[SERVER-46473] Config replication and oplog commitment checks must only count voting nodes towards majority Created: 27/Feb/20 Updated: 29/Oct/23 Resolved: 04/Mar/20 |
|
| Status: | Closed |
| Project: | Core Server |
| Component/s: | Replication |
| Affects Version/s: | None |
| Fix Version/s: | 4.4.0-rc0 |
| Type: | Bug | Priority: | Major - P3 |
| Reporter: | William Schultz (Inactive) | Assignee: | Pavithra Vetriselvan |
| Resolution: | Fixed | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Attachments: |
|
||||||||||||||||
| Issue Links: |
|
||||||||||||||||
| Backwards Compatibility: | Fully Compatible | ||||||||||||||||
| Operating System: | ALL | ||||||||||||||||
| Backport Requested: |
v4.4
|
||||||||||||||||
| Sprint: | Repl 2020-03-09 | ||||||||||||||||
| Participants: | |||||||||||||||||
| Description |
|
The config replication and oplog commitment safety checks during reconfig currently use the kConfigMajority write concern mode and a numeric write concern with the majority count of voting nodes. These mechanisms for satisfying write concern do not properly exclude non-voting nodes from the majority count. We should utilize the tag system (e.g. kInternalVoterTagName) to make these majority checks correctly exclude non-voting nodes. Javascript test repros of the bugs are attached. |
| Comments |
| Comment by Githook User [ 04/Mar/20 ] |
|
Author: {'username': 'pvselvan', 'name': 'Pavi Vetriselvan', 'email': 'pvselvan@umich.edu'}Message:
|
| Comment by Githook User [ 03/Mar/20 ] |
|
Author: {'name': 'Pavi Vetriselvan', 'username': 'pvselvan', 'email': 'pvselvan@umich.edu'}Message: |
| Comment by Siyuan Zhou [ 02/Mar/20 ] |
|
I see. How about use write concern kMajorityWriteConcernModeName for oplog commitment? |
| Comment by Pavithra Vetriselvan [ 02/Mar/20 ] |
|
I think config commitment and oplog commitment will need two different tags, separate from kConfigAll, since arbiters can be included for config commitment but should not be counted towards oplog commitment (since they don't have an oplog). So, I will split this ticket into two commits. |
| Comment by William Schultz (Inactive) [ 02/Mar/20 ] |
|
Oplog commitment safety should also be an issue. Using a numeric write concern with no tag awareness means that we may count writes to non-voting nodes to satisfy a write concern, which isn't safe. |
| Comment by Siyuan Zhou [ 02/Mar/20 ] |
|
The oplog commitment safety using a numeric write concern should only count non-arbiter voters, which is correct. Only the config replication is problematic. It should count all voters including arbiters. CC pavithra.vetriselvan to confirm. |