8:59 a.m.
On Wed, May 23, 2018 at 08:21:40AM -0400, Jeff Layton wrote:
+Lifting the Grace Period
+------------------------
+Transitioning from recovery to normal operation really consists of two
+different steps:
+
+1. the server decides that it no longer requires a grace period, either
+ due to it timing out or there not being any clients that would be
+ allowed to reclaim.
+
+2. the server stops enforcing the grace period and transitions to normal
+ operation
+
+These concepts are often conflated in a singleton servers, but in
+a cluster we must consider them independently.
+
+When a server is finished with its own local recovery period, it should
+clear its NEED flag. That server should continue enforcing the grace
+period however until the grace period is fully lifted.
I'd also state explicitly that a server must not permit reclaims after
clearing its NEED flag.
(I guess it's implied by #1 above, but there might be a temptation to
say "oh I'm still in the grace period, I can be nice and let in this
late reclaim". But NEED is your only guarantee that nobody else is
granting non-reclaim locks, so once you've cleared it it's no longer
safe to accept reclaims.)
--b