Simplify config rewrite file handling and make it really atomic#7824
Simplify config rewrite file handling and make it really atomic#7824yossigo merged 1 commit intoredis:unstablefrom
Conversation
src/config.c
Outdated
There was a problem hiding this comment.
@ushachar Please consider doing snprintf() into the buffer and check return code to confirm it was big enough, could be simpler.
src/config.c
Outdated
There was a problem hiding this comment.
I think a short write should also be handled here.
There was a problem hiding this comment.
Yep... was already in progress on it. Done.
src/config.c
Outdated
There was a problem hiding this comment.
I think it might make sense to fchmod() earlier, so once rename() is successful we're all done. In this order we may end up with the wrong permissions.
|
summing up feedback i relayed privately few days ago:
|
ushachar
force-pushed
the
make_config_rewrite_atomic
branch
from
6980e88 to
323e18e
Compare
src/config.c
Outdated
There was a problem hiding this comment.
this is the first and only use of u_int (personally i don't think i ever encountered it).
i'm afraid of some platform compatibility issues, would feel better to use anything else
There was a problem hiding this comment.
ok - switched to explicit 'unsigned int'
ushachar
force-pushed
the
make_config_rewrite_atomic
branch
from
323e18e to
2c63b6c
Compare
Make sure we handle short writes correctly, sync to disk after writing and use rename to make sure the replacement is actually atomic. In any case of failure old configuration will remain in place. Also, add some additional logging to make it easier to diagnose rewrite problems.
ushachar
force-pushed
the
make_config_rewrite_atomic
branch
from
2c63b6c to
ded9459
Compare
|
Merged, thanks @ushachar! |
oranagra
added
the
release-notes
|
I've added the release notes label, home we'll catch it when the day comes |
Make sure we handle short writes correctly, sync to disk after writing and use rename to make sure the replacement is actually atomic. In any case of failure old configuration will remain in place. Also, add some additional logging to make it easier to diagnose rewrite problems. (cherry picked from commit c30bd02)
Make sure we handle short writes correctly, sync to disk after writing and use rename to make sure the replacement is actually atomic. In any case of failure old configuration will remain in place. Also, add some additional logging to make it easier to diagnose rewrite problems.
Make sure we handle short writes correctly, sync to disk after writing and use rename to make sure the replacement is actually atomic. In any case of failure old configuration will remain in place. Also, add some additional logging to make it easier to diagnose rewrite problems. (cherry picked from commit c30bd02)
|
Looks like this break config rewrite, because of permission problem, as most of the time saving |
@remicollet - Yep - See comment in #7824 (comment). |
|
@remicollet Do you see a problem with the subdirectory approach? This seems to be what other distros are doing as well and as @ushachar mentioned it has other advantages. |
|
@yossigo indeed subdirectory is a solution, but cannot be used, as it will break existing configuration (upgrade path) |
|
See PR #8058 |
|
@remicollet Thank you for proposing a fix in your PR. However, I'm afraid in a way it goes against the motivation of the original fix - which was to ensure rewrites are atomic. If we take this approach rewrites are again not guaranteed to be atomic, because that would depend on what filesystem permissions are used and whether or not the fallback is triggered. For this reason we can't accept this fix. |
As an outstanding part mentioned in #10737, we could just make the cluster config file and ACL file saving done with a more safe and atomic pattern (write to temp file, fsync, rename, fsync dir). The cluster config file uses an in-place overwrite and truncation (which was also used by the main config file before #7824). The ACL file is using the temp file and rename approach, but was missing an fsync. Co-authored-by: 朱天 <[email protected]>
As an outstanding part mentioned in redis#10737, we could just make the cluster config file and ACL file saving done with a more safe and atomic pattern (write to temp file, fsync, rename, fsync dir). The cluster config file uses an in-place overwrite and truncation (which was also used by the main config file before redis#7824). The ACL file is using the temp file and rename approach, but was missing an fsync. Co-authored-by: 朱天 <[email protected]>
4 participants
No description provided.