[SERVER-25492] mongod startup should gracefully handle invalid view definitions Created: 08/Aug/16  Updated: 02/Dec/16  Resolved: 17/Aug/16

Status: Closed
Project: Core Server
Component/s: Storage
Affects Version/s: None
Fix Version/s: 3.3.12

Type: Bug Priority: Major - P3
Reporter: Max Hirschhorn Assignee: Kyle Suarez
Resolution: Done Votes: 0
Labels: read-only-views
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Documented
is documented by DOCS-9464 Consider documenting behavior when ta... Closed
Backwards Compatibility: Fully Compatible
Operating System: ALL
Steps To Reproduce:

python buildscripts/resmoke.py --executor=no_server bad_view.js

bad_view.js

var dbpath = MongoRunner.dataPath;
resetDbpath(dbpath);
 
var options = {
    dbpath: dbpath,
    noCleanData: true,
    setParameter: "enableViews=1",
};
var conn = MongoRunner.runMongod(options);
assert.neq(null, conn, "mongod failed to start up with options: " + tojson(options));
 
// Insert directly into the system.views collection to bypass the validation that the
// "create" command performs.
assert.writeOK(conn.getDB("test").system.views.insert({pipeline: "bad type"}));
 
// Try to restart the mongod.
MongoRunner.stopMongod(conn);
conn = MongoRunner.runMongod(options);
assert.neq(null, conn, "mongod failed to start up with options: " + tojson(options));

Output

[js_test:bad_view] 2016-08-08T17:05:23.381-0400 d20011| 2016-08-08T17:05:23.380-0400 I STORAGE  [initandlisten] exception in initAndListen: 182 invalid view definitions reading 'test.system.views', terminating
...
[js_test:bad_view] 2016-08-08T17:05:23.523-0400 2016-08-08T17:05:23.522-0400 E QUERY    [thread1] Error: [null] != [null] are equal : mongod failed to start up with options: {
[js_test:bad_view] 2016-08-08T17:05:23.523-0400   "dbpath" : "/data/db/job0/mongorunner/",
[js_test:bad_view] 2016-08-08T17:05:23.524-0400   "noCleanData" : true,
[js_test:bad_view] 2016-08-08T17:05:23.524-0400   "setParameter" : "enableViews=1"
[js_test:bad_view] 2016-08-08T17:05:23.524-0400 } :
[js_test:bad_view] 2016-08-08T17:05:23.524-0400 doassert@src/mongo/shell/assert.js:15:14
[js_test:bad_view] 2016-08-08T17:05:23.524-0400 assert.neq@src/mongo/shell/assert.js:128:5
[js_test:bad_view] 2016-08-08T17:05:23.525-0400 @bad_view.js:20:1
[js_test:bad_view] 2016-08-08T17:05:23.525-0400 failed to load: bad_view.js

Sprint: Integration 2016-08-29
Participants:

 Description   

The current behavior is for mongod to fail to start. This is unacceptable because it doesn't allow for any user remediation to drop invalid view definitions.



 Comments   
Comment by Kyle Suarez [ 17/Aug/16 ]

I'm marking this as "Documentation changes needed" to ensure that we document the behavior of the server in the event a user manually tampers with system.views.

Comment by Githook User [ 17/Aug/16 ]

Author:

{u'username': u'ksuarz', u'name': u'Kyle Suarez', u'email': u'kyle.suarez@mongodb.com'}

Message: SERVER-25492 mongod gracefully handles invalid views on startup

Allows mongod to be (re)started, even in the presence of invalid view
definitions in system.views. View operations will fail until the offending views
are removed.
Branch: master
https://github.com/mongodb/mongo/commit/4eaa5aafce9457ed0f90c5099eee45ab12e9c3a3

Comment by Geert Bosch [ 17/Aug/16 ]

Discussion with schwerin led us to use an explicit system.views collection, but not prohibit direct access as trying to make exceptions based on recovery-state, internal vs external client etc tends to get messy/buggy. Direct access can be limited instead through the usual authorization mechanisms where needed.

It is the case today that you can get your system in bad state by directly writing to system collections.

Comment by Kyle Suarez [ 09/Aug/16 ]

pasette, that was our original intention, but because of the way the replication system works, geert.bosch determined it would not be possible to prohibit inconsistencies in system.views.

Comment by Daniel Pasette (Inactive) [ 08/Aug/16 ]

Is there any reason to allow direct inserts into system.views? Let's turn this off at the source.

Generated at Thu Feb 08 04:09:20 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.