[
https://issues.apache.org/jira/browse/HDFS-2179?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13069033#comment-13069033
]
Kihwal Lee commented on HDFS-2179:
----------------------------------
I think it is safe to serve reads as long as the new node is not serving
writes. So there can be a period of service overlap if we can make sure the old
node stops serving reads before the new node starts serving writes. I am
assuming the both are serving the same content, but if the fs state has
diverged between the two (e.g. the in-memory state of the old node is not in
sync with the persistent one), even serving reads may not be safe. Although it
is safe in terms of the data integrity at the file system level in this case,
it may cause clients to make wrong decisions and lose data. Probably we should
not trust the old node at all since it can have unexpected failure modes. Then
serving reads is not safe.
> HA: namenode fencing mechanism
> ------------------------------
>
> Key: HDFS-2179
> URL: https://issues.apache.org/jira/browse/HDFS-2179
> Project: Hadoop HDFS
> Issue Type: Sub-task
> Components: name-node
> Reporter: Todd Lipcon
> Assignee: Todd Lipcon
>
> In an HA cluster, when there are two NNs, the invariant that only one NN is
> active at a time has to be preserved in order to prevent "split brain
> syndrome." Thus, when a standby NN is transition to "active" state during a
> failover, it needs to somehow _fence_ the formerly active NN to ensure that
> it can no longer perform edits. This JIRA is to discuss and implement NN
> fencing.
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
