Uploaded image for project: 'Documentation'
  1. Documentation
  2. DOCS-13868

Investigate changes in SERVER-48318: Risk of StaleChunkHistory errors in sharded transactions

    XMLWordPrintable

    Details

    • Type: Task
    • Status: Open
    • Priority: Major - P3
    • Resolution: Unresolved
    • Affects Version/s: None
    • Fix Version/s: 4.7.0
    • Component/s: manual, Server
    • Labels:
      None

      Description

      Description

      Downstream Change Summary

      The snapshot history window is now the max of (minSnapshotHistoryWindowInSeconds, transactionLifetimeLimitSeconds, 10) where 10 seconds is the hardcoded lower bound for snapshot history window. Please refer to Max's comment here https://jira.mongodb.org/browse/SERVER-48318?focusedCommentId=3364500&page=com.atlassian.jira.plugin.system.issuetabpanels%3Acomment-tabpanel#comment-3364500 for the information that should be included in the documentation for transactionLifetimeLimitSeconds.

      Description of Linked Ticket

      While reviewing the changes for SERVER-47785 with Randolph Tan, we wondered if the previous version of the code had a bug. Before, ShardingCatalogManager::commitChunkMigration removed all chunk history entries older than 10 seconds whenever it writes a new entry. Even after, it removes all but one of them.

      A new transaction always chooses a recent timestamp, even with readConcern majority. This is the "speculative majority" behavior. But transactions have a default 60-second lifetime, and chunk history only lasts 10 seconds. Do we see the following?:

      • Start a sharded transaction
      • Choose transaction read timestamp T
      • 10 seconds pass
      • A chunkMove clears history entries before T for chunk C
      • The transaction continues and targets C
      • ChunkInfo::getShardIdAt tries to read at T, throws StaleChunkHistory error
      • mongos returns error to the client with TransientTransactionError label

      Transactions cannot retry StaleChunkHistory (SERVER-39704) and I think this particular case could never be retried, since the history is truly gone.

      If the client uses a driver's withTransaction API then TransientTransactionError will compel it to retry the transaction from the start and probably succeed. It can retry for up to 120 seconds. It would have to be unlucky for the sequence above to repeat for that long.

      However, I think we can reduce the incidence of retries by keeping chunk history for at least transactionLifetimeLimitSeconds.

      Scope of changes

      Impact to Other Docs

      MVP (Work and Date)

      Resources (Scope or Design Docs, Invision, etc.)

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              Unassigned
              Reporter:
              backlog-server-pm Backlog - DB Eng Program Management Team
              Participants:
              Last commenter:
              Andrew Feierabend
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Dates

                Created:
                Updated:
                Days since reply:
                6 weeks, 1 day ago