[SERVER-35731] Prevent a repaired node from re-joining a replica set Created: 21/Jun/18 Updated: 29/Oct/23 Resolved: 17/Aug/18 |
|
| Status: | Closed |
| Project: | Core Server |
| Component/s: | None |
| Affects Version/s: | None |
| Fix Version/s: | 4.0.3, 4.1.3 |
| Type: | Task | Priority: | Major - P3 |
| Reporter: | Louis Williams | Assignee: | Louis Williams |
| Resolution: | Fixed | Votes: | 0 |
| Labels: | nyc | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||||||||||||||
| Backwards Compatibility: | Minor Change | ||||||||||||||||
| Backport Requested: |
v4.0
|
||||||||||||||||
| Sprint: | Storage NYC 2018-07-16, Storage NYC 2018-07-30, Storage NYC 2018-08-13, Storage NYC 2018-08-27 | ||||||||||||||||
| Participants: | |||||||||||||||||
| Linked BF Score: | 12 | ||||||||||||||||
| Description |
|
When MongoDB is started with --repair, the repair process will attempt to salvage data at the expense of potential data loss so that MongoDB can be started normally. If a user is unaware they have lost data, they may attempt to add the node back to its original replica set. In the worst-case scenario, this node will become primary and data will appear to go missing. There are currently no measures in place to prevent a secondary with data modified offline from re-joining its original replica set (even without repair). Solution: If repair modifies storage metadata or collections (not indexes), repair will add a top-level field "repaired: true" to the local.system.replset configuration document. This will invalidate the document and prevent the node from re-joining as a member of the replica set. When the server starts up again normally, a warning will be printed with instructions for performing a re-sync. Additionally, if a repair operation fails for any reason, the node will be unable to start up again without the --repair option. The presence of a "_repair_incomplete" file in the dbpath indicates that a repair operation did not complete, and will prevent a mongod from starting up. |
| Comments |
| Comment by Githook User [ 18/Sep/18 ] |
|
Author: {'name': 'Louis Williams', 'email': 'louis.williams@mongodb.com', 'username': 'louiswilliams'}Message: (cherry picked from commit 17686781044525b9c3fbdf06ca326c8f4fb383ba) Conflicts: |
| Comment by Githook User [ 17/Aug/18 ] |
|
Author: {'name': 'Louis Williams', 'email': 'louis.williams@mongodb.com', 'username': 'louiswilliams'}Message: |