Ceph

pushed wip-osd-readhole with some old incomplete work on this. here's a brain dump of where my thinking is/was on this.

the basic idea is that the primary will stop servicing reads once if it hasn't gotten an ping ack from its replicas in heartbeat_interval seconds. if the pg mapping changes but no osds go down, this is not really a problem; the peering messages that get exchanged ensure the peer has the latest map. but in the case that an osd goes down, we want to know that the peer osd saw that map, or the best upper bound on when the last replica ack it could have gotten was.

1. block reads after heartbeat_interval seconds without a replica ack.

2. after peering, wait heartbeat_interval seconds after our upper bound on when the last interval ended. initially assume this is now. that is technically sufficient to close the hole, but will introduce long delays each time a new peering interval starts.

down osds are the culprit. There are 3 cases to consider:

1. normal osd failure -- the last ack sent to the failed osd by old replicas needs to be communicated to the new primary.

- keep track of when last hb was acked for all hb peers
 - share that with the primary during peering.
 - make primary use that information to try to build a lower upper bound on the last ack the old primary could have received.

2. osd marks itself down -- new primaries needs to know it knew it was going down.

- mark this in the osdmap somehow?

3. 'ceph osd down NNN' or wrongly marked down.

- after we are (wrongly) marked down, keep answering pings on the old hb interface for heartbeat interval seconds.
 - in hb acks, share our min(osdmap epoch) across pgs
 - make replicas share old primary min_pg_epoch_consumed value with new primaries?

unfortunately lots of different threads here, all aiming to build a better upper bound on when the down osd must have stopped processing reads.