[SERVER-33159] RTT storage recovery from unclean shutdown expects all WT tables to exist Created: 07/Feb/18  Updated: 29/Oct/23  Resolved: 28/Feb/18

Status: Closed
Project: Core Server
Component/s: Storage
Affects Version/s: None
Fix Version/s: 3.7.3

Type: New Feature Priority: Major - P3
Reporter: Daniel Gottlieb (Inactive) Assignee: Kyle Suarez
Resolution: Fixed Votes: 0
Labels: rollback-functional
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Depends
is depended on by SERVER-29213 Have KVWiredTigerEngine implement Sto... Closed
Related
related to SERVER-33161 Postpone WiredTigerKVEngine table dro... Closed
related to SERVER-44391 Refine startup cleanup of tmpfiles fo... Closed
related to SERVER-49301 remove startingAfterUncleanShutdown d... Closed
Backwards Compatibility: Fully Compatible
Sprint: Repl 2018-02-26, Repl 2018-03-12
Participants:

 Description   

Creating/dropping WiredTiger tables are not "transactionable" operations, they take effect immediately. MongoDB maps collections (and indexes) to WiredTiger tables with the following algorithm:

Create:

  1. Create the WiredTiger table.
  2. Create the collection document in the `_mdb_catalog` referencing the table.

Drop:

  1. Remove the collection document from the `_mdb_catalog`.
  2. Remove the WiredTiger table.

If a crash happens, there are three cases to consider:

  1. Both the collection document and the table exist. Everything is fine.
  2. The collection document is missing, but the table exists. It's legal to drop the table.
  3. The collection document exists, but the table is missing. The algorithm forbids this state.

However, a combination of stable checkpoints and turning off journaling for the `_mdb_catalog` changes this expectation. When a node crashes, the data on disk may still contain the `_mdb_catalog` entry for a dropped collection, but the table will be missing.

This ticket is to coerce the storage engine into believing this is a legal state, specifically in the case of crash recovery. In this mode, the storage engine will drop collections documents from the `_mdb_catalog` when their corresponding table is found not to exist. There's a followup ticket, to be written, where the goal is to make storage engine drops safe in this regard in a more robust way.



 Comments   
Comment by Githook User [ 28/Feb/18 ]

Author:

{'email': 'kyle.suarez@mongodb.com', 'name': 'Kyle Suarez', 'username': 'ksuarz'}

Message: SERVER-33159 don't assume all tables exist in storage engine after unclean shutdown
Branch: master
https://github.com/mongodb/mongo/commit/33cf3f0d47260a3b2e55d7cb3ed5e4fd22f4d255

Generated at Thu Feb 08 04:32:30 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.