Details
-
Bug
-
Resolution: Won't Do
-
Major - P3
-
None
-
None
Description
RE: https://docs.mongodb.org/manual/core/replica-set-rollbacks/
A rollback reverts write operations on a former primary when the member ...
This wording suggests that being a former Primary is a requirement. It isn't. A member that has only ever been secondary can experience a rollback, even a hidden member can be forced to perform a rollback.
Example:
Take a 5 member, all data-bearing, replica-set. Issue constant stream of writes to the Primary. Now network partition such that the Primary and one Secondary (perhaps even hidden) get isolated together. These can continue taking writes for a brief period, and the nearby Secondary will replicate these writes (this occurs regardless of WriteConcern, though those clients will not receive any confirmation when w='majority' because it can't be satisfied). When the split is detected by each group, the Primary steps down and the other group will independently elect a new Primary - which can take writes. If writes are made to the new Primary before the split is solved, then a rollback is required on the "old Primary"... but so is a rollback required on its nearby Secondary - a member which has never been Primary.
Dunno if we want to express all of this, but we need to weaken the description that a rollback occurs on a "former Primary" etc.