[SERVER-77237] Fail the tenant migration if the recipient sees any donor QE oplog entries Created: 17/May/23  Updated: 29/Oct/23  Resolved: 01/Jun/23

Status: Closed
Project: Core Server
Component/s: None
Affects Version/s: None
Fix Version/s: 7.1.0-rc0, 7.0.0-rc3

Type: Bug Priority: Major - P3
Reporter: Suganthi Mani Assignee: Suganthi Mani
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Backports
Related
related to SERVER-78320 Fail the shard merge if the recipient... Closed
is related to SERVER-77236 (umbrella ticket) Merge supports Que... Closed
Assigned Teams:
Serverless
Backwards Compatibility: Fully Compatible
Operating System: ALL
Backport Requested:
v7.0
Sprint: Server Serverless 2023-06-12
Participants:

 Description   

Tenant migration’s tenant oplog applier doesn’t handle retryable internal transaction writes properly.  And, queryable encryption (QE) uses retryable internal transaction machinery. This means, retrying the QE write ops on recipient after migration commit, can cause duplicate commits. So, as short-term fix, server should block QE when run in Serverless mode in 7.0. ( see SERVER-77236 for long-term fix).

EDIT: We have decided to go with the short-term fix as “fail the tenant migration if the recipient sees any donor QE oplog entries <= 7.0”.



 Comments   
Comment by Githook User [ 01/Jun/23 ]

Author:

{'name': 'Suganthi Mani', 'email': 'suganthi.mani@mongodb.com', 'username': 'smani87'}

Message: SERVER-77237 Fail tenant migration upon observing an internal session for retryable writes.

(cherry picked from commit 2a43d888fa8ffa8525f40112eee427eaf75f059c)
(cherry picked from commit 8e4e316f9b6a6799cb030e4f1f9f6012bb8416c1)
Branch: v7.0
https://github.com/mongodb/mongo/commit/19114d2ea30b7649dc2f55a6139c48bac796cb68

Comment by Githook User [ 01/Jun/23 ]

Author:

{'name': 'Suganthi Mani', 'email': 'suganthi.mani@mongodb.com', 'username': 'smani87'}

Message: SERVER-77237 Get non-sequential error code for backward compatibility.
Branch: master
https://github.com/mongodb/mongo/commit/8e4e316f9b6a6799cb030e4f1f9f6012bb8416c1

Comment by Githook User [ 01/Jun/23 ]

Author:

{'name': 'Suganthi Mani', 'email': 'suganthi.mani@mongodb.com', 'username': 'smani87'}

Message: SERVER-77237 Fail tenant migration upon observing an internal session for retryable writes.
Branch: master
https://github.com/mongodb/mongo/commit/2a43d888fa8ffa8525f40112eee427eaf75f059c

Comment by Suganthi Mani [ 26/May/23 ]

Cloud and product have agreed to go with the short-term fix as “fail the tenant migration if the recipient sees any donor QE oplog entries <= 7.0”. This way we allow customers to try out QE in cheaper mode. And, It's very unlikely customer runs a sustained QE workload which prevents tenant from migration for months. We mostly expect "try it out" QE customers in Serverlss.

Comment by Suganthi Mani [ 19/May/23 ]

Discussed with judah.schvimer@mongodb.com, for now we are going to hold on this ticket with 7.0 required and will revisit this ticket end of June (or if we complete SERVER-77236 earlier) to see if we need this work or not. If needed, we will decide at that time if this ticket needs to be sent to security team.

Generated at Thu Feb 08 06:34:55 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.