fix(cluster_family): Cancel slot migration from incoming node on OOM #5000

mkaruza · 2025-04-25T11:16:13Z

If applying command on incoming node will result in OOM (we overflow
max_memory_limit) we are closing migration and switch state to FATAL.

src/server/cluster/cluster_family.cc

BorysTheDev · 2025-05-06T13:30:58Z

src/server/cluster/cluster_family.cc

+  if (migration->GetState() == MigrationState::C_FATAL) {
+    migration->Stop();
+  }


looks like incorrect place for this logic

If FLOW fails with C_FATAL we'll call it, where would you put migration->Stop to handle stopping of migration?

Maybe we can move it to reportError or SetState, where we set the fatal status

src/server/cluster/incoming_slot_migration.cc

BorysTheDev · 2025-05-06T13:48:52Z

src/server/cluster/incoming_slot_migration.cc

@@ -70,6 +76,20 @@ class ClusterShardMigration {
        break;
      }

+      auto oom_check = [&]() -> bool {
+        auto used_mem = used_mem_current.load(memory_order_relaxed);
+        if ((used_mem + tx_data->command.cmd_len) > max_memory_limit) {


is used_mem RSS? maybe we need max_memory_limit - 100MB for example, or how we can guarantee 100% success of this condition?

Yes, it is checks whatever is set with maxmemory. I'll modify so it uses 90% of max memory as upper bound. That should be safe i think.

Let's discuss it with @adiholden or @romange

src/server/cluster/incoming_slot_migration.cc

src/server/cluster/incoming_slot_migration.h

BorysTheDev · 2025-05-06T14:02:28Z

src/server/cluster/incoming_slot_migration.h

+  void ReportFatalError(dfly::GenericError err) ABSL_LOCKS_EXCLUDED(state_mu_, error_mu_) {
+    errors_count_.fetch_add(1, std::memory_order_relaxed);
+    util::fb2::LockGuard lk_state(state_mu_);
+    util::fb2::LockGuard lk_error(error_mu_);
+    state_ = MigrationState::C_FATAL;
+    last_error_ = std::move(err);
+  }


I don't like this code. Let's think how to make it better. Maybe we can use state_mu_ for error too or merge this method with reportError

Agree, but i changed ReportError to check GetState() != C_FATAL and i wanted to update state & set error message while having both locks.

src/server/cluster/incoming_slot_migration.h

src/server/cluster/outgoing_slot_migration.cc

If applying command on incoming node will result in OOM (we overflow max_memory_limit) we are closing migration and switch state to FATAL. Signed-off-by: mkaruza <[email protected]>

mkaruza requested a review from BorysTheDev April 25, 2025 11:16

mkaruza marked this pull request as draft April 25, 2025 11:16

BorysTheDev reviewed Apr 26, 2025

View reviewed changes

src/server/cluster/cluster_family.cc Outdated Show resolved Hide resolved

BorysTheDev reviewed Apr 26, 2025

View reviewed changes

src/server/cluster/cluster_family.cc Outdated Show resolved Hide resolved

mkaruza force-pushed the mkaruza/github#4977 branch from 9c88c11 to 6a5d621 Compare May 6, 2025 12:34

mkaruza requested a review from BorysTheDev May 6, 2025 12:35

mkaruza marked this pull request as ready for review May 6, 2025 12:35

mkaruza changed the title ~~fix(cluster_family): Cancel slot migration in case of OOM errors on t…~~ fix(cluster_family): Cancel slot migration from incoming node on OOM May 6, 2025