Backport #61953 to 24.2: fix logical-error when undoing quorum insert transaction

robot-clickhouse · robot-clickhouse · commit 66926703b002 · 2024-05-23T12:05:11.000Z
diff --git a/src/Access/Common/AccessType.h b/src/Access/Common/AccessType.h
@@ -201,7 +201,7 @@ enum class AccessType
     M(SYSTEM_FLUSH, "", GROUP, SYSTEM) \
     M(SYSTEM_THREAD_FUZZER, "SYSTEM START THREAD FUZZER, SYSTEM STOP THREAD FUZZER, START THREAD FUZZER, STOP THREAD FUZZER", GLOBAL, SYSTEM) \
     M(SYSTEM_UNFREEZE, "SYSTEM UNFREEZE", GLOBAL, SYSTEM) \
-    M(SYSTEM_FAILPOINT, "SYSTEM ENABLE FAILPOINT, SYSTEM DISABLE FAILPOINT", GLOBAL, SYSTEM) \
+    M(SYSTEM_FAILPOINT, "SYSTEM ENABLE FAILPOINT, SYSTEM DISABLE FAILPOINT, SYSTEM WAIT FAILPOINT", GLOBAL, SYSTEM) \
     M(SYSTEM_LISTEN, "SYSTEM START LISTEN, SYSTEM STOP LISTEN", GLOBAL, SYSTEM) \
     M(SYSTEM_JEMALLOC, "SYSTEM JEMALLOC PURGE, SYSTEM JEMALLOC ENABLE PROFILE, SYSTEM JEMALLOC DISABLE PROFILE, SYSTEM JEMALLOC FLUSH PROFILE", GLOBAL, SYSTEM) \
     M(SYSTEM, "", GROUP, ALL) /* allows to execute SYSTEM {SHUTDOWN|RELOAD CONFIG|...} */ \
diff --git a/src/Common/FailPoint.cpp b/src/Common/FailPoint.cpp
@@ -42,7 +42,9 @@ static struct InitFiu
     REGULAR(check_table_query_delay_for_part) \
     REGULAR(dummy_failpoint) \
     REGULAR(prefetched_reader_pool_failpoint) \
-    PAUSEABLE_ONCE(dummy_pausable_failpoint_once) \
+    PAUSEABLE_ONCE(replicated_merge_tree_insert_retry_pause) \
+    PAUSEABLE_ONCE(finish_set_quorum_failed_parts) \
+    PAUSEABLE_ONCE(finish_clean_quorum_failed_parts) \
     PAUSEABLE(dummy_pausable_failpoint) \
     ONCE(execute_query_calling_empty_set_result_func_on_exception)
 
diff --git a/src/Interpreters/InterpreterSystemQuery.cpp b/src/Interpreters/InterpreterSystemQuery.cpp
@@ -737,6 +737,14 @@ BlockIO InterpreterSystemQuery::execute()
             FailPointInjection::disableFailPoint(query.fail_point_name);
             break;
         }
+        case Type::WAIT_FAILPOINT:
+        {
+            getContext()->checkAccess(AccessType::SYSTEM_FAILPOINT);
+            LOG_TRACE(log, "waiting for failpoint {}", query.fail_point_name);
+            FailPointInjection::pauseFailPoint(query.fail_point_name);
+            LOG_TRACE(log, "finished failpoint {}", query.fail_point_name);
+            break;
+        }
         case Type::RESET_COVERAGE:
         {
             getContext()->checkAccess(AccessType::SYSTEM);
@@ -1430,6 +1438,7 @@ AccessRightsElements InterpreterSystemQuery::getRequiredAccessForDDLOnCluster()
         case Type::STOP_THREAD_FUZZER:
         case Type::START_THREAD_FUZZER:
         case Type::ENABLE_FAILPOINT:
+        case Type::WAIT_FAILPOINT:
         case Type::DISABLE_FAILPOINT:
         case Type::RESET_COVERAGE:
         case Type::UNKNOWN:
diff --git a/src/Parsers/ASTSystemQuery.cpp b/src/Parsers/ASTSystemQuery.cpp
@@ -348,6 +348,7 @@ void ASTSystemQuery::formatImpl(const FormatSettings & settings, FormatState & s
         }
         case Type::ENABLE_FAILPOINT:
         case Type::DISABLE_FAILPOINT:
+        case Type::WAIT_FAILPOINT:
         {
             settings.ostr << ' ';
             print_identifier(fail_point_name);
diff --git a/src/Parsers/ASTSystemQuery.h b/src/Parsers/ASTSystemQuery.h
@@ -85,6 +85,7 @@ class ASTSystemQuery : public IAST, public ASTQueryWithOnCluster
         UNFREEZE,
         ENABLE_FAILPOINT,
         DISABLE_FAILPOINT,
+        WAIT_FAILPOINT,
         SYNC_FILESYSTEM_CACHE,
         STOP_PULLING_REPLICATION_LOG,
         START_PULLING_REPLICATION_LOG,
diff --git a/src/Parsers/ParserSystemQuery.cpp b/src/Parsers/ParserSystemQuery.cpp
@@ -262,6 +262,7 @@ bool ParserSystemQuery::parseImpl(IParser::Pos & pos, ASTPtr & node, Expected &
         }
         case Type::ENABLE_FAILPOINT:
         case Type::DISABLE_FAILPOINT:
+        case Type::WAIT_FAILPOINT:
         {
             ASTPtr ast;
             if (ParserIdentifier{}.parse(pos, ast, expected))
diff --git a/src/Storages/MergeTree/ReplicatedMergeTreeRestartingThread.cpp b/src/Storages/MergeTree/ReplicatedMergeTreeRestartingThread.cpp
@@ -4,6 +4,7 @@
 #include <Storages/MergeTree/ReplicatedMergeTreeQuorumEntry.h>
 #include <Storages/MergeTree/ReplicatedMergeTreeAddress.h>
 #include <Interpreters/Context.h>
+#include <Common/FailPoint.h>
 #include <Common/ZooKeeper/KeeperException.h>
 #include <Common/randomSeed.h>
 #include <Core/ServerUUID.h>
@@ -24,6 +25,11 @@ namespace ErrorCodes
     extern const int REPLICA_IS_ALREADY_ACTIVE;
 }
 
+namespace FailPoints
+{
+    extern const char finish_clean_quorum_failed_parts[];
+};
+
 /// Used to check whether it's us who set node `is_active`, or not.
 static String generateActiveNodeIdentifier()
 {
@@ -241,6 +247,7 @@ void ReplicatedMergeTreeRestartingThread::removeFailedQuorumParts()
             storage.queue.removeFailedQuorumPart(part->info);
         }
     }
+    FailPointInjection::disableFailPoint(FailPoints::finish_clean_quorum_failed_parts);
 }
 
 
diff --git a/src/Storages/MergeTree/ReplicatedMergeTreeSink.cpp b/src/Storages/MergeTree/ReplicatedMergeTreeSink.cpp
@@ -30,6 +30,7 @@ namespace FailPoints
     extern const char replicated_merge_tree_commit_zk_fail_after_op[];
     extern const char replicated_merge_tree_insert_quorum_fail_0[];
     extern const char replicated_merge_tree_commit_zk_fail_when_recovering_from_hw_fault[];
+    extern const char replicated_merge_tree_insert_retry_pause[];
 }
 
 namespace ErrorCodes
@@ -913,14 +914,27 @@ std::pair<std::vector<String>, bool> ReplicatedMergeTreeSinkImpl<async_insert>::
             });
 
             bool node_exists = false;
+            bool quorum_fail_exists = false;
             /// The loop will be executed at least once
             new_retry_controller.retryLoop([&]
             {
                 fiu_do_on(FailPoints::replicated_merge_tree_commit_zk_fail_when_recovering_from_hw_fault, { zookeeper->forceFailureBeforeOperation(); });
+                FailPointInjection::pauseFailPoint(FailPoints::replicated_merge_tree_insert_retry_pause);
                 zookeeper->setKeeper(storage.getZooKeeper());
                 node_exists = zookeeper->exists(fs::path(storage.replica_path) / "parts" / part->name);
+                if (isQuorumEnabled())
+                    quorum_fail_exists = zookeeper->exists(fs::path(storage.zookeeper_path) / "quorum" / "failed_parts" / part->name);
             });
 
+            /// if it has quorum fail node, the restarting thread will clean the garbage.
+            if (quorum_fail_exists)
+            {
+                LOG_INFO(log, "Part {} fails to commit and will not retry or clean garbage. Restarting Thread will do everything.", part->name);
+                transaction.clear();
+            /// `quorum/failed_parts/part_name` exists because table is read only for a while, So we return table is read only.
+                throw Exception(ErrorCodes::TABLE_IS_READ_ONLY, "Table is in readonly mode due to shutdown: replica_path={}", storage.replica_path);
+            }
+
             if (node_exists)
             {
                 LOG_DEBUG(log, "Insert of part {} recovered from keeper successfully. It will be committed", part->name);
diff --git a/src/Storages/StorageReplicatedMergeTree.cpp b/src/Storages/StorageReplicatedMergeTree.cpp
@@ -141,6 +141,7 @@ namespace FailPoints
 {
     extern const char replicated_queue_fail_next_entry[];
     extern const char replicated_queue_unfail_entries[];
+    extern const char finish_set_quorum_failed_parts[];
 }
 
 namespace ErrorCodes
@@ -2130,6 +2131,7 @@ bool StorageReplicatedMergeTree::executeFetch(LogEntry & entry, bool need_to_che
                         if (code == Coordination::Error::ZOK)
                         {
                             LOG_DEBUG(log, "Marked quorum for part {} as failed.", entry.new_part_name);
+                            FailPointInjection::disableFailPoint(FailPoints::finish_set_quorum_failed_parts);
                             queue.removeFailedQuorumPart(part_info);
                             return true;
                         }
diff --git a/tests/integration/test_quorum_inserts/test.py b/tests/integration/test_quorum_inserts/test.py
@@ -1,7 +1,9 @@
+import concurrent
 import time
 
 import pytest
 from helpers.cluster import ClickHouseCluster
+from helpers.network import PartitionManager
 from helpers.test_tools import TSV
 
 cluster = ClickHouseCluster(__file__)
@@ -361,3 +363,81 @@ def test_insert_quorum_with_ttl(started_cluster):
     )
 
     zero.query("DROP TABLE IF EXISTS test_insert_quorum_with_ttl ON CLUSTER cluster")
+
+
+def test_insert_quorum_with_keeper_loss_connection():
+    zero.query(
+        "DROP TABLE IF EXISTS test_insert_quorum_with_keeper_fail ON CLUSTER cluster"
+    )
+    create_query = (
+        "CREATE TABLE test_insert_quorum_with_keeper_loss"
+        "(a Int8, d Date) "
+        "Engine = ReplicatedMergeTree('/clickhouse/tables/{table}', '{replica}') "
+        "ORDER BY a "
+    )
+
+    zero.query(create_query)
+    first.query(create_query)
+
+    first.query("SYSTEM STOP FETCHES test_insert_quorum_with_keeper_loss")
+
+    zero.query("SYSTEM ENABLE FAILPOINT replicated_merge_tree_commit_zk_fail_after_op")
+    zero.query("SYSTEM ENABLE FAILPOINT replicated_merge_tree_insert_retry_pause")
+
+    with concurrent.futures.ThreadPoolExecutor(max_workers=5) as executor:
+        insert_future = executor.submit(
+            lambda: zero.query(
+                "INSERT INTO test_insert_quorum_with_keeper_loss(a,d) VALUES(1, '2011-01-01')",
+                settings={"insert_quorum_timeout": 150000},
+            )
+        )
+
+        pm = PartitionManager()
+        pm.drop_instance_zk_connections(zero)
+
+        retries = 0
+        zk = cluster.get_kazoo_client("zoo1")
+        while True:
+            if (
+                zk.exists(
+                    "/clickhouse/tables/test_insert_quorum_with_keeper_loss/replicas/zero/is_active"
+                )
+                is None
+            ):
+                break
+            print("replica is still active")
+            time.sleep(1)
+            retries += 1
+            if retries == 120:
+                raise Exception("Can not wait cluster replica inactive")
+
+        first.query("SYSTEM ENABLE FAILPOINT finish_set_quorum_failed_parts")
+        quorum_fail_future = executor.submit(
+            lambda: first.query(
+                "SYSTEM WAIT FAILPOINT finish_set_quorum_failed_parts", timeout=300
+            )
+        )
+        first.query("SYSTEM START FETCHES test_insert_quorum_with_keeper_loss")
+
+        concurrent.futures.wait([quorum_fail_future])
+
+        assert quorum_fail_future.exception() is None
+
+        zero.query("SYSTEM ENABLE FAILPOINT finish_clean_quorum_failed_parts")
+        clean_quorum_fail_parts_future = executor.submit(
+            lambda: first.query(
+                "SYSTEM WAIT FAILPOINT finish_clean_quorum_failed_parts", timeout=300
+            )
+        )
+        pm.restore_instance_zk_connections(zero)
+        concurrent.futures.wait([clean_quorum_fail_parts_future])
+
+        assert clean_quorum_fail_parts_future.exception() is None
+
+        zero.query("SYSTEM DISABLE FAILPOINT replicated_merge_tree_insert_retry_pause")
+        concurrent.futures.wait([insert_future])
+        assert insert_future.exception() is not None
+        assert not zero.contains_in_log("LOGICAL_ERROR")
+        assert zero.contains_in_log(
+            "fails to commit and will not retry or clean garbage"
+        )
diff --git a/tests/queries/0_stateless/01271_show_privileges.reference b/tests/queries/0_stateless/01271_show_privileges.reference
@@ -151,7 +151,7 @@ SYSTEM FLUSH ASYNC INSERT QUEUE	['FLUSH ASYNC INSERT QUEUE']	GLOBAL	SYSTEM FLUSH
 SYSTEM FLUSH	[]	\N	SYSTEM
 SYSTEM THREAD FUZZER	['SYSTEM START THREAD FUZZER','SYSTEM STOP THREAD FUZZER','START THREAD FUZZER','STOP THREAD FUZZER']	GLOBAL	SYSTEM
 SYSTEM UNFREEZE	['SYSTEM UNFREEZE']	GLOBAL	SYSTEM
-SYSTEM FAILPOINT	['SYSTEM ENABLE FAILPOINT','SYSTEM DISABLE FAILPOINT']	GLOBAL	SYSTEM
+SYSTEM FAILPOINT	['SYSTEM ENABLE FAILPOINT','SYSTEM DISABLE FAILPOINT','SYSTEM WAIT FAILPOINT']	GLOBAL	SYSTEM
 SYSTEM LISTEN	['SYSTEM START LISTEN','SYSTEM STOP LISTEN']	GLOBAL	SYSTEM
 SYSTEM JEMALLOC	['SYSTEM JEMALLOC PURGE','SYSTEM JEMALLOC ENABLE PROFILE','SYSTEM JEMALLOC DISABLE PROFILE','SYSTEM JEMALLOC FLUSH PROFILE']	GLOBAL	SYSTEM
 SYSTEM	[]	\N	ALL

Original file line number	Diff line number	Diff line change
`@@ -348,6 +348,7 @@ void ASTSystemQuery::formatImpl(const FormatSettings & settings, FormatState & s`
`348`	`348`	`}`
`349`	`349`	`case Type::ENABLE_FAILPOINT:`
`350`	`350`	`case Type::DISABLE_FAILPOINT:`
	`351`	`+ case Type::WAIT_FAILPOINT:`
`351`	`352`	`{`
`352`	`353`	`settings.ostr << ' ';`
`353`	`354`	`print_identifier(fail_point_name);`
Original file line number	Diff line number	Diff line change
`@@ -262,6 +262,7 @@ bool ParserSystemQuery::parseImpl(IParser::Pos & pos, ASTPtr & node, Expected &`
`262`	`262`	`}`
`263`	`263`	`case Type::ENABLE_FAILPOINT:`
`264`	`264`	`case Type::DISABLE_FAILPOINT:`
	`265`	`+ case Type::WAIT_FAILPOINT:`
`265`	`266`	`{`
`266`	`267`	`ASTPtr ast;`
`267`	`268`	`if (ParserIdentifier{}.parse(pos, ast, expected))`
Original file line number	Diff line number	Diff line change
`@@ -4,6 +4,7 @@`
`4`	`4`	`#include <Storages/MergeTree/ReplicatedMergeTreeQuorumEntry.h>`
`5`	`5`	`#include <Storages/MergeTree/ReplicatedMergeTreeAddress.h>`
`6`	`6`	`#include <Interpreters/Context.h>`
	`7`	`+#include <Common/FailPoint.h>`
`7`	`8`	`#include <Common/ZooKeeper/KeeperException.h>`
`8`	`9`	`#include <Common/randomSeed.h>`
`9`	`10`	`#include <Core/ServerUUID.h>`
`@@ -24,6 +25,11 @@ namespace ErrorCodes`
`24`	`25`	`extern const int REPLICA_IS_ALREADY_ACTIVE;`
`25`	`26`	`}`
`26`	`27`
	`28`	`+namespace FailPoints`
	`29`	`+{`
	`30`	`+ extern const char finish_clean_quorum_failed_parts[];`
	`31`	`+};`
	`32`	`+`
`27`	`33`	/// Used to check whether it's us who set node `is_active`, or not.
`28`	`34`	`static String generateActiveNodeIdentifier()`
`29`	`35`	`{`
`@@ -241,6 +247,7 @@ void ReplicatedMergeTreeRestartingThread::removeFailedQuorumParts()`
`241`	`247`	`storage.queue.removeFailedQuorumPart(part->info);`
`242`	`248`	`}`
`243`	`249`	`}`
	`250`	`+ FailPointInjection::disableFailPoint(FailPoints::finish_clean_quorum_failed_parts);`
`244`	`251`	`}`
`245`	`252`
`246`	`253`
Original file line number	Diff line number	Diff line change
`@@ -141,6 +141,7 @@ namespace FailPoints`
`141`	`141`	`{`
`142`	`142`	`extern const char replicated_queue_fail_next_entry[];`
`143`	`143`	`extern const char replicated_queue_unfail_entries[];`
	`144`	`+ extern const char finish_set_quorum_failed_parts[];`
`144`	`145`	`}`
`145`	`146`
`146`	`147`	`namespace ErrorCodes`
`@@ -2130,6 +2131,7 @@ bool StorageReplicatedMergeTree::executeFetch(LogEntry & entry, bool need_to_che`
`2130`	`2131`	`if (code == Coordination::Error::ZOK)`
`2131`	`2132`	`{`
`2132`	`2133`	`LOG_DEBUG(log, "Marked quorum for part {} as failed.", entry.new_part_name);`
	`2134`	`+ FailPointInjection::disableFailPoint(FailPoints::finish_set_quorum_failed_parts);`
`2133`	`2135`	`queue.removeFailedQuorumPart(part_info);`
`2134`	`2136`	`return true;`
`2135`	`2137`	`}`