[SERVER-61066] Make shardsvr DDL commands check primary status after marking opCtx as interruptible Created: 28/Oct/21  Updated: 29/Oct/23  Resolved: 04/Nov/21

Status: Closed
Project: Core Server
Component/s: Sharding
Affects Version/s: 5.0.0
Fix Version/s: 5.0.5

Type: Task Priority: Major - P3
Reporter: Jordi Serra Torrens Assignee: Jordi Serra Torrens
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Depends
Related
is related to SERVER-58246 Commands flagged as 'never allowed on... Closed
Backwards Compatibility: Fully Compatible
Participants:
Linked BF Score: 25

 Description   

SERVER-58246 outlines a race condition where a command that was marked as never allowed on secondaries and later set it's opCtx as interruptible on stepdown, may actually run on a now secondary uninterrupted. In SERVER-58246 it was decided that it was not feasible to prevent this at the command infrastructure layer.

This ticket is to prevent this race from happening on legacy (pre-5.0) DDL operations. Since the legacy DDL is not network-partition tolerant, a stepped-down former primary running DDL concurrently with a new primary may cause harm. Interrupting the DDL as soon as a node realizes is no longer primary mitigates this situation, although it doesn't prevent from happening it in the actual network-partition scenario.

On FCV 5.0, since the new DDL coordinators are tolerant to split brain scenarios, this is not required for correctness.



 Comments   
Comment by Githook User [ 04/Nov/21 ]

Author:

{'name': 'Jordi Serra Torrens', 'email': 'jordi.serra-torrens@mongodb.com', 'username': 'jordist'}

Message: SERVER-61066 Make shardsvr DDL commands check primary status after marking opCtx as interruptible
Branch: v5.0
https://github.com/mongodb/mongo/commit/83e44b2e775ab8ffeeadf711f709a7fe1b3199b9

Generated at Thu Feb 08 05:51:27 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.