Kezdőlap Felfedezés Súgó
Regisztráció Bejelentkezés
lqb
/
elasticsearch
tükrözi: https://gitee.com/mirrors/elasticsearch.git
1
0
Másolás 0
Fájlok Problémák 0 Wiki
Fa: 1364f50cbf
Branch-ok Tag-ek
elasticsearch
/
docs
/
reference
/
troubleshooting
/
corruption-issues.asciidoc

corruption-issues.asciidoc 5.0 KB
Előzmények Nyers

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889909192 
  1. [[corruption-troubleshooting]]
    2. 

  2. == Troubleshooting corruption
    3. 

  3. 

  4. {es} expects that the data it reads from disk is exactly the data it previously
    5. 

  5. wrote. If it detects that the data on disk is different from what it wrote then
    6. 

  6. it will report some kind of exception such as:
    7. 

  7. 

  8. - `org.apache.lucene.index.CorruptIndexException`
    9. 

  9. - `org.elasticsearch.gateway.CorruptStateException`
    10. 

  10. - `org.elasticsearch.index.translog.TranslogCorruptedException`
    11. 

  11. 

  12. Typically these exceptions happen due to a checksum mismatch. Most of the data
    13. 

  13. that {es} writes to disk is followed by a checksum using a simple algorithm
    14. 

  14. known as CRC32 which is fast to compute and good at detecting the kinds of
    15. 

  15. random corruption that may happen when using faulty storage. A CRC32 checksum
    16. 

  16. mismatch definitely indicates that something is faulty, although of course a
    17. 

  17. matching checksum doesn't prove the absence of corruption.
    18. 

  18. 

  19. Verifying a checksum is expensive since it involves reading every byte of the
    20. 

  20. file which takes significant effort and might evict more useful data from the
    21. 

  21. filesystem cache, so systems typically don't verify the checksum on a file very
    22. 

  22. often. This is why you tend only to encounter a corruption exception when
    23. 

  23. something unusual is happening. For instance, corruptions are often detected
    24. 

  24. during merges, shard movements, and snapshots. This does not mean that these
    25. 

  25. processes are causing corruption: they are examples of the rare times where
    26. 

  26. reading a whole file is necessary. {es} takes the opportunity to verify the
    27. 

  27. checksum at the same time, and this is when the corruption is detected and
    28. 

  28. reported. It doesn't indicate the cause of the corruption or when it happened.
    29. 

  29. Corruptions can remain undetected for many months.
    30. 

  30. 

  31. The files that make up a Lucene index are written sequentially from start to
    32. 

  32. end and then never modified or overwritten. This access pattern means the
    33. 

  33. checksum computation is very simple and can happen on-the-fly as the file is
    34. 

  34. initially written, and also makes it very unlikely that an incorrect checksum
    35. 

  35. is due to a userspace bug at the time the file was written. The routine that
    36. 

  36. computes the checksum is straightforward, widely used, and very well-tested, so
    37. 

  37. you can be very confident that a checksum mismatch really does indicate that
    38. 

  38. the data read from disk is different from the data that {es} previously wrote.
    39. 

  39. 

  40. The files that make up a Lucene index are written in full before they are used.
    41. 

  41. If a file is needed to recover an index after a restart then your storage
    42. 

  42. system previously confirmed to {es} that this file was durably synced to disk.
    43. 

  43. On Linux this means that the `fsync()` system call returned successfully. {es}
    44. 

  44. sometimes detects that an index is corrupt because a file needed for recovery
    45. 

  45. has been truncated or is missing its footer. This indicates that your storage
    46. 

  46. system acknowledges durable writes incorrectly.
    47. 

  47. 

  48. There are many possible explanations for {es} detecting corruption in your
    49. 

  49. cluster. Databases like {es} generate a challenging I/O workload that may find
    50. 

  50. subtle infrastructural problems which other tests may miss. {es} is known to
    51. 

  51. expose the following problems as file corruptions:
    52. 

  52. 

  53. - Filesystem bugs, especially in newer and nonstandard filesystems which might
    54. 

  54.   not have seen enough real-world production usage to be confident that they
    55. 

  55. work correctly.
    56. 

  56. 

  57. - https://www.elastic.co/blog/canonical-elastic-and-google-team-up-to-prevent-data-corruption-in-linux[Kernel bugs].
    58. 

  58. 

  59. - Bugs in firmware running on the drive or RAID controller.
    60. 

  60. 

  61. - Incorrect configuration, for instance configuring `fsync()` to report success
    62. 

  62.   before all durable writes have completed.
    63. 

  63. 

  64. - Faulty hardware, which may include the drive itself, the RAID controller,
    65. 

  65.   your RAM or CPU.
    66. 

  66. 

  67. Data corruption typically doesn't result in other evidence of problems apart
    68. 

  68. from the checksum mismatch. Do not interpret this as an indication that your
    69. 

  69. storage subsystem is working correctly and therefore that {es} itself caused
    70. 

  70. the corruption. It is rare for faulty storage to show any evidence of problems
    71. 

  71. apart from the data corruption, but data corruption itself is a very strong
    72. 

  72. indicator that your storage subsystem is not working correctly.
    73. 

  73. 

  74. To rule out {es} as the source of data corruption, generate an I/O workload
    75. 

  75. using something other than {es} and look for data integrity errors. On Linux
    76. 

  76. the `fio` and `stress-ng` tools can both generate challenging I/O workloads and
    77. 

  77. verify the integrity of the data they write. Use version 0.12.01 or newer of
    78. 

  78. `stress-ng` since earlier versions do not have strong enough integrity checks.
    79. 

  79. You can check that durable writes persist across power outages using a script
    80. 

  80. such as https://gist.github.com/bradfitz/3172656[`diskchecker.pl`].
    81. 

  81. 

  82. To narrow down the source of the corruptions, systematically change components
    83. 

  83. in your cluster's environment until the corruptions stop. The details will
    84. 

  84. depend on the exact configuration of your hardware, but may include the
    85. 

  85. following:
    86. 

  86. 

  87. - Try a different filesystem or a different kernel.
    88. 

  88. 

  89. - Try changing each hardware component in turn, ideally changing to a different
    90. 

  90.   model or manufacturer.
    91. 

  91. 

  92. - Try different firmware versions for each hardware component.
    93.