DAOS-16878 pool: Reduce unexpected DER_NO_SERVICEs

[liw]

It has been observed that pool_svc_step_up_cb may encounter a
-DER_NOTLEADER and pass it to ds_pool_failed_add. This error is a
replica error and may be transient; it doesn't indicate that the PS is
unavailable. This patch addresses the observed scenario by replacing the
ds_pool_failed_add call from pool_svc_step_up_cb with a special
up-but-with-error mode for the PS, which can only serve requests by
returning an error.

• Add pool_svc.ps_error for indicating the special up-but-with-error
  mode. Check and return it in pool_svc_lookup_leader. Handle it
  specially in callers of pool_svc_lookup.

• Use this new mode only for a conservative set of errors. Including
  an error by mistake is worse than missing an error.

• Add pool UUIDs to a few log messages to make future debugging
  easier.

The ds_pool_failed_add mechanism should be used for replica errors only.
And, such errors should not immediately stop PS clients from trying
other replicas. This issue is relatively tricky and will not be
addressed by the current patch.

Features: pool
Skip-nlt: true

Before requesting gatekeeper:

• Two review approvals and any prior change requests have been resolved.
• Testing is complete and all tests passed or there is a reason documented in the PR why it should be force landed and forced-landing tag is set.
• Features: (or Test-tag*) commit pragma was used or there is a reason documented that there are no appropriate tags for this PR.
• Commit messages follows the guidelines outlined here.
• Any tests skipped by the ticket being addressed have been run and passed in the PR.

Gatekeeper:

• You are the appropriate gatekeeper to be landing the patch.
• The PR has 2 reviews by people familiar with the code, including appropriate owners.
• Githooks were used. If not, request that user install them and check copyright dates.
• Checkpatch issues are resolved. Pay particular attention to ones that will show up on future PRs.
• All builds have passed. Check non-required builds for any new compiler warnings.
• Sufficient testing is done. Check feature pragmas and test tags and that tests skipped for the ticket are run and now pass with the changes.
• If applicable, the PR has addressed any potential version compatibility issues.
• Check the target branch. If it is master branch, should the PR go to a feature branch? If it is a release branch, does it have merge approval in the JIRA ticket.
• Extra checks if forced landing is requested
  • Review comments are sufficiently resolved, particularly by prior reviewers that requested changes.
  • No new NLT or valgrind warnings. Check the classic view.
  • Quick-build or Quick-functional is not used.
• Fix the commit message upon landing. Check the standard here. Edit it to create a single commit. If necessary, ask submitter for a new summary.

[github-actions]

Ticket title is 'LRZ: Pool Service not accessible'
Status is 'Open'
Labels: 'LRZ'
https://daosio.atlassian.net/browse/DAOS-16878

[daosbuild1]

Test stage Build on EL 8 completed with status FAILURE. https://build.hpdd.intel.com//job/daos-stack/job/daos/view/change-requests/job/PR-15665/3/execution/node/347/log

[daosbuild1]

Test stage Build RPM on EL 9 completed with status FAILURE. https://build.hpdd.intel.com//job/daos-stack/job/daos/view/change-requests/job/PR-15665/3/execution/node/332/log

[daosbuild1]

Test stage Build RPM on Leap 15.5 completed with status FAILURE. https://build.hpdd.intel.com//job/daos-stack/job/daos/view/change-requests/job/PR-15665/3/execution/node/322/log

[daosbuild1]

Test stage Build RPM on EL 8 completed with status FAILURE. https://build.hpdd.intel.com//job/daos-stack/job/daos/view/change-requests/job/PR-15665/3/execution/node/386/log

[daosbuild1]

Test stage Build DEB on Ubuntu 20.04 completed with status FAILURE. https://build.hpdd.intel.com//job/daos-stack/job/daos/view/change-requests/job/PR-15665/3/execution/node/329/log

[daosbuild1]

Test stage Build on Leap 15.5 with Intel-C and TARGET_PREFIX completed with status FAILURE. https://build.hpdd.intel.com//job/daos-stack/job/daos/view/change-requests/job/PR-15665/3/execution/node/509/log

[kccain]

I took a look at the PR in draft form, looks good since PS step_up/step_down will no longer manipulate the contents of pool_svc_failed_list. So with this PR the only possible up but errored svc->ps_error value could be -DER_DF_INCOMPT?

[liw]

New NLT issue: https://daosio.atlassian.net/browse/DAOS-16926

[liw]

I took a look at the PR in draft form, looks good since PS step_up/step_down will no longer manipulate the contents of pool_svc_failed_list. So with this PR the only possible up but errored svc->ps_error value could be -DER_DF_INCOMPT?

@kccain, yes, only -DER_DF_INCOMPT to begin with. The reason is two-fold:

1. The original motivation of pool_svc_failed_list was cases related to -DER_DF_INCOMPT, IIRC.
2. The nature of the Jira ticket is that some errors, such as -DER_NOTLEADER, should not cause the PS to become "failed". Since a) it's easier to identify "failed" errors than non-"failed" errors, and b) catching unintended "failed" errors (PS keeps returning errors) sounds worse than missing "failed" errors (PS elections keep happening), I started with a conservative "failed" error list.

[daltonbohning]

I restarted the Jenkins pipeline due to a pipeline-lib bug fix

[liw]

I restarted the Jenkins pipeline due to a pipeline-lib bug fix

Thanks, @daltonbohning.

[liw]

Restart a system and inject a -DER_DF_INCOMPT when a PS steps up:

Engine stdout/stderr:
daos_engine:1 d708da77: rank 4 became pool service leader 2 with error: DER_DF_INCOMPT(-2023): 'Incompatible durable format version'

Query completes immediately:
[liw2@wolf-410 daos]$ dmg -o ~/daos_control.yml pool query test-pool-0
ERROR: dmg: pool query failed: DER_DF_INCOMPT(-2023): Incompatible durable format version

Killing an engine doesn't trigger any PS action in this state

Killing the PS leader to trigger another step up without injecting faults:

Engine stdout/stderr:
daos_engine:0 d708da77: rank 7 became pool service leader 3: srv_pool_hdl=42333d8e srv_cont_hdl=713e7134

Query works again

Killing the PS leader again to trigger yet another step up with a -DER_NOTLEADER injected:

Query still works

No engine log includes ds_pool_failed_add

Destroying an up-but-with-error pool also works.

[daosbuild1]

Test stage Functional Hardware Large completed with status FAILURE. https://build.hpdd.intel.com//job/daos-stack/job/daos/view/change-requests/job/PR-15665/8/execution/node/1389/log

[daosbuild1]

Test stage Functional Hardware Medium completed with status FAILURE. https://build.hpdd.intel.com//job/daos-stack/job/daos/view/change-requests/job/PR-15665/8/execution/node/1373/log

[liw]

The Functional Hardware Large/Medium failures are all non-PR tests pulled in by Features: pool, and are one known issue DAOS-16921.

[wangshilong]

Looks reasonable.