|
So far, I've been able to produce a Drain Mode concept that rejects user CRUD operations but accepts getMores with the following implementation steps:
- Add InDrainMode to the set of error codes. It is in the NotMasterError error class and results in the InDrainMode error label.
- Add a DrainModeSupervisor class that lives as a ServiceContext decoration. This class keeps a simple synchronized state and provides helper methods to verify CommandInvocation pointers. It is what is used to check if drain mode is active.
- Add enterDrainMode and exitDrainMode commands that modify drain mode. These commands had to be added to way too many lists in our JS test suite.
- Call a DrainModeSupervisor helper method in src/mongo/db/service_entry_point_common.cpp. This uasserts and fails out user commands with non-local read or write concern when drain mode is active.
- Check the drain mode in a few different places in repl code to set the status of isMaster response to code: InDrainMode with the right error label.
- Permanently set drain mode on as the first action of shutdown tasks in mongod/mongos.
Surprisingly, this has worked for normal patches and for hand testing of CRUD. I suspect that I'll need to design a more thorough test suite for the non-shutdown CRUD behavior.
|