Cassalog can get into inconsistent state and prevent upgrades from completing #3
Comments
|
Perhaps writting on the casslog before/after of the updateCQL operation it might help if an update was not fully performed. |
I was thinking along the same lines, but there still needs to be a way to verify whether or not DDL statements (i.e., Let's consider the following. A To fix this, we first record the change in the cassalog table before executing it. We also need a flag in the cassalog table that gets set only after the change is successfully updated. Let's say that the I don't know if this will handle all DDL scenarios, but I think it will cover the basic ones. For dropping a column, we would query system_schema.columns to verify that the column is not there. DML statements, i.e., inserting data, is a bit different. If the query is idempotent, then we can simply execute it again. If the query is not idempotent, then maybe the schema change needs to include a user-supplied check to verify it was applied. That check would be performed in the event of an error where the update flag is not set. |
|
In the same scenario, in alerting we have introduced a checker that basically flags if the schema is ok or not querying the tables on the system tables too. |
Right now Cassalog only supports raw CQL changes like: schemaChange {
version '1.0'
author 'jsanda'
cql """
CREATE TABLE foo (
id uuid PRIMARY KEY,
value text
)
"""
}You are right. For raw CQL changes it would be difficult to determine the type of schema change, and I wouldn't not want to do that. For raw schema changes, I would prefer to allow the user to specify the verification/checker function. We can also introduce some typed schema change functions, something like: createTable {
version '1.0'
author 'jsanda'
tableName 'foo'
columns [
[name: 'id', type: uuid, primaryKey: true],
[name: value, type: text]
]
}For something like this, Cassalog knows that is it a |
When Cassalog applies a schema change, it executes whatever CQL statements correspond to the change, and then it updates the change log table,
cassalog. If Cassalog fails to update the change log table, maybe due to a request timeout, Cassalog will abort. Depending on the schema change involved, Cassalog can wind up in an inconsistent state. Let's say we have:schemaChange { version '1.0' author 'jsanda' cql """ CREATE TABLE my_table ( id text PRIMARY KEY, value text ) WITH compaction = { 'class': 'LeveledCompactionStrategy' } """ }Cassalog fails with a timeout exception while trying to update the change log table, or better yet, the JVM in which Cassalog is running gets shutdown abruptly. The next time Cassalog is run it will attempt to apply the above schema change since it was not recorded in the change log. This in turn will result in an error from Cassandra since the table already exists.
In this particular example we can sort of work around the problem by using
CREATE TABLE my_table IF NOT EXISTS..., but that won't work in general. Initially I thought maybe the solution would be to use atomic batches, but they cannot be used with DDL statements. We need to figure something else out to prevent Cassalog from getting into an inconsistent state.The text was updated successfully, but these errors were encountered: