default log store backend to WAL and allow disabling verification #21700
Conversation
github-actions
bot
added
the
theme/config
dhiaayachi
requested review from
zalimeni,
jmurret,
ndhanushkodi and
JadhavPoonam
🔥
agent/consul/server.go
Outdated
| if s.config.LogStoreConfig.Backend == LogStoreBackendDefault && !boltFileExists { | ||
| if (s.config.LogStoreConfig.Backend == LogStoreBackendDefault || s.config.LogStoreConfig.Backend == LogStoreBackendWAL) && !boltFileExists { | ||
| s.config.LogStoreConfig.Backend = LogStoreBackendWAL |
There was a problem hiding this comment.
~ Should we consider moving the original
if s.config.LogStoreConfig.Backend == LogStoreBackendDefault && !boltFileExists {
s.config.LogStoreConfig.Backend = LogStoreBackendWAL
}bit up above the rest of this if block, and just check explicitly for WAL (not default) after?
Main thought that crossed my mind is we're treating default and WAL as equivalent in these checks once we get past the BoltDB detection gate, so normalizing in one place is less error-prone in case of future changes and separates the defaulting from the business logic.
There was a problem hiding this comment.
Is that what you had in mind?
There was a problem hiding this comment.
I was more thinking we could simplify the checks following the first defaulting block, so that we aren't repeating stuff like "default or WAL" and "!boltDB". Maybe something like this? (also switches the warning to "using BoltDB" since "ignoring 'wal'" might be confusing when default is used)
| - Take a snapshot prior to testing. | ||
| - Monitor Consul server metrics and logs, and set an alert on specific log events that occur when WAL is enabled. Refer to [Monitor Raft metrics and logs for WAL](/consul/docs/agent/wal-logstore/monitoring) for more information. | ||
| - Enable WAL in a pre-production environment and run it for a several days before enabling it in production. | ||
| WAL LogStore is now enabled by default |
There was a problem hiding this comment.
We're still ignoring config if there's a BoltDB file found - should we call that out here (new installs only) similar to the main doc, and keep some instructions to transition existing servers if desired?
There was a problem hiding this comment.
@boruszak Can you please check the wording in here?
| ## Enable log verification | ||
|
|
||
| You must enable log verification on all voting servers in Enterprise and all servers in CE because the leader writes verification checkpoints. | ||
|
|
||
| 1. On each voting server, add the following to the server's configuration file: | ||
|
|
||
| ```hcl | ||
| raft_logstore { | ||
| verification { | ||
| enabled = true | ||
| interval = "60s" | ||
| } | ||
| } | ||
| ``` | ||
|
|
||
| 1. Restart the server to apply the changes. The `consul reload` command is not sufficient to apply `raft_logstore` configuration changes. | ||
| 1. Run the `consul operator raft list-peers` command to wait for each server to become a healthy voter before moving on to the next. This may take a few minutes for large snapshots. | ||
|
|
||
| When complete, the server's logs should contain verifier reports that appear like the following example: | ||
|
|
||
| ```log hideClipboard | ||
| 2023-01-31T14:44:31.174Z [INFO] agent.server.raft.logstore.verifier: verification checksum OK: elapsed=488.463268ms leaderChecksum=f15db83976f2328c rangeEnd=357802 rangeStart=298132 readChecksum=f15db83976f2328c | ||
| ``` |
There was a problem hiding this comment.
Isn't this section on log verification still relevant info even when WAL is defaulted on?
There was a problem hiding this comment.
Log verification is enabled by default now as part of WAL. The reasoning is that it have minimal impact but great benefits in case of bugs.
I will double check if it's documented as part of the logstore config properly.
Co-authored-by: Michael Zalimeni <[email protected]> Co-authored-by: Jeff Boruszak <[email protected]>
@boruszak I'm not sure I get your point 🤔. The aim of that page is to help users enable an experimental feature and make sure that it's working safely for them. Now that WAL is default that logic don't hold anymore as by making it default we implicitly admit to it being stable enough to make it default. I agree on your point about reverting from WAL to boltdb being important but it's a simple configuration change and don't need any extra steps. The only thing I can think of and that we should call-out, and we can probably document in that page is that:
So to sum it up, when changing the log store backend it's always recommended to:
WYT? |
|
@dhiaayachi For someone who already has BoltDB what steps would they have to take to make the switch? Do we need/have some migration docs somewhere? 🤔 |
@JadhavPoonam the procedure I highlighted in the comment above would be needed. We can add that as documentation. |
| @@ -1055,26 +1055,23 @@ func (s *Server) setupRaft() error { | |||
| stable = wal | |||
| return nil | |||
| } | |||
| // Only use WAL if there is no existing raft.db, even if it's enabled. | |||
|
|
|||
| // Default to WAL if there is no existing raft.db, even if it's enabled. Log a warning otherwise | |||
There was a problem hiding this comment.
| // Default to WAL if there is no existing raft.db, even if it's enabled. Log a warning otherwise | |
| // Default to WAL. Only use WAL if there is no existing raft.db, even if it's enabled. Log a warning otherwise |
~ "even if it's enabled part" doesn't make sense following "Default to WAL". IMO both clarifications are valuable, so we could just combine them.
| } else if s.config.LogStoreConfig.Backend == LogStoreBackendWAL || s.config.LogStoreConfig.Backend == LogStoreBackendDefault { | ||
| // User configured the new storage, but still has old raft.db. Warn | ||
| // them! | ||
| s.logger.Warn("BoltDB file raft.db found, IGNORING raft_logstore.backend which is set to 'wal'") | ||
| } |
There was a problem hiding this comment.
As written, I think this will execute in an unwanted scenario if the following are true:
s.config.LogStoreConfig.Backend == LogStoreBackendWAL!boltFileExists
because the firstifcondition would fail due to WAL being explicitly configured, but the second condition doesn't assert that the boltDB file is present.
IMO it'd be easier to understand this flow and avoid bugs if we separate the condition for the warning from the condition for setting WAL as the default. We could introduce a useWAL var if it seems that'd read more cleanly than this approach. Open to your ideas though.
Description
This PR change the default log store config to use WAL when starting with a fresh database. If a bolt db already exist bolt db will be used as a backend and a warning will be logged.
It also allow the log verifier, enabled by default, to be disabled.
Testing & Reproduction steps
Added tests to verify combination of configs.
PR Checklist