Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix graceful terminate in filestore. #1120

Merged
merged 5 commits into from
May 2, 2024
Merged

Fix graceful terminate in filestore. #1120

merged 5 commits into from
May 2, 2024

Conversation

blmhemu
Copy link
Contributor

@blmhemu blmhemu commented Apr 23, 2024
edited
Loading

In the current logic, we first delete the bin file and then the info file. We should instead do the reverse and ignore any errors when deleting the bin file. This ensures that any disgraceful shutdown would properly recover.

Note: This is only fixed in the filestore for now - might need to fix for other stores as well.

@blmhemu blmhemu changed the title Fix graceful terminate Fix graceful terminate in filestore. Apr 23, 2024
@blmhemu blmhemu force-pushed the graceful-terminate branch from 5dc1d27 to 2dbe5f7 Compare April 23, 2024 17:22
@Acconut
Copy link
Member

Acconut commented Apr 24, 2024

Thank you for the PR. I am fine with reversing the order but ignoring all errors appears dangerous to me. A better approach would be to ignore errors when the file was already deleted (using errors.Is(err, fs.ErrNotExist)), but properly returning any different error. Or did you experience a different error?

@blmhemu
Copy link
Contributor Author

blmhemu commented Apr 24, 2024

Thanks for the review - updated to account for other errors.

@blmhemu blmhemu force-pushed the graceful-terminate branch from 13883dc to 302d7e9 Compare April 24, 2024 07:33
Acconut
Acconut requested changes Apr 24, 2024
View reviewed changes
Copy link
Member

@Acconut Acconut left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the update! Just a few nits.

pkg/filestore/filestore.go Outdated Show resolved Hide resolved
pkg/filestore/filestore.go Outdated Show resolved Hide resolved
pkg/filestore/filestore.go Outdated Show resolved Hide resolved
@blmhemu blmhemu requested a review from Acconut April 24, 2024 07:50
@blmhemu
Copy link
Contributor Author

blmhemu commented Apr 24, 2024
edited
Loading

TY - Fixed the comments.

@Acconut
Copy link
Member

Acconut commented Apr 25, 2024

I wonder if this change will actually allow the upload to be cleaned up if only one of the two files remain. Yes, the Terminate method would do that, but a DELETE request would fail because the filestore needs both files present in order to load the upload (and then terminate it). At least that's what I remember right now.

Did you test the termination of an upload where one file has been deleted?

@blmhemu
Copy link
Contributor Author

blmhemu commented Apr 25, 2024
edited
Loading

I wonder if this change will actually allow the upload to be cleaned up if only one of the two files remain. Yes, the Terminate method would do that, but a DELETE request would fail because the filestore needs both files present in order to load the upload (and then terminate it). At least that's what I remember right now.

Did you test the termination of an upload where one file has been deleted?

Ahh, you are right, the handler would not allow it to pass and returns err not found at getUpload method. Do you have any ideas over here ?
Also, seeing the NewUpload code, it seems to first create the bin file and then the info file. So a server crash here could also lead to un-freed resources. It seems like we may need to relax our checks in some handlers.

@Acconut
Copy link
Member

Acconut commented Apr 26, 2024

Also, seeing the NewUpload code, it seems to first create the bin file and then the info file. So a server crash here could also lead to un-freed resources. It seems like we may need to relax our checks in some handlers.

I am not sure if adjusting the handler logic is the correct way here. If the upload state on disk got corrupted (e.g. one of the two files is missing), the client will not be able to resume the upload and start a new one. Trying to consider and recover from every possible type of corruption in tusd would be challenging if not impossible. The better way to deal with corrupted states is to start a new upload and let the previous, corrupt upload be cleaned up by a cron job (e.g. a job that removes all files which are untouched for the last 24hrs). This approach would be more thorough as it can also clean up uploads that tusd considers corrupt. Does that make sense?

Nevertheless, I would still merge this PR. Ignoring fs.ErrNotExist when deleting files is a good improvement.

@blmhemu
Copy link
Contributor Author

blmhemu commented Apr 27, 2024

Also, seeing the NewUpload code, it seems to first create the bin file and then the info file. So a server crash here could also lead to un-freed resources. It seems like we may need to relax our checks in some handlers.

I am not sure if adjusting the handler logic is the correct way here. If the upload state on disk got corrupted (e.g. one of the two files is missing), the client will not be able to resume the upload and start a new one. Trying to consider and recover from every possible type of corruption in tusd would be challenging if not impossible. The better way to deal with corrupted states is to start a new upload and let the previous, corrupt upload be cleaned up by a cron job (e.g. a job that removes all files which are untouched for the last 24hrs). This approach would be more thorough as it can also clean up uploads that tusd considers corrupt. Does that make sense?

Yep ! The handler can only do so much. The cronjob approach looks good (the job can look at info file and match it with the os.stat and remove them after a threshold).

Nevertheless, I would still merge this PR. Ignoring fs.ErrNotExist when deleting files is a good improvement.

Sure. NP.

@Acconut Acconut merged commit 775b805 into tus:main May 2, 2024
7 checks passed
@Acconut
Copy link
Member

Acconut commented May 2, 2024

Thank you for working on this!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Acconut Acconut Acconut approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@blmhemu @Acconut