[Openstack] [Swift] Container DB update after object PUT
Samuel Merritt
sam at swiftstack.com
Fri Nov 29 08:26:49 UTC 2013
On 11/27/13 9:24 PM, Shao, Minglong wrote:
> Thanks for your reply!
> I understand the three PUTs by the proxy server and how the replicator
> works.
>
> What I don’t understand is the update of the container DB. The update is
> sent by individual object servers which don’t know whether a PUT (from
> the client’s perspective) succeeds.
> Consider the following scenario:
>
> 1. Proxy server sends three requests to three object servers.
> 2. One object server writes the object successfully, sends an update to
> the container DB and an “OK” reply to the proxy server. But the
> other two fail, so they send “failed” to the proxy server.
> 3. The proxy server sends back “failed” to the client because it
> doesn’t meet the quorum. But the container DB still gets the update
> to insert an entry of this object.
The word "failed" is a bit nebulous here, and I think that's the source
of the confusion.
The proxy server doesn't send "failed" to the client; it sends back an
HTTP response with status code 503. This sounds like nitpicking, but
it's not. A 503 certainly doesn't indicate success, but neither does it
indicate that the requested operation failed. It really doesn't tell the
client anything except that something went wrong somewhere; whether that
constitutes a failure or not depends on the details.
It's possible that the object servers finished the upload successfully,
but the final stage of the upload took too long, and the proxy server
timed out the requests and sent a 503 to the client. In this case, one
could have all 3 (or N, really) replicas of the object successfully
written to disk, but the client still got a 503. Is that a failure?
It's possible that one object server finished the upload successfully,
but the others did not. In this case, the client will get a 503 due to
lack of quorum. However, let's say that the one, lonely copy of the
object is replicated before its disk malfunctions, and so the cluster
ends up with the full 3 (or N) replicas. Is that a failure?
It's possible that (again) one object server finished the upload
successfully, but the others did not. In this case, the client will get
a 503 due to lack of quorum. However, let's say that the one, lonely
copy of the object dies a horrible death due to disk malfunction, and so
the container listing contains an object that will always 404. Is that a
failure?
It's possible that the client is uploading an object and sends the last
bytes of the request body to the proxy, and before those critical last
bytes are sent to the object servers, the proxy's internal NIC fails,
the object-server requests all time out, and the client replies with a
503. Is that a failure? (Yes, this one definitely is a failure.)
I hope this helps clarify that a 503 indicates neither upload success
nor upload failure, but simply that something went wrong somewhere, and
that the object may exist and have full durability, may exist with poor
durability, or may not exist at all.
More information about the Openstack
mailing list