Uploaded image for project: 'Documentation'
  1. Documentation
  2. DOCS-13868

Investigate changes in SERVER-48318: Risk of StaleChunkHistory errors in sharded transactions



    • Task
    • Status: Closed
    • Major - P3
    • Resolution: Done
    • None
    • 4.7.0
    • manual, Server
    • None
    • 3
    • ServerDocs2021: Oct5 - Oct12
    • true



      Downstream Change Summary

      The snapshot history window is now the max of (minSnapshotHistoryWindowInSeconds, transactionLifetimeLimitSeconds, 10) where 10 seconds is the hardcoded lower bound for snapshot history window. Please refer to Max's comment here https://jira.mongodb.org/browse/SERVER-48318?focusedCommentId=3364500&page=com.atlassian.jira.plugin.system.issuetabpanels%3Acomment-tabpanel#comment-3364500 for the information that should be included in the documentation for transactionLifetimeLimitSeconds.

      Description of Linked Ticket

      While reviewing the changes for SERVER-47785 with renctan, we wondered if the previous version of the code had a bug. Before, ShardingCatalogManager::commitChunkMigration removed all chunk history entries older than 10 seconds whenever it writes a new entry. Even after, it removes all but one of them.

      A new transaction always chooses a recent timestamp, even with readConcern majority. This is the "speculative majority" behavior. But transactions have a default 60-second lifetime, and chunk history only lasts 10 seconds. Do we see the following?:

      • Start a sharded transaction
      • Choose transaction read timestamp T
      • 10 seconds pass
      • A chunkMove clears history entries before T for chunk C
      • The transaction continues and targets C
      • ChunkInfo::getShardIdAt tries to read at T, throws StaleChunkHistory error
      • mongos returns error to the client with TransientTransactionError label

      Transactions cannot retry StaleChunkHistory (SERVER-39704) and I think this particular case could never be retried, since the history is truly gone.

      If the client uses a driver's withTransaction API then TransientTransactionError will compel it to retry the transaction from the start and probably succeed. It can retry for up to 120 seconds. It would have to be unlucky for the sequence above to repeat for that long.

      However, I think we can reduce the incidence of retries by keeping chunk history for at least transactionLifetimeLimitSeconds.

      Scope of changes

      Impact to Other Docs

      MVP (Work and Date)

      Resources (Scope or Design Docs, Invision, etc.)


        Issue Links



              jason.price@mongodb.com Jason Price
              backlog-server-pm Backlog - Core Eng Program Management Team
              Jason Price Jason Price
              Jeffrey Allen Jeffrey Allen
              Max Hirschhorn
              0 Vote for this issue
              2 Start watching this issue


                44 weeks, 1 day ago