[SERVER-35731] Prevent a repaired node from re-joining a replica set Created: 21/Jun/18  Updated: 29/Oct/23  Resolved: 17/Aug/18

Status: Closed
Project: Core Server
Component/s: None
Affects Version/s: None
Fix Version/s: 4.0.3, 4.1.3

Type: Task Priority: Major - P3
Reporter: Louis Williams Assignee: Louis Williams
Resolution: Fixed Votes: 0
Labels: nyc
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Backports
Documented
is documented by DOCS-11987 Docs for SERVER-35731: Prevent a repa... Closed
Related
Backwards Compatibility: Minor Change
Backport Requested:
v4.0
Sprint: Storage NYC 2018-07-16, Storage NYC 2018-07-30, Storage NYC 2018-08-13, Storage NYC 2018-08-27
Participants:
Linked BF Score: 12

 Description   

When MongoDB is started with --repair, the repair process will attempt to salvage data at the expense of potential data loss so that MongoDB can be started normally.

If a user is unaware they have lost data, they may attempt to add the node back to its original replica set. In the worst-case scenario, this node will become primary and data will appear to go missing.

There are currently no measures in place to prevent a secondary with data modified offline from re-joining its original replica set (even without repair).

Solution: If repair modifies storage metadata or collections (not indexes), repair will add a top-level field "repaired: true" to the local.system.replset configuration document. This will invalidate the document and prevent the node from re-joining as a member of the replica set. When the server starts up again normally, a warning will be printed with instructions for performing a re-sync.

Additionally, if a repair operation fails for any reason, the node will be unable to start up again without the --repair option. The presence of a "_repair_incomplete" file in the dbpath indicates that a repair operation did not complete, and will prevent a mongod from starting up.



 Comments   
Comment by Githook User [ 18/Sep/18 ]

Author:

{'name': 'Louis Williams', 'email': 'louis.williams@mongodb.com', 'username': 'louiswilliams'}

Message: SERVER-35731 Prevent a repaired node from re-joining a replica set

(cherry picked from commit 17686781044525b9c3fbdf06ca326c8f4fb383ba)

Conflicts:
src/mongo/base/error_codes.err
src/mongo/db/repair_database_and_check_version.cpp
src/mongo/db/storage/SConscript
Branch: v4.0
https://github.com/mongodb/mongo/commit/d4be161a6010b7ce37bca91ae5b9a9485ca07cac

Comment by Githook User [ 17/Aug/18 ]

Author:

{'name': 'Louis Williams', 'email': 'louis.williams@mongodb.com', 'username': 'louiswilliams'}

Message: SERVER-35731 Prevent a repaired node from re-joining a replica set
Branch: master
https://github.com/mongodb/mongo/commit/17686781044525b9c3fbdf06ca326c8f4fb383ba

Generated at Thu Feb 08 04:40:45 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.