HBASE-29744: Data loss scenario for WAL files belonging to RS added between backups

Hernan Gelaf-Romer · Hernan Gelaf-Romer · commit 6facd7636dc6 · 2025-12-05T14:33:31.000-05:00
diff --git a/hbase-backup/src/main/java/org/apache/hadoop/hbase/backup/master/BackupLogCleaner.java b/hbase-backup/src/main/java/org/apache/hadoop/hbase/backup/master/BackupLogCleaner.java
@@ -18,11 +18,13 @@
 package org.apache.hadoop.hbase.backup.master;
 
 import java.io.IOException;
+import java.time.Duration;
 import java.util.ArrayList;
 import java.util.Collections;
 import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
+import java.util.Set;
 import java.util.stream.Collectors;
 import org.apache.hadoop.conf.Configuration;
 import org.apache.hadoop.fs.FileStatus;
@@ -32,7 +34,7 @@
 import org.apache.hadoop.hbase.backup.BackupInfo;
 import org.apache.hadoop.hbase.backup.BackupRestoreConstants;
 import org.apache.hadoop.hbase.backup.impl.BackupManager;
-import org.apache.hadoop.hbase.backup.util.BackupUtils;
+import org.apache.hadoop.hbase.backup.impl.BackupSystemTable;
 import org.apache.hadoop.hbase.client.Connection;
 import org.apache.hadoop.hbase.client.ConnectionFactory;
 import org.apache.hadoop.hbase.master.HMaster;
@@ -55,6 +57,10 @@
  */
 @InterfaceAudience.LimitedPrivate(HBaseInterfaceAudience.CONFIG)
 public class BackupLogCleaner extends BaseLogCleanerDelegate {
+  // Adds a buffer to give some allowance when cleaning up WAL files
+  public static final String TS_BUFFER_KEY = "hbase.backup.log.cleaner.timestamp.buffer.ms";
+  private static final long TS_BUFFER_DEFAULT = Duration.ofHours(1).toMillis();
+
   private static final Logger LOG = LoggerFactory.getLogger(BackupLogCleaner.class);
 
   private boolean stopped = false;
@@ -153,19 +159,34 @@ public Iterable<FileStatus> getDeletableFiles(Iterable<FileStatus> files) {
       return files;
     }
 
-    Map<Address, Long> serverToPreservationBoundaryTs;
+    long oldestStartCode = Long.MAX_VALUE;
     try {
-      try (BackupManager backupManager = new BackupManager(conn, getConf())) {
-        serverToPreservationBoundaryTs =
-          serverToPreservationBoundaryTs(backupManager.getBackupHistory(true));
+      try (BackupSystemTable sysTable = new BackupSystemTable(conn)) {
+        Set<String> roots = sysTable.getBackupHistory(true).stream()
+          .map(BackupInfo::getBackupRootDir).collect(Collectors.toSet());
+        if (roots.isEmpty()) {
+          LOG.info("No backups found, can delete all files");
+          return files;
+        }
+
+        for (String root : roots) {
+          long startCode = Long.parseLong(sysTable.readBackupStartCode(root));
+          if (startCode < oldestStartCode) {
+            oldestStartCode = startCode;
+          }
+        }
       }
     } catch (IOException ex) {
       LOG.error("Failed to analyse backup history with exception: {}. Retaining all logs",
         ex.getMessage(), ex);
       return Collections.emptyList();
     }
+
+    oldestStartCode -= getConf().getLong(TS_BUFFER_KEY, TS_BUFFER_DEFAULT);
+    LOG.info("Allowing file deletes for any wal file older than {}", oldestStartCode);
+
     for (FileStatus file : files) {
-      if (canDeleteFile(serverToPreservationBoundaryTs, file.getPath())) {
+      if (canDeleteFile(oldestStartCode, file.getPath())) {
         filteredFiles.add(file);
       }
     }
@@ -200,44 +221,16 @@ public boolean isStopped() {
     return this.stopped;
   }
 
-  protected static boolean canDeleteFile(Map<Address, Long> addressToBoundaryTs, Path path) {
+  protected static boolean canDeleteFile(long oldestStartCode, Path path) {
     if (isHMasterWAL(path)) {
       return true;
     }
 
     try {
-      String hostname = BackupUtils.parseHostNameFromLogFile(path);
-      if (hostname == null) {
-        LOG.warn(
-          "Cannot parse hostname from RegionServer WAL file: {}. Ignoring cleanup of this log",
-          path);
-        return false;
-      }
-      Address walServerAddress = Address.fromString(hostname);
       long walTimestamp = AbstractFSWALProvider.getTimestamp(path.getName());
-
-      if (!addressToBoundaryTs.containsKey(walServerAddress)) {
-        if (LOG.isDebugEnabled()) {
-          LOG.debug("No cleanup WAL time-boundary found for server: {}. Ok to delete file: {}",
-            walServerAddress.getHostName(), path);
-        }
-        return true;
-      }
-
-      Long backupBoundary = addressToBoundaryTs.get(walServerAddress);
-      if (backupBoundary >= walTimestamp) {
-        if (LOG.isDebugEnabled()) {
-          LOG.debug(
-            "WAL cleanup time-boundary found for server {}: {}. Ok to delete older file: {}",
-            walServerAddress.getHostName(), backupBoundary, path);
-        }
+      if (walTimestamp <= oldestStartCode) {
         return true;
       }
-
-      if (LOG.isDebugEnabled()) {
-        LOG.debug("WAL cleanup time-boundary found for server {}: {}. Keeping younger file: {}",
-          walServerAddress.getHostName(), backupBoundary, path);
-      }
     } catch (Exception ex) {
       LOG.warn("Error occurred while filtering file: {}. Ignoring cleanup of this log", path, ex);
       return false;
@@ -248,6 +241,7 @@ protected static boolean canDeleteFile(Map<Address, Long> addressToBoundaryTs, P
   private static boolean isHMasterWAL(Path path) {
     String fn = path.getName();
     return fn.startsWith(WALProcedureStore.LOG_PREFIX)
-      || fn.endsWith(MasterRegionFactory.ARCHIVED_WAL_SUFFIX);
+      || fn.endsWith(MasterRegionFactory.ARCHIVED_WAL_SUFFIX)
+      || path.toString().contains(MasterRegionFactory.MASTER_STORE_DIR);
   }
 }
diff --git a/hbase-backup/src/test/java/org/apache/hadoop/hbase/backup/master/TestBackupLogCleaner.java b/hbase-backup/src/test/java/org/apache/hadoop/hbase/backup/master/TestBackupLogCleaner.java
@@ -21,23 +21,29 @@
 import static org.junit.Assert.assertFalse;
 import static org.junit.Assert.assertTrue;
 
+import com.google.common.collect.ImmutableSet;
+import java.io.IOException;
+import java.util.ArrayList;
 import java.util.Collection;
-import java.util.Collections;
 import java.util.LinkedHashSet;
 import java.util.List;
 import java.util.Map;
 import java.util.Set;
 import org.apache.hadoop.fs.FileStatus;
 import org.apache.hadoop.fs.Path;
 import org.apache.hadoop.hbase.HBaseClassTestRule;
+import org.apache.hadoop.hbase.HRegionLocation;
+import org.apache.hadoop.hbase.ServerName;
 import org.apache.hadoop.hbase.TableName;
 import org.apache.hadoop.hbase.backup.BackupType;
 import org.apache.hadoop.hbase.backup.TestBackupBase;
 import org.apache.hadoop.hbase.backup.impl.BackupSystemTable;
 import org.apache.hadoop.hbase.client.Connection;
 import org.apache.hadoop.hbase.client.Put;
+import org.apache.hadoop.hbase.client.RegionInfo;
 import org.apache.hadoop.hbase.client.Table;
 import org.apache.hadoop.hbase.master.HMaster;
+import org.apache.hadoop.hbase.regionserver.HRegionServer;
 import org.apache.hadoop.hbase.testclassification.LargeTests;
 import org.apache.hadoop.hbase.util.Bytes;
 import org.junit.ClassRule;
@@ -66,6 +72,7 @@ public void testBackupLogCleaner() throws Exception {
     List<TableName> tableSetFull = List.of(table1, table2, table3, table4);
     List<TableName> tableSet14 = List.of(table1, table4);
     List<TableName> tableSet23 = List.of(table2, table3);
+    TEST_UTIL.getConfiguration().setLong(BackupLogCleaner.TS_BUFFER_KEY, 0);
 
     try (BackupSystemTable systemTable = new BackupSystemTable(TEST_UTIL.getConnection())) {
       // Verify that we have no backup sessions yet
@@ -193,35 +200,131 @@ public void testBackupLogCleaner() throws Exception {
       // Taking the minimum timestamp (= 2), this means all WALs preceding B3 can be deleted.
       deletable = cleaner.getDeletableFiles(walFilesAfterB5);
       assertEquals(toSet(walFilesAfterB2), toSet(deletable));
+    } finally {
+      TEST_UTIL.truncateTable(BackupSystemTable.getTableName(TEST_UTIL.getConfiguration())).close();
     }
   }
 
-  private Set<FileStatus> mergeAsSet(Collection<FileStatus> toCopy, Collection<FileStatus> toAdd) {
-    Set<FileStatus> result = new LinkedHashSet<>(toCopy);
-    result.addAll(toAdd);
-    return result;
+  @Test
+  public void testDoesNotDeleteWALsFromNewServers() throws Exception {
+    Path backupRoot1 = new Path(BACKUP_ROOT_DIR, "backup1");
+    List<TableName> tableSetFull = List.of(table1, table2, table3, table4);
+
+    try (BackupSystemTable systemTable = new BackupSystemTable(TEST_UTIL.getConnection())) {
+      LOG.info("Creating initial backup B1");
+      String backupIdB1 = backupTables(BackupType.FULL, tableSetFull, backupRoot1.toString());
+      assertTrue(checkSucceeded(backupIdB1));
+
+      List<FileStatus> walsAfterB1 = getListOfWALFiles(TEST_UTIL.getConfiguration());
+      LOG.info("WALs after B1: {}", walsAfterB1.size());
+
+      String startCodeStr = systemTable.readBackupStartCode(backupRoot1.toString());
+      long b1StartCode = Long.parseLong(startCodeStr);
+      LOG.info("B1 startCode: {}", b1StartCode);
+
+      // Add a new RegionServer to the cluster
+      LOG.info("Adding new RegionServer to cluster");
+      HRegionServer newRS = TEST_UTIL.getMiniHBaseCluster().startRegionServer().getRegionServer();
+      ServerName newServerName = newRS.getServerName();
+      LOG.info("New RegionServer started: {}", newServerName);
+
+      // Move a region to the new server to ensure it creates a WAL
+      List<RegionInfo> regions = TEST_UTIL.getAdmin().getRegions(table1);
+      RegionInfo regionToMove = regions.get(0);
+
+      LOG.info("Moving region {} to new server {}", regionToMove.getEncodedName(), newServerName);
+      TEST_UTIL.getAdmin().move(regionToMove.getEncodedNameAsBytes(), newServerName);
+
+      TEST_UTIL.waitFor(30000, () -> {
+        try {
+          HRegionLocation location = TEST_UTIL.getConnection().getRegionLocator(table1)
+            .getRegionLocation(regionToMove.getStartKey());
+          return location.getServerName().equals(newServerName);
+        } catch (IOException e) {
+          return false;
+        }
+      });
+
+      // Write some data to trigger WAL creation on the new server
+      try (Table t1 = TEST_UTIL.getConnection().getTable(table1)) {
+        for (int i = 0; i < 100; i++) {
+          Put p = new Put(Bytes.toBytes("newserver-row-" + i));
+          p.addColumn(famName, qualName, Bytes.toBytes("val" + i));
+          t1.put(p);
+        }
+      }
+      TEST_UTIL.getAdmin().flushRegion(regionToMove.getEncodedNameAsBytes());
+
+      List<FileStatus> walsAfterNewServer = getListOfWALFiles(TEST_UTIL.getConfiguration());
+      LOG.info("WALs after adding new server: {}", walsAfterNewServer.size());
+      assertTrue("Should have more WALs after new server",
+        walsAfterNewServer.size() > walsAfterB1.size());
+
+      List<FileStatus> newServerWALs = new ArrayList<>(walsAfterNewServer);
+      newServerWALs.removeAll(walsAfterB1);
+      assertFalse("Should have WALs from new server", newServerWALs.isEmpty());
+
+      BackupLogCleaner cleaner = new BackupLogCleaner();
+      cleaner.setConf(TEST_UTIL.getConfiguration());
+      cleaner.init(Map.of(HMaster.MASTER, TEST_UTIL.getHBaseCluster().getMaster()));
+
+      Set<FileStatus> deletable =
+        ImmutableSet.copyOf(cleaner.getDeletableFiles(walsAfterNewServer));
+      for (FileStatus newWAL : newServerWALs) {
+        assertFalse("WAL from new server should NOT be deletable: " + newWAL.getPath(),
+          deletable.contains(newWAL));
+      }
+    } finally {
+      TEST_UTIL.truncateTable(BackupSystemTable.getTableName(TEST_UTIL.getConfiguration())).close();
+    }
   }
 
-  private <T> Set<T> toSet(Iterable<T> iterable) {
-    Set<T> result = new LinkedHashSet<>();
-    iterable.forEach(result::add);
-    return result;
+  @Test
+  public void testCanDeleteFileWithNewServerWALs() {
+    long backupStartCode = 1000000L;
+
+    // Old WAL from before the backup
+    Path oldWAL = new Path("/hbase/oldWALs/server1%2C60020%2C12345.500000");
+    assertTrue("WAL older than backup should be deletable",
+      BackupLogCleaner.canDeleteFile(backupStartCode, oldWAL));
+
+    // WAL from exactly at the backup boundary
+    Path boundaryWAL = new Path("/hbase/oldWALs/server1%2C60020%2C12345.1000000");
+    assertTrue("WAL at boundary should be deletable",
+      BackupLogCleaner.canDeleteFile(backupStartCode, boundaryWAL));
+
+    // WAL from a server that joined AFTER the backup
+    Path newServerWAL = new Path("/hbase/oldWALs/newserver%2C60020%2C99999.1500000");
+    assertFalse("WAL from new server (after backup) should NOT be deletable",
+      BackupLogCleaner.canDeleteFile(backupStartCode, newServerWAL));
   }
 
   @Test
   public void testCleansUpHMasterWal() {
     Path path = new Path("/hbase/MasterData/WALs/hmaster,60000,1718808578163");
-    assertTrue(BackupLogCleaner.canDeleteFile(Collections.emptyMap(), path));
+    assertTrue(BackupLogCleaner.canDeleteFile(Long.MIN_VALUE, path));
   }
 
   @Test
   public void testCleansUpArchivedHMasterWal() {
     Path normalPath =
       new Path("/hbase/oldWALs/hmaster%2C60000%2C1716224062663.1716247552189$masterlocalwal$");
-    assertTrue(BackupLogCleaner.canDeleteFile(Collections.emptyMap(), normalPath));
+    assertTrue(BackupLogCleaner.canDeleteFile(Long.MIN_VALUE, normalPath));
 
     Path masterPath = new Path(
       "/hbase/MasterData/oldWALs/hmaster%2C60000%2C1716224062663.1716247552189$masterlocalwal$");
-    assertTrue(BackupLogCleaner.canDeleteFile(Collections.emptyMap(), masterPath));
+    assertTrue(BackupLogCleaner.canDeleteFile(Long.MIN_VALUE, masterPath));
+  }
+
+  private Set<FileStatus> mergeAsSet(Collection<FileStatus> toCopy, Collection<FileStatus> toAdd) {
+    Set<FileStatus> result = new LinkedHashSet<>(toCopy);
+    result.addAll(toAdd);
+    return result;
+  }
+
+  private <T> Set<T> toSet(Iterable<T> iterable) {
+    Set<T> result = new LinkedHashSet<>();
+    iterable.forEach(result::add);
+    return result;
   }
 }
