile and Test failed.

(๑′°︿°๑)

jenkins accepted this revision.Jul 17 2017, 11:57 PM
This revision is now accepted and ready to land.Jul 17 2017, 11:57 PM
jenkins added a comment.Jul 17 2017, 11:57 PM
✔ Build of 3803 completed jenkins-public-marathon-phabricator-523.

You can create a DC/OS with your patched Marathon by creating a new pull
request with the following changes in buildinfo.json:

"url": "https://downloads.mesosphere.io/marathon/snapshots/marathon-1.5.0-SNAPSHOT-658-g4cf8c34.tgz",
"sha1": "a7091bc22ae6be5288d66c5954ecf1a085619d32"

\\ ٩( ᐛ )و //

Closed by commit rMARATHON0ebe9270cd0f: Simplify leader election code (authored by ichernetsky). · Explain WhyJul 18 2017, 9:40 AM
This revision was automatically updated to reflect the committed changes.

Revision Contents

PathPackages
Mbuild.sbt (2 lines)
Msrc/main/scala/mesosphere/marathon/MarathonSchedulerActor.scala (3 lines)
Msrc/main/scala/mesosphere/marathon/MarathonSchedulerService.scala (9 lines)
Msrc/main/scala/mesosphere/marathon/api/v2/LeaderResource.scala (4 lines)
AMsrc/main/scala/mesosphere/marathon/core/base/CrashStrategy.scala (17 lines)
Msrc/main/scala/mesosphere/marathon/core/election/ElectionModule.scala (17 lines)
Msrc/main/scala/mesosphere/marathon/core/election/ElectionService.scala (36 lines)
Msrc/main/scala/mesosphere/marathon/core/election/impl/CuratorElectionService.scala (303 lines)
DMsrc/main/scala/mesosphere/marathon/core/election/impl/ElectionServiceBase.scala (243 lines)
AMsrc/main/scala/mesosphere/marathon/core/election/impl/ElectionServiceEventStream.scala (22 lines)
AMsrc/main/scala/mesosphere/marathon/core/election/impl/ElectionServiceMetrics.scala (28 lines)
DMsrc/main/scala/mesosphere/marathon/core/election/impl/ExponentialBackoff.scala (34 lines)
Msrc/main/scala/mesosphere/marathon/core/election/impl/PseudoElectionService.scala (135 lines)
Msrc/test/scala/mesosphere/UnitTest.scala (4 lines)
Msrc/test/scala/mesosphere/marathon/MarathonSchedulerServiceTest.scala (33 lines)
Msrc/test/scala/mesosphere/marathon/api/v2/LeaderResourceTest.scala (5 lines)
DMsrc/test/scala/mesosphere/marathon/core/base/RichRuntimeTest.scala (17 lines)
Msrc/test/scala/mesosphere/marathon/core/election/impl/CuratorElectionServiceTest.scala (20 lines)
DMsrc/test/scala/mesosphere/marathon/core/election/impl/ElectionServiceBaseTest.scala (250 lines)
AMsrc/test/scala/mesosphere/marathon/core/election/impl/PseudoElectionServiceTest.scala (127 lines)
Msrc/test/scala/mesosphere/marathon/core/health/impl/HealthCheckWorkerActorTest.scala (2 lines)
Msrc/test/scala/mesosphere/marathon/integration/LeaderIntegrationTest.scala (2 lines)
Msrc/test/scala/mesosphere/marathon/integration/ResidentTaskIntegrationTest.scala (2 lines)
Msrc/test/scala/mesosphere/marathon/integration/setup/ForwarderService.scala (2 lines)
Msrc/test/scala/mesosphere/marathon/integration/setup/MarathonTest.scala (4 lines)
DMsrc/test/scala/mesosphere/marathon/test/ExitDisabledTest.scala (94 lines)

Diff 3804

View Options

build.sbt

Show All 13 Lines
1414def formattingTestArg(target: File) = Tests.Argument("-u", target.getAbsolutePath, "-eDFG")
1515
1616credentials ++= loadM2Credentials(streams.value.log)
1717resolvers ++= loadM2Resolvers(sLog.value)
1818
1919resolvers += Resolver.sonatypeRepo("snapshots")
2020addCompilerPlugin("org.psywerx.hairyfotr" %% "linter" % "0.1.17")
2121
22cleanFiles <+= baseDirectory { base => base / "sandboxes" }
jdefUnsubmitted
Not Done

seems unrelated to leader election. why is this change here?

ichernetskyAuthorUnsubmitted
Not Done

This patch has been in review for 3 months. And I address compiler warning every time I merge in origin/master.

22cleanFiles += baseDirectory { base => base / "sandboxes" }.value
2323
2424lazy val formatSettings = SbtScalariform.scalariformSettings ++ Seq(
2525 ScalariformKeys.preferences := FormattingPreferences()
2626 .setPreference(AlignArguments, false)
2727 .setPreference(AlignParameters, false)
2828 .setPreference(AlignSingleLineCaseStatements, false)
2929 .setPreference(CompactControlReadability, false)
3030 .setPreference(DoubleIndentClassDeclaration, true)
▲ Show 20 LinesShow All 272 LinesShow Last 20 Lines
View Options

src/main/scala/mesosphere/marathon/MarathonSchedulerActor.scala

Show All 14 Lines
1515import mesosphere.marathon.core.instance.Instance.AgentInfo
1616import mesosphere.marathon.core.launchqueue.LaunchQueue
1717import mesosphere.marathon.core.task.Task
1818import mesosphere.marathon.core.task.termination.{ KillReason, KillService }
1919import mesosphere.marathon.core.task.tracker.InstanceTracker
2020import mesosphere.marathon.state.{ PathId, RunSpec }
2121import mesosphere.marathon.storage.repository.{ DeploymentRepository, GroupRepository }
2222import mesosphere.marathon.stream.Implicits._
23import mesosphere.marathon.util._
2423import mesosphere.mesos.Constraints
2524import org.apache.mesos
2625import org.apache.mesos.Protos.{ Status, TaskState }
2726import org.apache.mesos.SchedulerDriver
2827
2928import scala.async.Async.{ async, await }
3029import scala.concurrent.{ ExecutionContext, Future }
3130import scala.util.control.NonFatal
▲ Show 20 LinesShow All 403 Lines▼ Show 20 Line(s)
435434 instances.specInstances(unknownId).foreach { orphanTask =>
436435 logger.info(s"Killing ${orphanTask.instanceId}")
437436 killService.killInstance(orphanTask, KillReason.Orphaned)
438437 }
439438 }
440439
441440 logger.info("Requesting task reconciliation with the Mesos master")
442441 logger.debug(s"Tasks to reconcile: $knownTaskStatuses")
443 if (knownTaskStatuses.nonEmpty) driver.reconcileTasks(knownTaskStatuses.asJavaCollection)
442 if (knownTaskStatuses.nonEmpty) driver.reconcileTasks(knownTaskStatuses.asJavaCollection) // linter:ignore UseIfExpression
jdefUnsubmitted
Not Done

why is this linter rule needed?

ichernetskyAuthorUnsubmitted
Not Done
[warn] /Users/ivanchernestsky/dev/marathon/src/main/scala/mesosphere/marathon/MarathonSchedulerActor.scala:442: [UseIfExpression] Assign the result of the if expression to variable ifres$macro$26 directly.
[warn]     if (knownTaskStatuses.nonEmpty) driver.reconcileTasks(knownTaskStatuses.asJavaCollection)
444443
445444 // in addition to the known statuses send an empty list to get the unknown
446445 driver.reconcileTasks(java.util.Arrays.asList())
447446 }
448447
449448 def reconcileHealthChecks(): Unit = {
450449 groupRepository.root().flatMap { rootGroup =>
451450 healthCheckManager.reconcile(rootGroup.transitiveAppsById.valuesIterator.to[Seq])
▲ Show 20 LinesShow All 105 LinesShow Last 20 Lines
View Options

src/main/scala/mesosphere/marathon/MarathonSchedulerService.scala

11package mesosphere.marathon
22
33import java.util.concurrent.CountDownLatch
44import java.util.{ Timer, TimerTask }
55import javax.inject.{ Inject, Named }
66
77import akka.Done
88import akka.actor.{ ActorRef, ActorSystem }
99import akka.stream.Materializer
1010import akka.util.Timeout
1111import com.google.common.util.concurrent.AbstractExecutionThreadService
1212import mesosphere.marathon.MarathonSchedulerActor._
13import mesosphere.marathon.core.base.toRichRuntime
1413import mesosphere.marathon.core.deployment.{ DeploymentManager, DeploymentPlan, DeploymentStepInfo }
1514import mesosphere.marathon.core.election.{ ElectionCandidate, ElectionService }
1615import mesosphere.marathon.core.group.GroupManager
1716import mesosphere.marathon.core.heartbeat._
1817import mesosphere.marathon.core.instance.Instance
1918import mesosphere.marathon.core.leadership.LeadershipCoordinator
2019import mesosphere.marathon.state.{ AppDefinition, PathId, Timestamp }
2120import mesosphere.marathon.storage.migration.Migration
▲ Show 20 LinesShow All 140 Lines▼ Show 20 Line(s)
162161 }
163162
164163 log.info("Completed run")
165164 }
166165
167166 override def triggerShutdown(): Unit = synchronized {
168167 log.info("Shutdown triggered")
169168
170 electionService.abdicateLeadership(reoffer = false)
169 electionService.abdicateLeadership()
171170 stopDriver()
172171
173172 log.info("Cancelling timer")
174173 timer.cancel()
175174
176175 // The countdown latch blocks run() from exiting. Counting down the latch removes the block.
177176 log.info("Removing the blocking of run()")
178177 isRunningLatch.countDown()
▲ Show 20 LinesShow All 49 Lines▼ Show 20 Line(s)
228227 synchronized {
229228
230229 log.info(s"Driver future completed with result=$result.")
231230 result match {
232231 case Failure(t) => log.error("Exception while running driver", t)
233232 case _ =>
234233 }
235234
236235 // ONLY do this if there's some sort of driver crash: avoid invoking abdication logic if
zen-dogUnsubmitted
Done

I don't think this comment still makes sense since we removed the extra abdication parameters.

ichernetskyAuthorUnsubmitted
Not Done

I think it still makes sense because it is more about leadership abdication, not the method's parameters. It is more about the fact that driver.foreach is used, because it can be set to None in stopDriver() before this line gets to execute. What do you think?

237236 // the driver was stopped via stopDriver. stopDriver only happens when
238237 // 1. we're being terminated (and have already abdicated)
239238 // 2. we've lost leadership (no need to abdicate if we've already lost)
240239 driver.foreach { _ =>
241 // tell leader election that we step back, but want to be re-elected if isRunning is true.
240 electionService.abdicateLeadership()
jasongilanfarrUnsubmitted
Done

Not sure the "step back" comment adds any value, I don't really understand what it means here anyways. Maybe just remove it?

242 electionService.abdicateLeadership(error = result.isFailure, reoffer = isRunningLatch.getCount > 0)
243241 }
244242
245243 driver = None
246244
247245 log.info(s"Call postDriverRuns callbacks on ${prePostDriverCallbacks.mkString(", ")}")
248246 Await.result(Future.sequence(prePostDriverCallbacks.map(_.postDriverTerminates)), config.zkTimeoutDuration)
249247 log.info("Finished postDriverRuns callbacks")
250248 }
Show All 31 Lines
282280 timer = newTimer()
283281 oldTimer.cancel()
284282
285283 driver.foreach { driverInstance =>
286284 mesosHeartbeatActor ! Heartbeat.MessageDeactivate(MesosHeartbeatMonitor.sessionOf(driverInstance))
287285 // Our leadership has been defeated. Thus, stop the driver.
288286 stopDriver()
289287 }
290
291 log.error("Terminating after loss of leadership")
292 Runtime.getRuntime.asyncExit()
293288 }
294289
295290 //End ElectionDelegate interface
296291
297292 private def schedulePeriodicOperations(): Unit = synchronized {
298293 timer.schedule(
299294 new TimerTask {
300295 def run(): Unit = {
Show All 23 Lines
View Options

src/main/scala/mesosphere/marathon/api/v2/LeaderResource.scala

11package mesosphere.marathon
22package api.v2
33
44import javax.servlet.http.HttpServletRequest
55import javax.ws.rs.core.{ Context, Response }
66import javax.ws.rs._
77
88import com.google.inject.Inject
99import mesosphere.chaos.http.HttpConf
10import mesosphere.marathon.MarathonConf
1110import mesosphere.marathon.api.{ AuthResource, MarathonMediaType, RestResource }
1211import mesosphere.marathon.core.election.ElectionService
1312import mesosphere.marathon.plugin.auth._
1413import mesosphere.marathon.storage.repository.RuntimeConfigurationRepository
1514import mesosphere.marathon.raml.RuntimeConfiguration
1615import Validation._
16import akka.actor.ActorSystem
1717import mesosphere.marathon.stream.UriIO
1818
1919@Path("v2/leader")
2020class LeaderResource @Inject() (
21 system: ActorSystem,
2122 electionService: ElectionService,
2223 val config: MarathonConf with HttpConf,
2324 val runtimeConfigRepo: RuntimeConfigurationRepository,
2425 val authenticator: Authenticator,
2526 val authorizer: Authorizer)
2627 extends RestResource with AuthResource {
2728
2829 @GET
Show All 15 Lines
4445 @QueryParam("restore") restoreNullable: String,
4546 @Context req: HttpServletRequest): Response = authenticated(req) { implicit identity =>
4647 withAuthorization(UpdateResource, AuthorizedResource.Leader) {
4748 if (electionService.isLeader) {
4849 assumeValid {
4950 val backup = validateOrThrow(Option(backupNullable))(optional(UriIO.valid))
5051 val restore = validateOrThrow(Option(restoreNullable))(optional(UriIO.valid))
5152 result(runtimeConfigRepo.store(RuntimeConfiguration(backup, restore)))
53
5254 electionService.abdicateLeadership()
5355 ok(jsonObjString("message" -> "Leadership abdicated"))
aquamatthiasUnsubmitted
Done

Please revert.

ichernetskyAuthorUnsubmitted
Not Done

I did it shortly before you pointed to it :)

5456 }
5557 } else {
5658 notFound("There is no leader")
aquamatthiasUnsubmitted
Done

Why sleep?

jasongilanfarrUnsubmitted
Done

if there is a good reason for the sleep, please use _Scheduler_ instead of a blocking Future, but I'm pretty curious why you need the sleep too.

ichernetskyAuthorUnsubmitted
Not Done

Will do.

Without any delay:

$ curl -v -X DELETE localhost:8080/v2/leader
*   Trying ::1...
* TCP_NODELAY set
* Connection failed
* connect to ::1 port 8080 failed: Connection refused
*   Trying 127.0.0.1...
* TCP_NODELAY set
* Connected to localhost (127.0.0.1) port 8080 (#0)
> DELETE /v2/leader HTTP/1.1
> Host: localhost:8080
> User-Agent: curl/7.51.0
> Accept: */*
> 
* Curl_http_done: called premature == 0
* Empty reply from server
* Connection #0 to host localhost left intact
curl: (52) Empty reply from server

With a 5 second delay:

$ curl -v -X DELETE localhost:8080/v2/leader
*   Trying ::1...
* TCP_NODELAY set
* Connection failed
* connect to ::1 port 8080 failed: Connection refused
*   Trying 127.0.0.1...
* TCP_NODELAY set
* Connected to localhost (127.0.0.1) port 8080 (#0)
> DELETE /v2/leader HTTP/1.1
> Host: localhost:8080
> User-Agent: curl/7.51.0
> Accept: */*
> 
< HTTP/1.1 200 OK
< Date: Thu, 27 Apr 2017 18:38:58 GMT
< X-Marathon-Leader: http://localhost:8080
< Cache-Control: no-cache, no-store, must-revalidate
< Pragma: no-cache
< Expires: 0
< Content-Type: application/json; qs=2
< Transfer-Encoding: chunked
< 
* Curl_http_done: called premature == 0
* Connection #0 to host localhost left intact
{"message":"Leadership will be abdicated shortly"}
ichernetskyAuthorUnsubmitted
Not Done

Without any delay:

$ curl -v -X DELETE localhost:8080/v2/leader
*   Trying ::1...
* TCP_NODELAY set
* Connection failed
* connect to ::1 port 8080 failed: Connection refused
*   Trying 127.0.0.1...
* TCP_NODELAY set
* Connected to localhost (127.0.0.1) port 8080 (#0)
> DELETE /v2/leader HTTP/1.1
> Host: localhost:8080
> User-Agent: curl/7.51.0
> Accept: */*
> 
* Curl_http_done: called premature == 0
* Empty reply from server
* Connection #0 to host localhost left intact
curl: (52) Empty reply from server

With a 5 second delay:

$ curl -v -X DELETE localhost:8080/v2/leader
*   Trying ::1...
* TCP_NODELAY set
* Connection failed
* connect to ::1 port 8080 failed: Connection refused
*   Trying 127.0.0.1...
* TCP_NODELAY set
* Connected to localhost (127.0.0.1) port 8080 (#0)
> DELETE /v2/leader HTTP/1.1
> Host: localhost:8080
> User-Agent: curl/7.51.0
> Accept: */*
> 
< HTTP/1.1 200 OK
< Date: Thu, 27 Apr 2017 18:38:58 GMT
< X-Marathon-Leader: http://localhost:8080
< Cache-Control: no-cache, no-store, must-revalidate
< Pragma: no-cache
< Expires: 0
< Content-Type: application/json; qs=2
< Transfer-Encoding: chunked
< 
* Curl_http_done: called premature == 0
* Connection #0 to host localhost left intact
{"message":"Leadership will be abdicated shortly"}
jasongilanfarrUnsubmitted
Done

I totally aknowledge your point and you're correct that it _can_ close prematurely; however this is generally different that _most_ 503s:

The connection was _explicitly closed by the upstream and the host header is set_ => definitely abdicated no?

200 => definitely abdicated.

5xx => probably didn't. Verify with /v2/leader.

Needs to be documented clearly, but I'm strongly in favor of non-asynchronous/scheduled deletion.

Now, if we want to introduce a _short_ delay for the shutdown to increase the probability of a successful 200 response, by all means. It should likely be <500ms.

aquamatthiasUnsubmitted
Done

This call is about abdicating the current leader. Specifically this means:

  • The electionService.isLeader returns false (so no request is served any longer)
  • The LocalLeadershipEvent.StandBy is broadcasted, so all actors stop acting
  • Marathon disconnects from Mesos
  • The curator membership is removed

_After_ the leader is abdicated, the JVM can be exited.

ichernetskyAuthorUnsubmitted
Not Done

Good point. I thought about it too when falling asleep yesterday :) I will add a delay (500ms) after abdication and before shutdown.

ichernetskyAuthorUnsubmitted
Not Done

Yep, I agree. Please refer to @aquamatthias comment and my reply to it.

5759 }
5860 }
5961 }
aquamatthiasUnsubmitted
Done

pass execution context as implicit parameter

ichernetskyAuthorUnsubmitted
Not Done

Done.

6062}
aquamatthiasUnsubmitted
Done

I don't like the fact, that abdication is async. If the call to abdicate returns, the leader should have abdicated. Otherwise it is very hard / impossible for customers of the API to know the state.

jasongilanfarrUnsubmitted
Done

I totally agree here. Once we're no longer leader, return 200 OK and die. If we fail to return the 200 because we already died (I've never seen that happen), the client would get Connection Closed and know that the leader died.

ichernetskyAuthorUnsubmitted
Not Done

I am definitely not super happy about doing it this way, but

  1. If an abdication is done asynchronously, and is scheduled before responding to a user, then there are two possible outcomes:

1.a) A response is sent before Marathon shuts down. In this case a user knows that an abdication has been scheduled and will definitely happen shortly.
1.b) Due to high load or something else, Marathon shuts down before a response is sent to a user, which results into "Connection Closed" on a user's end. Therefore a user has to be retry. This is a very big downside if 1.b keeps happening all the time then a client, if it doesn't verify somehow that a leader has changed, is doomed to kill leaders in a loop.

  1. If an abdication is done synchronously (meaning, no delay), a shutdown is to take place asynchronously anyway. And the options are basically the same:

2.a) A response is sent before Marathon shuts down. In this case a user knows that an abdication has been completed and Marathon is to stop shortly.
2.b) Marathons shuts down before a response is sent to a user, which results into "Connection Closed".

The thing is that the probability of 2.b is larger than the probability of 1.b If "clients get Connection Closed/Reset often" situation is perfectly fine, I am totally willing to change the code accordingly.

View Options

src/main/scala/mesosphere/marathon/core/base/CrashStrategy.scala

  • This file was added.
1package mesosphere.marathon
2package core.base
3
4import akka.Done
5import mesosphere.marathon.core.async.ExecutionContexts
6
7import scala.concurrent.Future
8
9sealed trait CrashStrategy {
10 def crash(): Future[Done]
jdefUnsubmitted
Done

why not a sealed trait here?

11}
12
13case object JvmExitsCrashStrategy extends CrashStrategy {
14 override def crash(): Future[Done] = {
jdefUnsubmitted
Done

case object (if we use sealed trait above)?

15 Runtime.getRuntime.asyncExit()(ExecutionContexts.global)
16 }
17}
View Options

src/main/scala/mesosphere/marathon/core/election/ElectionModule.scala

11package mesosphere.marathon
22package core.election
33
44import akka.actor.ActorSystem
55import akka.event.EventStream
6import mesosphere.marathon.core.base.LifecycleState
7import mesosphere.marathon.core.election.impl.{ CuratorElectionService, ExponentialBackoff, PseudoElectionService }
6import mesosphere.marathon.core.base.{ JvmExitsCrashStrategy, LifecycleState }
7import mesosphere.marathon.core.election.impl.{ CuratorElectionService, PseudoElectionService }
88
99class ElectionModule(
1010 config: MarathonConf,
1111 system: ActorSystem,
1212 eventStream: EventStream,
1313 hostPort: String,
1414 lifecycleState: LifecycleState) {
1515
16 private lazy val backoff = new ExponentialBackoff(name = "offerLeadership")
1716 lazy val service: ElectionService = if (config.highlyAvailable()) {
1817 config.leaderElectionBackend.get match {
1918 case Some("curator") =>
2019 new CuratorElectionService(
2120 config,
21 hostPort,
2222 system,
2323 eventStream,
24 hostPort,
25 backoff,
26 lifecycleState
24 lifecycleState,
25 JvmExitsCrashStrategy
2726 )
2827 case backend: Option[String] =>
2928 throw new IllegalArgumentException(s"Leader election backend $backend not known!")
3029 }
3130 } else {
3231 new PseudoElectionService(
32 hostPort,
3333 system,
3434 eventStream,
35 hostPort,
36 backoff,
37 lifecycleState
35 lifecycleState,
36 JvmExitsCrashStrategy
3837 )
3938 }
4039}
View Options

src/main/scala/mesosphere/marathon/core/election/ElectionService.scala

11package mesosphere.marathon
22package core.election
33
44import akka.actor.ActorRef
55
66/**
77 * ElectionService is implemented by leadership election mechanisms.
8 *
9 * This trait is used in conjunction with [[ElectionCandidate]]. From their point of view,
10 * a leader election works as follow:
11 *
12 * -> ElectionService.offerLeadership(candidate) | - A leader election is triggered.
13 * — Once `candidate` is elected as a leader,
14 * its `startLeadership` is called.
15 *
16 * Please note that upon a call to [[ElectionService.abdicateLeadership]], or
17 * any error in any of method of [[ElectionService]], or a leadership loss,
18 * [[ElectionCandidate.stopLeadership]] is called if [[ElectionCandidate.startLeadership]]
19 * has been called before, and JVM gets shutdown.
20 *
21 * It effectively means that a particular instance of Marathon can be elected at most once during its lifetime.
zen-dogUnsubmitted
Done

This is a good start for a class doc :thumbup: However I would be also interested in the complete chain of events e.g.:

  • -> where do ZK/CuratorService events come in?
  • -> what happens after we're elected? What events are sent through the system?
  • -> what parts of the chain happens synchronously vs. asynchronously and can happen parallel to other events?

I know that "the code is self-explanatory" and "why dont you just read the code" but having full chain of events, concurrency model and guaranties explained goes a long way. Sry if it feels like I'm the pain in the neck :)

ichernetskyAuthorUnsubmitted
Not Done

where do ZK/CuratorService events come in? — I don't get what you mean here.
what happens after we're elected? — it is already documented in both ElectionService and ElectionCandidate.
what events are sent through the system? — done.
what parts of the chain happens synchronously vs. asynchronously and can happen parallel to other events? — All methods are synchronous which should be expected by default because no future is returned and no callback is accepted in any method.

822 */
923trait ElectionService {
1024 /**
1125 * isLeader checks whether this instance is the leader
1226 *
1327 * @return true if this instance is the leader
1428 */
1529 def isLeader: Boolean
1630
1731 /**
1832 * localHostPort return a host:port pair of this running instance that is used for discovery.
1933 *
2034 * @return host:port of this instance.
2135 */
2236 def localHostPort: String
2337
2438 /**
2539 * leaderHostPort return a host:port pair of the leader, if it is elected.
2640 *
2741 * @return Some(host:port) of the leader, or None if no leader exists or is known
2842 */
2943 def leaderHostPort: Option[String]
3044
3145 /**
32 * offerLeadership is called to candidate for leadership. offerLeadership is idem-potent.
46 * offerLeadership is called to candidate for leadership. It must be called by candidate only once.
3347 *
3448 * @param candidate is called back once elected or defeated
3549 */
3650 def offerLeadership(candidate: ElectionCandidate): Unit
3751
3852 /**
39 * abdicateLeadership is called to resign from leadership. If this instance is no leader, this
40 * call does nothing for reoffer=false. It will call offerLeadership for reoffer=true..
41 *
42 * @param error is true if the abdication is due to some error.
43 * @param reoffer is true if leadership should be offered again after abdication
53 * abdicateLeadership is called to resign from leadership. By the time this method returns,
54 * it can be safely assumed the leadership has been abdicated. This method can be called even
55 * if [[offerLeadership]] wasn't called prior to that, and it will result in Marathon stop and JVM shutdown.
4456 */
45 def abdicateLeadership(error: Boolean = false, reoffer: Boolean = false): Unit
57 def abdicateLeadership(): Unit
4658
4759 /**
4860 * Subscribe to leadership change events.
4961 *
50 * The given actorRef will initally get the current state via the appropriate
62 * The given actorRef will initially get the current state via the appropriate
5163 * [[LocalLeadershipEvent]] message and will be informed of changes after that.
64 *
65 * Upon becoming a leader, [[LocalLeadershipEvent.ElectedAsLeader]] is published. Upon leadership loss,
66 * [[LocalLeadershipEvent.Standby]] is sent.
5267 */
5368 def subscribe(self: ActorRef): Unit
54 /** Unsubscribe to any leadership change events to this actor ref. */
69
70 /**
71 * Unsubscribe to any leadership change events for the given [[ActorRef]].
jasongilanfarrUnsubmitted
Done

for the given ActorRef.

72 */
5573 def unsubscribe(self: ActorRef): Unit
5674}
5775
5876/**
5977 * ElectionCandidate is implemented by a leadership election candidate. There is only one
6078 * ElectionCandidate per ElectionService.
6179 */
6280trait ElectionCandidate {
Show All 20 Lines
View Options

src/main/scala/mesosphere/marathon/core/election/impl/CuratorElectionService.scala

11package mesosphere.marathon
22package core.election.impl
33
44import java.util
55import java.util.Collections
6import java.util.concurrent.{ Executors, TimeUnit }
6import java.util.concurrent.atomic.{ AtomicBoolean, AtomicReference }
7import java.util.concurrent.{ ExecutorService, Executors, TimeUnit }
78
89import akka.actor.ActorSystem
910import akka.event.EventStream
1011import com.typesafe.scalalogging.StrictLogging
11import mesosphere.marathon.core.async.ExecutionContexts
12import mesosphere.marathon.core.async.ContextPropagatingExecutionContextWrapper
1213import mesosphere.marathon.core.base._
14import mesosphere.marathon.core.election.{ ElectionCandidate, ElectionService, LocalLeadershipEvent }
1315import org.apache.curator.framework.api.ACLProvider
1416import org.apache.curator.framework.imps.CuratorFrameworkState
1517import org.apache.curator.framework.recipes.leader.{ LeaderLatch, LeaderLatchListener }
16import org.apache.curator.framework.state.{ ConnectionState, ConnectionStateListener }
1718import org.apache.curator.framework.{ AuthInfo, CuratorFramework, CuratorFrameworkFactory }
18import org.apache.curator.{ RetryPolicy, RetrySleeper }
19import org.apache.curator.retry.ExponentialBackoffRetry
1920import org.apache.zookeeper.ZooDefs
2021import org.apache.zookeeper.data.ACL
2122
22import scala.concurrent.{ ExecutionContext, Future }
23import scala.async.Async
24import scala.concurrent.ExecutionContext
25import scala.concurrent.duration._
2326import scala.util.control.NonFatal
2427
2528/**
26 * Handles our election leader election concerns.
29 * This class implements leader election using Curator and (in turn) Zookeeper. It is used
30 * when the high-availability mode is enabled.
2731 *
28 * TODO - This code should be substantially simplified https://github.com/mesosphere/marathon/issues/4908
32 * One can become a leader only. If the leadership is lost due to some reason, it shuts down Marathon.
33 * Marathon gets stopped on leader abdication too.
2934 */
35
3036class CuratorElectionService(
3137 config: MarathonConf,
32 system: ActorSystem,
33 eventStream: EventStream,
3438 hostPort: String,
35 backoff: ExponentialBackoff,
39 system: ActorSystem,
36 lifecycleState: LifecycleState) extends ElectionServiceBase(
37 system, eventStream, backoff, lifecycleState
40 override val eventStream: EventStream,
41 lifecycleState: LifecycleState,
38) with StrictLogging {
42 crashStrategy: CrashStrategy)
43 extends ElectionService with ElectionServiceMetrics with ElectionServiceEventStream with StrictLogging {
3944
40 private val callbackExecutor = Executors.newSingleThreadExecutor()
41 /* We re-use the single thread executor here because code locks (via synchronized) frequently */
42 override protected implicit val executionContext: ExecutionContext = ExecutionContext.fromExecutor(callbackExecutor)
43
44 private lazy val client = provideCuratorClient()
45 private var maybeLatch: Option[LeaderLatch] = None
46
4745 system.registerOnTermination {
48 synchronized {
49 logger.info("Stopping leadership on shutdown.")
50 stopLeadership()
51 client.close()
46 logger.info("Stopping leadership on shutdown")
47 stop(exit = false)
5248 }
53 }
5449
50 private[this] val exitTimeoutOnAbdication: FiniteDuration = 500.milliseconds
51
52 private[this] val threadExecutor: ExecutorService = Executors.newSingleThreadExecutor()
jdefUnsubmitted
Not Done

not that it's related to this change (because this just looks like a rename) but what's the impact of using a separate execution context here, vs. the "global" one that has support for the injected Context stuff Jason wrote?

https://github.com/mesosphere/marathon/blob/master/src/main/scala/mesosphere/marathon/core/async/ExecutionContexts.scala

ichernetskyAuthorUnsubmitted
Not Done

As far as I understand, it was done to let Curator be blocked in a separate thread, not in the one of https://github.com/mesosphere/marathon/blob/master/src/main/scala/mesosphere/marathon/core/async/ExecutionContexts.scala#L50

53 /** We re-use the single thread executor here because some methods of this class might get blocked for a long time. */
54 private[this] implicit val ec: ExecutionContext = ContextPropagatingExecutionContextWrapper(
55 ExecutionContext.fromExecutor(threadExecutor))
jdefUnsubmitted
Not Done

leadershipOffered and acquiringLeadership function more like single-use latches. it might make sense to either (a) document that, or else; (b) wrap with a helper type that only allows a single-use one-way transition:

package mesosphere.marathon;
package core.async;

final class Latch {
  private[this] val counter = new Semaphore(1)
  def acquire: Option[Done] = 
    // use of Option return type forces pattern matches to deal w/ all alternatives, likely highly desirable
    if(counter.tryAcquire()) Some(Done) else None 
}

I like the idea of limiting transitions via a Latch type because it enforces the design as intended

ichernetskyAuthorUnsubmitted
Not Done

I don't think it'd better to replace those two variables with one Latch (if you meant this) because they used in two different places. It is correct that both of them are one-way (from false to true). If you meant with replacing them with two Latches, I think it is better not to do it at this point (frankly, it is quite late), because it will have to be full re-tested.

56
57 private[this] val currentCandidate = new AtomicReference(Option.empty[ElectionCandidate])
58 private[this] val isCurrentlyLeading = new AtomicBoolean(false)
59
60 // These variables are initialized with `false` and can only be set to `true` later.
61 private[this] val leadershipOffered = new AtomicBoolean(false)
62 private[this] val acquiringLeadership = new AtomicBoolean(false)
63
64 private[this] lazy val client = createCuratorClient()
65 private[this] val leaderLatch = new AtomicReference(Option.empty[LeaderLatch])
66
67 override def isLeader: Boolean = isCurrentlyLeading.get
5568 override def localHostPort: String = hostPort
5669
57 override def leaderHostPortImpl: Option[String] = synchronized {
58 if (client.getState() == CuratorFrameworkState.STOPPED) None
70 override def leaderHostPort: Option[String] = leaderHostPortMetric.blocking {
71 if (client.getState == CuratorFrameworkState.STOPPED) None
5972 else {
6073 try {
61 maybeLatch.flatMap { latch =>
74 leaderLatch.get.flatMap { latch =>
6275 val participant = latch.getLeader
6376 if (participant.isLeader) Some(participant.getId) else None
6477 }
6578 } catch {
66 case NonFatal(e) =>
67 logger.error("Error while getting current leader", e)
79 case NonFatal(ex) =>
80 logger.error("Error while getting current leader", ex)
6881 None
6982 }
7083 }
7184 }
7285
73 override def offerLeadershipImpl(): Unit = synchronized {
74 logger.info("Using HA and therefore offering leadership")
75 maybeLatch.foreach { latch =>
76 logger.info("Offering leadership while being candidate")
77 if (client.getState() != CuratorFrameworkState.STOPPED) latch.close()
86 override def offerLeadership(candidate: ElectionCandidate): Unit = {
87 logger.info(s"$candidate offered leadership")
88 if (leadershipOffered.compareAndSet(false, true)) {
89 if (lifecycleState.isRunning) {
90 logger.info("Going to acquire leadership")
91 currentCandidate.set(Some(candidate))
92 Async.async {
93 try {
94 acquireLeadership()
95 } catch {
96 case NonFatal(ex) =>
97 logger.error(s"Fatal error while acquiring leadership for $candidate. Exiting now", ex)
98 stop(exit = true)
7899 }
100 }
101 } else {
102 logger.info("Not accepting the leadership offer since Marathon is shutting down")
103 }
104 } else {
105 logger.error(s"Got another leadership offer from $candidate. Exiting now")
106 stop(exit = true)
107 }
108 }
79109
80 try {
81 val latch = new LeaderLatch(client, config.zooKeeperLeaderPath + "-curator", hostPort, LeaderLatch.CloseMode.NOTIFY_LEADER)
82 latch.addListener(LeaderChangeListener, callbackExecutor)
110 private def acquireLeadership(): Unit = {
111 if (acquiringLeadership.compareAndSet(false, true)) {
112 require(leaderLatch.get.isEmpty, "leaderLatch is not empty")
113
114 startCuratorClient()
115 val latch = new LeaderLatch(
116 client, config.zooKeeperLeaderPath + "-curator", hostPort)
117 latch.addListener(LeaderChangeListener, threadExecutor)
83118 latch.start()
84 maybeLatch = Some(latch)
119 leaderLatch.set(Some(latch))
120 } else {
121 logger.error("Acquiring leadership in parallel to someone else. Exiting now")
122 stop(exit = true)
123 }
124 }
125
126 private def leadershipAcquired(): Unit = {
127 currentCandidate.get match {
128 case Some(_) =>
129 try {
130 startLeadership()
131 isCurrentlyLeading.set(true)
85132 } catch {
86 case NonFatal(e) =>
87 logger.error(s"ZooKeeper initialization failed - Committing suicide: ${e.getMessage}")
88 Runtime.getRuntime.asyncExit()(ExecutionContexts.global)
133 case NonFatal(ex) =>
134 logger.error(s"Fatal error while starting leadership of $currentCandidate. Exiting now", ex)
135 stop(exit = true)
89136 }
137 case _ =>
138 logger.error("Leadership is already acquired. Exiting now")
139 stop(exit = true)
90140 }
141 }
91142
92 /**
93 * Listener which forwards leadership status events asynchronously via the provided function.
94 *
143 override def abdicateLeadership(): Unit = {
144 logger.info("Abdicating leadership")
145 stop(exit = true, exitTimeout = exitTimeoutOnAbdication)
jdefUnsubmitted
Done

nit: extract constant

95 * We delegate the methods asynchronously so they are processed outside of the synchronized lock for LeaderLatch.setLeadership
96 */
97 private object LeaderChangeListener extends LeaderLatchListener {
98 override def notLeader(): Unit = Future {
99 logger.info(s"Leader defeated. New leader: ${leaderHostPort.getOrElse("-")}")
100 stopLeadership()
101146 }
102147
103 override def isLeader(): Unit = Future {
104 logger.info("Leader elected")
105 startLeadership(onAbdicate(_))
148 private def stop(exit: Boolean, exitTimeout: FiniteDuration = 0.milliseconds): Unit = {
149 logger.info("Stopping the election service")
150 isCurrentlyLeading.set(false)
151 try {
152 stopLeadership()
153 } catch {
154 case NonFatal(ex) =>
155 logger.error("Fatal error while stopping", ex)
156 } finally {
157 currentCandidate.set(None)
158 if (exit) {
159 logger.info("Terminating due to leadership abdication or failure")
160 system.scheduler.scheduleOnce(exitTimeout) {
161 crashStrategy.crash()
106162 }
107163 }
108
109 /**
110 * Listens to connection changes and stops leadership when the connection to ZooKeeper is lost.
111 *
112 * The is the suggested behaviour in the [[http://curator.apache.org/curator-recipes/leader-latch.html LeaderLatch documentation]].
113 *
114 */
115 private object ConnectionLostListener extends ConnectionStateListener {
116 override def stateChanged(client: CuratorFramework, newState: ConnectionState): Unit = {
117 if (!newState.isConnected) {
118 onConnectionLoss()
119164 }
120165 }
166
167 private def startLeadership(): Unit = {
168 currentCandidate.get.foreach(startCandidateLeadership)
169 startMetrics()
121170 }
122171
123 private[this] def onConnectionLoss() = synchronized {
124 logger.info("Lost connection to ZooKeeper as leader — Committing suicide")
125 stopLeadership()
126 client.close()
127 Runtime.getRuntime.asyncExit()(ExecutionContexts.global)
172 private def stopLeadership(): Unit = {
173 leaderLatch.get.foreach { latch =>
174 try {
175 if (latch.getState == LeaderLatch.State.STARTED)
176 latch.close()
177 } catch {
178 case NonFatal(ex) =>
179 logger.error("Could not close the leader latch", ex)
128180 }
181 }
182 leaderLatch.set(None)
129183
130 private[this] def onAbdicate(error: Boolean): Unit = synchronized {
131 maybeLatch match {
132 case None => logger.error(s"Abdicating leadership while not being leader (error: $error)")
133 case Some(latch) =>
134 maybeLatch = None
184 if (client.getState == CuratorFrameworkState.STARTED) {
135185 try {
136 if (client.getState() != CuratorFrameworkState.STOPPED) latch.close()
186 client.close()
137187 } catch {
138 case NonFatal(e) => logger.error("Could not close leader latch", e)
188 case NonFatal(ex) =>
189 logger.error("Could not close the curator client", ex)
139190 }
140191 }
141 // stopLeadership() is called by the leader Listener in notLeader
192
193 stopMetrics()
194 currentCandidate.get.foreach(stopCandidateLeadership)
142195 }
143196
144 def provideCuratorClient(): CuratorFramework = {
197 private[this] val candidateLeadershipStarted = new AtomicBoolean(false)
198 private def startCandidateLeadership(candidate: ElectionCandidate): Unit = {
199 if (candidateLeadershipStarted.compareAndSet(false, true)) {
200 logger.info(s"Starting $candidate's leadership")
201 candidate.startLeadership()
202 logger.info(s"Started $candidate's leadership")
203 eventStream.publish(LocalLeadershipEvent.ElectedAsLeader)
204 }
205 }
206
207 private def stopCandidateLeadership(candidate: ElectionCandidate): Unit = {
208 if (candidateLeadershipStarted.compareAndSet(true, false)) {
209 logger.info(s"Stopping $candidate's leadership")
210 candidate.stopLeadership()
211 logger.info(s"Stopped $candidate's leadership")
212 eventStream.publish(LocalLeadershipEvent.Standby)
213 }
214 }
215
216 private def createCuratorClient(): CuratorFramework = {
145217 logger.info(s"Will do leader election through ${config.zkHosts}")
146218
147219 // let the world read the leadership information as some setups depend on that to find Marathon
148 val acl = new util.ArrayList[ACL]()
149 acl.addAll(config.zkDefaultCreationACL)
150 acl.addAll(ZooDefs.Ids.READ_ACL_UNSAFE)
220 val defaultAcl = new util.ArrayList[ACL]()
221 defaultAcl.addAll(config.zkDefaultCreationACL)
222 defaultAcl.addAll(ZooDefs.Ids.READ_ACL_UNSAFE)
151223
224 val aclProvider = new ACLProvider {
225 override def getDefaultAcl: util.List[ACL] = defaultAcl
226 override def getAclForPath(path: String): util.List[ACL] = defaultAcl
227 }
228
229 val retryBaseSleepTime = 1.second.toMillis.toInt
230 val maxRetries = 10
231 val retryPolicy = new ExponentialBackoffRetry(retryBaseSleepTime, maxRetries)
jdefUnsubmitted
Not Done

looks like the ACLs changed here. why is this part of this PR and not a separate changeset? seems significant enough?

ichernetskyAuthorUnsubmitted
Not Done

I noticed that the ACLs were incorrect a few days after I started working on the leader election simplification, and at that point I was new to the dev workflow here, and it seemed that I would take just a few more days to land this patch.

232
152233 val builder = CuratorFrameworkFactory.builder().
jdefUnsubmitted
Done

nit: extract constants

153234 connectString(config.zkHosts).
154235 sessionTimeoutMs(config.zooKeeperSessionTimeout().toInt).
155236 connectionTimeoutMs(config.zooKeeperConnectionTimeout().toInt).
156 aclProvider(new ACLProvider {
157 val rootAcl = {
237 aclProvider(aclProvider).
238 retryPolicy(retryPolicy)
158 val acls = new util.ArrayList[ACL]()
159 acls.addAll(acls)
160 acls.addAll(ZooDefs.Ids.OPEN_ACL_UNSAFE)
161 acls
162 }
163239
164 override def getDefaultAcl: util.List[ACL] = acl
165
166 override def getAclForPath(path: String): util.List[ACL] = if (path != config.zkPath) {
167 acl
168 } else {
169 rootAcl
170 }
171 }).
172 retryPolicy(new RetryPolicy {
173 override def allowRetry(retryCount: Int, elapsedTimeMs: Long, sleeper: RetrySleeper): Boolean = {
174 logger.error("ZooKeeper access failed — Committing suicide to avoid invalidating ZooKeeper state")
175 Runtime.getRuntime.asyncExit()(ExecutionContexts.global)
176 false
177 }
178 })
179
180240 // optionally authenticate
181241 val client = (config.zkUsername, config.zkPassword) match {
182242 case (Some(user), Some(pass)) =>
183243 builder.authorization(Collections.singletonList(
184 new AuthInfo("digest", (user + ":" + pass).getBytes("UTF-8"))
185 )).build()
244 new AuthInfo("digest", (user + ":" + pass).getBytes("UTF-8"))))
245 .build()
186246 case _ =>
187247 builder.build()
188248 }
189249
190 client.getConnectionStateListenable().addListener(ConnectionLostListener)
250 client
251 }
191252
253 private def startCuratorClient(): Unit = {
192254 client.start()
193255 client.blockUntilConnected(config.zkTimeoutDuration.toMillis.toInt, TimeUnit.MILLISECONDS)
194 client
256 }
257
258 /**
259 * Listener which forwards leadership status events asynchronously via the provided function.
260 *
261 * We delegate the methods asynchronously so they are processed outside of the synchronized lock
262 * for LeaderLatch.setLeadership
263 */
264 private object LeaderChangeListener extends LeaderLatchListener {
265 override def notLeader(): Unit = Async.async {
266 logger.info(s"Leader defeated. New leader: ${leaderHostPort.getOrElse("-")}")
267 stop(exit = true)
268 }
269
270 override def isLeader(): Unit = Async.async {
271 logger.info("Leader elected")
272 leadershipAcquired()
273 }
195274 }
196275}
View Options

src/main/scala/mesosphere/marathon/core/election/impl/ElectionServiceBase.scala

  • This file was deleted.
This file was completely deleted. Show File Contents
View Options

src/main/scala/mesosphere/marathon/core/election/impl/ElectionServiceEventStream.scala

  • This file was added.
1package mesosphere.marathon
2package core.election.impl
3
4import akka.actor.ActorRef
5import akka.event.EventStream
6import mesosphere.marathon.core.election.LocalLeadershipEvent
7
8private[impl] trait ElectionServiceEventStream {
9 protected val eventStream: EventStream
10
11 def isLeader: Boolean
12
13 def subscribe(subscriber: ActorRef): Unit = {
14 eventStream.subscribe(subscriber, classOf[LocalLeadershipEvent])
15 val currentState = if (isLeader) LocalLeadershipEvent.ElectedAsLeader else LocalLeadershipEvent.Standby
16 subscriber ! currentState
17 }
18
19 def unsubscribe(subscriber: ActorRef): Unit = {
20 eventStream.unsubscribe(subscriber, classOf[LocalLeadershipEvent])
21 }
22}
View Options

src/main/scala/mesosphere/marathon/core/election/impl/ElectionServiceMetrics.scala

  • This file was added.
1package mesosphere.marathon
2package core.election.impl
3
4import java.util.concurrent.atomic.AtomicBoolean
5
6import kamon.Kamon
7import kamon.metric.instrument.Time
8import mesosphere.marathon.metrics.{ Metrics, ServiceMetric, Timer }
9
10private[impl] trait ElectionServiceMetrics {
11 private[this] val leaderDurationMetric = "service.mesosphere.marathon.leaderDuration"
12 protected val leaderHostPortMetric: Timer = Metrics.timer(ServiceMetric, getClass, "current-leader-host-port")
13
14 // [[areMetricsStarted]] is used to avoid calling [[stopMetrics]] if [[startMetrics]] was not invoked before,
15 // or call [[stopMetrics]] twice (on both leader abdication and JVM shutdown).
16 private[this] val areMetricsStarted = new AtomicBoolean(false)
17
jdefUnsubmitted
Done

is it possible that startMetrics and stopMetrics could be called concurrently? if so, the atomic boolean guard won't help you avoid a data race. if not, then i'd like to see that assumption documented someplace

ichernetskyAuthorUnsubmitted
Not Done

It is done to avoid calling stopMetrics if startMetrics was not invoked before, or call stopMetrics twice (on both leader abdication and JVM shutdown).

18 protected def startMetrics(): Unit =
19 if (areMetricsStarted.compareAndSet(false, true)) {
20 val startedAt = System.currentTimeMillis()
21 Kamon.metrics.gauge(leaderDurationMetric, Time.Milliseconds)(System.currentTimeMillis() - startedAt)
22 }
23
24 protected def stopMetrics(): Unit =
25 if (areMetricsStarted.compareAndSet(true, false)) {
26 Kamon.metrics.removeGauge(leaderDurationMetric)
27 }
28}
View Options

src/main/scala/mesosphere/marathon/core/election/impl/ExponentialBackoff.scala

  • This file was deleted.
This file was completely deleted. Show File Contents
View Options

src/main/scala/mesosphere/marathon/core/election/impl/PseudoElectionService.scala

11package mesosphere.marathon
22package core.election.impl
33
4import java.util.concurrent.atomic.{ AtomicBoolean, AtomicReference }
5import java.util.concurrent.{ ExecutorService, Executors }
6
47import akka.actor.ActorSystem
58import akka.event.EventStream
6import mesosphere.marathon.core.base.LifecycleState
7import org.slf4j.LoggerFactory
9import com.typesafe.scalalogging.StrictLogging
10import mesosphere.marathon.core.async.ContextPropagatingExecutionContextWrapper
11import mesosphere.marathon.core.base._
12import mesosphere.marathon.core.election.{ ElectionCandidate, ElectionService, LocalLeadershipEvent }
813
14import scala.async.Async
15import scala.concurrent.ExecutionContext
16import scala.concurrent.duration._
17import scala.util.control.NonFatal
18
19/**
20 * This is a somewhat dummy implementation of [[ElectionService]]. It is used
21 * when the high-availability mode is disabled.
22 *
23 * It stops Marathon when leadership is abdicated.
24 */
925class PseudoElectionService(
10 system: ActorSystem,
11 eventStream: EventStream,
1226 hostPort: String,
jeschkiesUnsubmitted
Not Done

Hm, it seems this class shares a lot of logic with CuratorElectionService. How are they different? Is there a way to share some logic?

ichernetskyAuthorUnsubmitted
Not Done

I see a vicious circle right there. I feel like I can write a book about trade-offs when implementing leader election which relies on an external service like ZooKeeper. :)

This is exactly what I was asked for from the very beginning: get rid of ElectionServiceBase. My first step was to simplify things, and reduce the number of states and their transitions in ElectionServiceBase, which lead to to renaming of it to ElectionServiceFSM because it started to look like a real FSM. It wasn't enough, and it led to this further simplification at the expense of having this duplicated code. It seems we are headed towards Akka Streams. This code duplication won't be there anymore after another round of refactoring of this code. On the other hand, if one imagines a two-level inheritance tree with one parent and multiple children as a horizontal thing as a apposed to a vertical thing, where the parent make calls into children and vice versa, it can be seen very well as a message-passing with compile-time checks of it.

Long story short, it is what it is. The decision was made, it is too late to change it drastically at this point. Though I do see that

  1. CuratorElectionService is harder to test now, because previously most of it was tested by testing ElectionServiceBase
  2. There is code duplication.

we should keep this intermediate approach, move on, and have it refactored to make it leverage Akka Streams later, after 1.10 release.

13 backoff: ExponentialBackoff,
14 lifecycleState: LifecycleState) extends ElectionServiceBase(
15 system, eventStream, backoff, lifecycleState
16) {
27 system: ActorSystem,
28 override val eventStream: EventStream,
29 lifecycleState: LifecycleState,
30 crashStrategy: CrashStrategy)
17 private val log = LoggerFactory.getLogger(getClass.getName)
31 extends ElectionService with ElectionServiceMetrics with ElectionServiceEventStream with StrictLogging {
1832
33 system.registerOnTermination {
34 logger.info("Stopping leadership on shutdown")
35 stop(exit = false)
36 }
37
38 private[this] val exitTimeoutOnAbdication: FiniteDuration = 500.milliseconds
39
40 private val threadExecutor: ExecutorService = Executors.newSingleThreadExecutor()
41 /** We re-use the single thread executor here because some methods of this class might get blocked for a long time. */
42 private implicit val ec: ExecutionContext = ContextPropagatingExecutionContextWrapper(
43 ExecutionContext.fromExecutor(threadExecutor))
44
45 /* it is made `private[impl]` because it has to be accessible from inside the corresponding unit-tests. */
jdefUnsubmitted
Not Done

ditto re: Latch suggestion

46 private[impl] val currentCandidate = new AtomicReference(Option.empty[ElectionCandidate])
47 private[this] val isCurrentlyLeading = new AtomicBoolean(false)
48
49 // This variable is initialized with `false` and can only be set to `true` later.
50 private[this] val leadershipOffered = new AtomicBoolean(false)
51
52 override def isLeader: Boolean = isCurrentlyLeading.get
1953 override def localHostPort: String = hostPort
2054
21 override def leaderHostPortImpl: Option[String] = if (isLeader) Some(hostPort) else None
55 override def leaderHostPort: Option[String] = leaderHostPortMetric.blocking {
56 if (isLeader) Some(hostPort) else None
57 }
2258
23 override def offerLeadershipImpl(): Unit = synchronized {
24 log.info("Not using HA and therefore electing as leader by default")
25 startLeadership(_ => stopLeadership())
59 override def offerLeadership(candidate: ElectionCandidate): Unit = {
60 logger.info(s"$candidate offered leadership")
61 if (leadershipOffered.compareAndSet(false, true)) {
62 if (lifecycleState.isRunning) {
63 logger.info("Going to acquire leadership")
64 currentCandidate.set(Some(candidate))
65 Async.async {
66 try {
67 startLeadership()
68 isCurrentlyLeading.set(true)
69 } catch {
70 case NonFatal(ex) =>
71 logger.error(s"Fatal error while acquiring leadership for $candidate. Exiting now", ex)
72 stop(exit = true)
73 }
74 }
75 } else {
76 logger.info("Not accepting the leadership offer since Marathon is shutting down")
77 }
78 } else {
79 logger.error(s"Got another leadership offer from $candidate. Exiting now")
80 stop(exit = true)
81 }
82 }
83
84 override def abdicateLeadership(): Unit = {
85 logger.info("Abdicating leadership")
86 stop(exit = true, exitTimeout = exitTimeoutOnAbdication)
jdefUnsubmitted
Done

nit: extract constant

87 }
88
89 private def stop(exit: Boolean, exitTimeout: FiniteDuration = 0.milliseconds): Unit = {
90 logger.info("Stopping the election service")
91 isCurrentlyLeading.set(false)
92 try {
93 stopLeadership()
94 } catch {
95 case NonFatal(ex) =>
96 logger.error("Fatal error while stopping", ex)
97 } finally {
98 currentCandidate.set(None)
99 if (exit) {
100 logger.info("Terminating due to leadership abdication or failure")
101 system.scheduler.scheduleOnce(exitTimeout) {
102 crashStrategy.crash()
103 }
104 }
105 }
106 }
107
108 private def startLeadership(): Unit = {
109 currentCandidate.get.foreach(startCandidateLeadership)
110 startMetrics()
111 }
112
113 private def stopLeadership(): Unit = {
114 stopMetrics()
115 currentCandidate.get.foreach(stopCandidateLeadership)
116 }
117
118 private[this] val candidateLeadershipStarted = new AtomicBoolean(false)
119 private def startCandidateLeadership(candidate: ElectionCandidate): Unit = {
120 if (candidateLeadershipStarted.compareAndSet(false, true)) {
121 logger.info(s"Starting $candidate's leadership")
122 candidate.startLeadership()
123 logger.info(s"Started $candidate's leadership")
124 eventStream.publish(LocalLeadershipEvent.ElectedAsLeader)
125 }
126 }
127
128 private def stopCandidateLeadership(candidate: ElectionCandidate): Unit = {
129 if (candidateLeadershipStarted.compareAndSet(true, false)) {
130 logger.info(s"Stopping $candidate's leadership")
131 candidate.stopLeadership()
aquamatthiasUnsubmitted
Not Done

acquireLeadership gives Unit - no handle to the Future that is started here.

ichernetskyAuthorUnsubmitted
Not Done

I am not sure why it should give something else. Its job is to start "run for leader" step. It has to be done asynchronously, because offerLeadership (which in turn calls acquireLeadership) is called from within MarathonSchedulerService.run which shouldn't do any blocking operation which cannot be immediately interrupted, according to the docs of Guava.

aquamatthiasUnsubmitted
Not Done

The caller of this method should have a chance to react once this future finishes or an exception is thrown inside this future.

132 logger.info(s"Stopped $candidate's leadership")
133 eventStream.publish(LocalLeadershipEvent.Standby)
134 }
26135 }
27136}
View Options

src/test/scala/mesosphere/UnitTest.scala

11package mesosphere
22
33import java.util.concurrent.{ LinkedBlockingDeque, TimeUnit }
44
55import akka.actor.{ ActorSystem, Scheduler }
66import akka.stream.{ ActorMaterializer, Materializer }
77import akka.testkit.{ TestActor, TestActorRef, TestKitBase }
88import akka.util.Timeout
99import com.typesafe.config.{ Config, ConfigFactory }
1010import com.typesafe.scalalogging.StrictLogging
1111import com.wix.accord.{ Failure, Result, Success }
1212import kamon.Kamon
1313import mesosphere.marathon.Normalization
1414import mesosphere.marathon.ValidationFailedException
1515import mesosphere.marathon.api.v2.Validation
16import mesosphere.marathon.test.{ ExitDisabledTest, Mockito }
16import mesosphere.marathon.test.Mockito
1717import org.scalatest.matchers.{ BeMatcher, MatchResult, Matcher }
1818import org.scalatest._
1919import org.scalatest.concurrent.{ JavaFutures, ScalaFutures, TimeLimitedTests }
2020import org.scalatest.time.{ Minute, Minutes, Seconds, Span }
2121import mesosphere.marathon.api.v2.ValidationHelper
2222import mesosphere.marathon.integration.setup.RestResult
2323
2424import scala.concurrent.ExecutionContextExecutor
▲ Show 20 LinesShow All 65 Lines▼ Show 20 Line(s)
9090 with Matchers
9191 with BeforeAndAfter
9292 with BeforeAndAfterEach
9393 with OptionValues
9494 with TryValues
9595 with AppendedClues
9696 with StrictLogging
9797 with Mockito
98 with ExitDisabledTest
98 with BeforeAndAfterAll
9999 with TimeLimitedTests {
100100
101101 override val timeLimit = Span(1, Minute)
102102
103103 override def beforeAll(): Unit = {
104104 Kamon.start()
105105 super.beforeAll()
106106 }
▲ Show 20 LinesShow All 68 LinesShow Last 20 Lines
View Options

src/test/scala/mesosphere/marathon/MarathonSchedulerServiceTest.scala

11package mesosphere.marathon
22
33import java.util.{ Timer, TimerTask }
44
55import akka.Done
66import akka.actor.ActorRef
77import akka.testkit.TestProbe
88import mesosphere.AkkaUnitTest
99import mesosphere.chaos.http.HttpConf
1010import mesosphere.marathon.Protos.StorageVersion
11import mesosphere.marathon.core.base.RichRuntime
1211import mesosphere.marathon.core.deployment.DeploymentManager
1312import mesosphere.marathon.core.election.ElectionService
1413import mesosphere.marathon.core.group.GroupManager
1514import mesosphere.marathon.core.health.HealthCheckManager
1615import mesosphere.marathon.core.heartbeat._
1716import mesosphere.marathon.core.leadership.LeadershipCoordinator
1817import mesosphere.marathon.core.task.tracker.InstanceTracker
1918import mesosphere.marathon.storage.migration.Migration
▲ Show 20 LinesShow All 111 Lines▼ Show 20 Line(s)
131130 schedulerService.stopLeadership()
132131
133132 verify(mockTimer).cancel()
134133 assert(schedulerService.timer != mockTimer, "Timer should be replaced after leadership defeat")
135134 val hmsg = heartbeatProbe.expectMsgType[Heartbeat.Message]
136135 assert(Heartbeat.MessageDeactivate(MesosHeartbeatMonitor.sessionOf(driver)) == hmsg)
137136 }
138137
139 "Exit on loss of leadership" in new Fixture {
140
141 val schedulerService = new MarathonSchedulerService(
142 leadershipCoordinator,
143 config,
144 electionService,
145 prePostDriverCallbacks,
146 groupManager,
147 driverFactory(mock[SchedulerDriver]),
148 system,
149 migration,
150 deploymentManager,
151 schedulerActor,
152 heartbeatActor) {
153 override def newTimer() = mockTimer
154 }
155
156 schedulerService.timer = mockTimer
157
158 when(leadershipCoordinator.prepareForStart()).thenReturn(Future.successful(()))
159
160 schedulerService.startLeadership()
161
162 schedulerService.stopLeadership()
163
164 exitCalled(RichRuntime.FatalErrorSignal).futureValue should be(true)
165 }
166
167138 "throw in start leadership when migration fails" in new Fixture {
168139
169140 val schedulerService = new MarathonSchedulerService(
170141 leadershipCoordinator,
171142 config,
172143 electionService,
173144 prePostDriverCallbacks,
174145 groupManager,
▲ Show 20 LinesShow All 68 Lines▼ Show 20 Line(s)
243214 schedulerService.timer = mockTimer
244215
245216 when(leadershipCoordinator.prepareForStart()).thenReturn(Future.successful(()))
246217 when(driverFactory.createDriver()).thenReturn(driver)
247218
248219 when(driver.run()).thenThrow(new RuntimeException("driver failure"))
249220
250221 schedulerService.startLeadership()
251 verify(electionService, Mockito.timeout(1000)).abdicateLeadership(error = true, reoffer = true)
222 verify(electionService, Mockito.timeout(1000)).abdicateLeadership()
252223 }
253224
254225 "Pre/post driver callbacks are called" in new Fixture {
255226 val cb = mock[PrePostDriverCallback]
256227 Mockito.when(cb.postDriverTerminates).thenReturn(Future(()))
257228 Mockito.when(cb.preDriverStarts).thenReturn(Future(()))
258229
259230 val driver = mock[SchedulerDriver]
Show All 32 Lines
292263 awaitAssert(startOrder.verify(cb).preDriverStarts)
293264 awaitAssert(startOrder.verify(driver).run())
294265
295266 schedulerService.stopLeadership()
296267 awaitAssert(verify(driver).stop(true))
297268
298269 driverCompleted.countDown()
299270 awaitAssert(verify(cb).postDriverTerminates)
300
301 exitCalled(RichRuntime.FatalErrorSignal).futureValue should be(true)
302271 }
303272 }
304273}
View Options

src/test/scala/mesosphere/marathon/api/v2/LeaderResourceTest.scala

11package mesosphere.marathon
22package api.v2
33
4import akka.actor.ActorSystem
45import mesosphere.UnitTest
56import mesosphere.marathon.api.TestAuthFixture
67import mesosphere.marathon.core.election.ElectionService
78import mesosphere.marathon.storage.repository.RuntimeConfigurationRepository
89
910class LeaderResourceTest extends UnitTest {
1011
1112 "LeaderResource" should {
Show All 27 Lines
3940 index.getStatus should be(f.auth.UnauthorizedStatus)
4041
4142 When("we try to delete the current leader")
4243 val delete = resource.delete(null, null, f.auth.request)
4344 Then("we receive a Unauthorized response")
4445 delete.getStatus should be(f.auth.UnauthorizedStatus)
4546 }
4647 }
48
4749 class Fixture {
50 val system = mock[ActorSystem]
4851 val schedulerService = mock[MarathonSchedulerService]
4952 val electionService = mock[ElectionService]
5053 val runtimeRepo = mock[RuntimeConfigurationRepository]
5154 val auth = new TestAuthFixture
5255 val config = AllConf.withTestConfig()
53 def leaderResource() = new LeaderResource(electionService, config, runtimeRepo, auth.auth, auth.auth)
56 def leaderResource() = new LeaderResource(system, electionService, config, runtimeRepo, auth.auth, auth.auth)
5457 }
5558}
5659
View Options

src/test/scala/mesosphere/marathon/core/base/RichRuntimeTest.scala

  • This file was deleted.
This file was completely deleted. Show File Contents
View Options

src/test/scala/mesosphere/marathon/core/election/impl/CuratorElectionServiceTest.scala

11package mesosphere.marathon
22package core.election.impl
33
44import akka.event.EventStream
55import mesosphere.AkkaUnitTest
6import mesosphere.marathon.MarathonConf
7import mesosphere.marathon.core.base.{ RichRuntime, LifecycleState }
8import mesosphere.marathon.test.{ ExitDisabledTest, Mockito }
6import mesosphere.marathon.core.base.{ CrashStrategy, LifecycleState }
7import mesosphere.marathon.core.election.ElectionCandidate
98import mesosphere.marathon.util.ScallopStub
9import org.scalatest.concurrent.Eventually
10
1011import scala.concurrent.duration._
1112
12class CuratorElectionServiceTest extends AkkaUnitTest with Mockito with ExitDisabledTest {
13
13class CuratorElectionServiceTest extends AkkaUnitTest with Eventually {
1414 "The CuratorElectionService" when {
1515
1616 val conf: MarathonConf = mock[MarathonConf]
1717 val eventStream: EventStream = mock[EventStream]
1818 val hostPort = "80"
19 val backoff: ExponentialBackoff = new ExponentialBackoff(0.01.seconds, 0.1.seconds)
2019
21 val service = new CuratorElectionService(conf, system, eventStream, hostPort, backoff, LifecycleState.Ignore)
20 val crashStrategy = mock[CrashStrategy]
21 val service = new CuratorElectionService(conf, hostPort, system, eventStream, LifecycleState.Ignore, crashStrategy)
2222
2323 "given an unresolvable hostname" should {
2424
2525 conf.zkHosts returns "unresolvable:8080"
2626 conf.zooKeeperSessionTimeout returns ScallopStub(Some(10))
2727 conf.zooKeeperConnectionTimeout returns ScallopStub(Some(10))
2828 conf.zooKeeperTimeout returns ScallopStub(Some(10))
2929 conf.zkPath returns "/marathon"
3030 conf.zkSessionTimeoutDuration returns 10000.milliseconds
3131 conf.zkConnectionTimeoutDuration returns 10000.milliseconds
3232 conf.zkTimeoutDuration returns 250.milliseconds
3333
3434 "shut Marathon down on a NonFatal" in {
35 service.offerLeadershipImpl()
36
37 exitCalled(RichRuntime.FatalErrorSignal).futureValue should be(true)
35 val candidate = mock[ElectionCandidate]
36 service.offerLeadership(candidate)
37 eventually { verify(crashStrategy).crash() }
3838 }
3939 }
4040 }
4141}
View Options

src/test/scala/mesosphere/marathon/core/election/impl/ElectionServiceBaseTest.scala

  • This file was deleted.
This file was completely deleted. Show File Contents
View Options

src/test/scala/mesosphere/marathon/core/election/impl/PseudoElectionServiceTest.scala

  • This file was added.
1
2package mesosphere.marathon
3package core.election.impl
4
5import akka.event.EventStream
6import mesosphere.AkkaUnitTest
7import mesosphere.chaos.http.HttpConf
8import mesosphere.marathon.core.base.{ CrashStrategy, LifecycleState }
9import mesosphere.marathon.core.election.{ ElectionCandidate, ElectionService, LocalLeadershipEvent }
10import org.mockito.Mockito
11import org.mockito.invocation.InvocationOnMock
12import org.mockito.stubbing.Answer
13import org.scalatest.concurrent.Eventually
14import org.scalatest.time.{ Seconds, Span }
15
16class PseudoElectionServiceTest extends AkkaUnitTest with Eventually {
17 override implicit lazy val patienceConfig: PatienceConfig = PatienceConfig(timeout = Span(10, Seconds))
18
19 class Fixture {
20 val hostPort: String = "unresolvable:2181"
21 val httpConfig: HttpConf = mock[HttpConf]
22 val electionService: ElectionService = mock[ElectionService]
23 val events: EventStream = new EventStream(system)
24 val candidate: ElectionCandidate = mock[ElectionCandidate]
25 val lifecycle: LifecycleState = LifecycleState.Ignore
26 val crashStrategy: CrashStrategy = mock[CrashStrategy]
27 }
28
29 "PseudoElectionService" should {
30 "leader is not set initially" in {
31 val f = new Fixture
32 val electionService = new PseudoElectionService(f.hostPort, system, f.events, f.lifecycle, f.crashStrategy)
33
jeschkiesUnsubmitted
Not Done

It seems we are not testing CuratorElectionService. Is this impression correct?

ichernetskyAuthorUnsubmitted
Not Done

It is correct. Please refer to my comment to your first one. Most of it was tested using ElectionServiceBase/FSM before, but since most of the code is not shared between CuratorElectionService and PseudoElectionService, it is gone. Now testing of it would require running ZK, which looks more like SI testing at least.

34 electionService.currentCandidate.get should be(None)
35 }
36
37 "leader is eventually set after offerLeadership is called" in {
38 val f = new Fixture
39 val electionService = new PseudoElectionService(f.hostPort, system, f.events, f.lifecycle, f.crashStrategy)
40
41 Given("leadership is offered")
42 electionService.offerLeadership(f.candidate)
43 Then("leader is set")
44 eventually { electionService.currentCandidate.get should equal(Some(f.candidate)) }
45
46 Given("leadership is offered again")
47 electionService.offerLeadership(f.candidate)
48
49 Then("leader is set to None and Marathon stops")
50 eventually { electionService.currentCandidate.get should equal(None) }
51 eventually { verify(f.crashStrategy).crash() }
52 }
53
54 "Marathon stops after abdicateLeadership while being idle" in {
55 val f = new Fixture
56 val electionService = new PseudoElectionService(f.hostPort, system, f.events, f.lifecycle, f.crashStrategy)
57
58 Given("leadership is abdicated while not being leader")
59 electionService.abdicateLeadership()
60
61 Then("leader is None and Marathon stops")
62 eventually { electionService.currentCandidate.get should be(None) }
63 eventually { verify(f.crashStrategy).crash() }
64 }
jeschkiesUnsubmitted
Not Done

Sweet!

65
66 "events are sent" in {
67 val f = new Fixture
68 val events = mock[EventStream]
69
70 val electionService = new PseudoElectionService(f.hostPort, system, events, f.lifecycle, f.crashStrategy)
71
72 Given("this instance is becoming a leader")
73 electionService.offerLeadership(f.candidate)
74 eventually { electionService.currentCandidate.get should equal(Some(f.candidate)) }
75
76 Then("the candidate is called, then an event is published")
77 val order = Mockito.inOrder(events, f.candidate)
78 eventually { order.verify(f.candidate).startLeadership() }
79 eventually { order.verify(events).publish(LocalLeadershipEvent.ElectedAsLeader) }
80
81 Given("this instance is abdicating")
82 electionService.abdicateLeadership()
83
84 Then("the candidate is called, then an event is published")
85 eventually { order.verify(f.candidate).stopLeadership() }
86 eventually { order.verify(events).publish(LocalLeadershipEvent.Standby) }
87
88 Then("the candidate is set to None")
89 eventually { electionService.currentCandidate.get should be(None) }
90
91 Then("then Marathon stops")
92 eventually { verify(f.crashStrategy).crash() }
93 }
94
95 "Marathon stops after leadership abdication while being a leader" in {
96 val f = new Fixture
97 val electionService = new PseudoElectionService(f.hostPort, system, f.events, f.lifecycle, f.crashStrategy)
98
99 Given("this instance becomes leader and then abdicates leadership")
100 electionService.offerLeadership(f.candidate)
101 eventually { electionService.currentCandidate.get should equal(Some(f.candidate)) }
102 electionService.abdicateLeadership()
103
104 Then("then state is Stopped and Marathon stops")
105 eventually { electionService.currentCandidate.get should be(None) }
106 eventually { verify(f.crashStrategy).crash() }
107 }
108
109 "Marathon stops if a candidate's startLeadership fails" in {
110 val f = new Fixture
111 val electionService = new PseudoElectionService(f.hostPort, system, f.events, f.lifecycle, f.crashStrategy)
112
113 Mockito.when(f.candidate.startLeadership()).thenAnswer(new Answer[Unit] {
114 override def answer(invocation: InvocationOnMock): Unit = {
115 throw new Exception("candidate.startLeadership exception")
116 }
117 })
118
119 Given("this instance is offering leadership and candidate.startLeadership throws an exception")
120 electionService.offerLeadership(f.candidate)
121
122 Then("the instance is stopped")
123 eventually { electionService.currentCandidate.get should be(None) }
124 eventually { verify(f.crashStrategy).crash() }
125 }
126 }
127}
View Options

src/test/scala/mesosphere/marathon/core/health/impl/HealthCheckWorkerActorTest.scala

Show First 20 LinesShow All 41 Lines▼ Show 20 Line(s)
4242
4343 val ref = TestActorRef[HealthCheckWorkerActor](Props(classOf[HealthCheckWorkerActor], mat))
4444 ref ! HealthCheckJob(app, instance, MarathonTcpHealthCheck(portIndex = Some(PortReference(0))))
4545
4646 try { res.futureValue }
4747 finally { socket.close() }
4848
4949 expectMsgPF(patienceConfig.timeout) {
50 case Healthy(taskId, _, _, _) => ()
50 case Healthy(_, _, _, _) => ()
5151 }
5252 }
5353
5454 "A health check worker should shut itself down" in {
5555 val socket = new ServerSocket(0)
5656 val socketPort: Int = socket.getLocalPort
5757
5858 val res = Future {
Show All 29 Lines
View Options

src/test/scala/mesosphere/marathon/integration/LeaderIntegrationTest.scala

Show First 20 LinesShow All 442 LinesShow Last 20 Lines
View Options

src/test/scala/mesosphere/marathon/integration/ResidentTaskIntegrationTest.scala

11package mesosphere.marathon
22package integration
33
44import mesosphere.AkkaIntegrationTest
55import mesosphere.marathon.integration.facades.ITEnrichedTask
66import mesosphere.marathon.integration.facades.MarathonFacade._
77import mesosphere.marathon.integration.facades.MesosFacade.{ ITMesosState, ITResources }
88import mesosphere.marathon.integration.setup.{ EmbeddedMarathonTest, RestResult }
9import mesosphere.marathon.raml.{ App, AppPersistentVolume, AppResidency, AppUpdate, AppVolume, Container, EngineType, PersistentVolume, PortDefinition, PortDefinitions, ReadMode, UnreachableDisabled, UpgradeStrategy }
9import mesosphere.marathon.raml.{ App, AppPersistentVolume, AppResidency, AppUpdate, AppVolume, Container, EngineType, PersistentVolume, PortDefinition, ReadMode, UnreachableDisabled, UpgradeStrategy }
1010import mesosphere.marathon.state.PathId
1111import org.slf4j.LoggerFactory
1212
1313import scala.collection.immutable.Seq
1414import scala.concurrent.duration._
1515import scala.util.Try
1616
1717@IntegrationTest
▲ Show 20 LinesShow All 370 LinesShow Last 20 Lines
View Options

src/test/scala/mesosphere/marathon/integration/setup/ForwarderService.scala

Show First 20 LinesShow All 120 Lines▼ Show 20 Line(s)
121121 override def configure(): Unit = {
122122 val leader = leaderHostPort
123123 val electionService = new ElectionService {
124124 override def isLeader: Boolean = elected
125125 override def leaderHostPort: Option[String] = leader
126126 override def localHostPort: String = ???
127127
128128 def offerLeadership(candidate: ElectionCandidate): Unit = ???
129 def abdicateLeadership(error: Boolean = false, reoffer: Boolean = false): Unit = ???
129 def abdicateLeadership(): Unit = ???
130130
131131 override def subscribe(self: ActorRef): Unit = ???
132132 override def unsubscribe(self: ActorRef): Unit = ???
133133 }
134134
135135 bind(classOf[ElectionService]).toInstance(electionService)
136136 }
137137 }
▲ Show 20 LinesShow All 63 LinesShow Last 20 Lines
View Options

src/test/scala/mesosphere/marathon/integration/setup/MarathonTest.scala

Show All 18 Lines
1919import com.fasterxml.jackson.module.scala.DefaultScalaModule
2020import com.fasterxml.jackson.module.scala.experimental.ScalaObjectMapper
2121import com.typesafe.scalalogging.StrictLogging
2222import mesosphere.AkkaUnitTestLike
2323import mesosphere.marathon.api.RestResource
2424import mesosphere.marathon.integration.facades._
2525import mesosphere.marathon.raml.{ App, AppDockerVolume, Network, NetworkMode, AppHealthCheck, PodState, PodStatus, ReadMode }
2626import mesosphere.marathon.state.PathId
27import mesosphere.marathon.test.ExitDisabledTest
2827import mesosphere.marathon.util.{ Lock, Retry }
2928import mesosphere.util.PortAllocator
3029import org.apache.commons.io.FileUtils
3130import org.scalatest.concurrent.{ Eventually, ScalaFutures }
3231import org.scalatest.exceptions.TestFailedDueToTimeoutException
3332import org.scalatest.time.{ Milliseconds, Span }
3433import org.scalatest.{ BeforeAndAfterAll, Suite }
3534import play.api.libs.json.{ JsObject, Json }
3635
3736import scala.annotation.tailrec
3837import scala.async.Async.{ async, await }
3938import scala.collection.mutable
4039import scala.concurrent.duration._
4140import scala.concurrent.{ ExecutionContext, Future }
4241import scala.sys.process.Process
4342import scala.util.Try
44import scala.util.control.NonFatal
4543
4644/**
4745 * Runs a marathon server for the given test suite
4846 * @param autoStart true if marathon should be started immediately
4947 * @param suiteName The test suite that owns this marathon
5048 * @param masterUrl The mesos master url
5149 * @param zkUrl The ZK url
5250 * @param conf any particular configuration
▲ Show 20 LinesShow All 687 Lines▼ Show 20 Line(s)
740738 teardown()
741739 super.afterAll()
742740 }
743741}
744742
745743/**
746744 * Base trait that starts a local marathon but doesn't have mesos/zookeeper yet
747745 */
748trait LocalMarathonTest extends ExitDisabledTest with MarathonTest with ScalaFutures
746trait LocalMarathonTest extends MarathonTest with ScalaFutures
749747 with AkkaUnitTestLike with MesosTest with ZookeeperServerTest {
750748
751749 def marathonArgs: Map[String, String] = Map.empty
752750
753751 lazy val marathonServer = LocalMarathon(autoStart = false, suiteName = suiteName, masterUrl = mesosMasterUrl,
754752 zkUrl = s"zk://${zkServer.connectUri}/marathon",
755753 conf = marathonArgs)
756754 lazy val marathonUrl = s"http://localhost:${marathonServer.httpPort}"
▲ Show 20 LinesShow All 82 LinesShow Last 20 Lines
View Options

src/test/scala/mesosphere/marathon/test/ExitDisabledTest.scala

  • This file was deleted.
This file was completely deleted. Show File Contents