Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

raft: don't promote to voter if previous config is not committed #17675

Merged
merged 5 commits into from
Apr 11, 2024
Merged

raft: don't promote to voter if previous config is not committed #17675

merged 5 commits into from
Apr 11, 2024

Conversation

ztlpn
Copy link
Contributor

@ztlpn ztlpn commented Apr 5, 2024

Otherwise we may add several new voters in quick succession, that the old voters will not know of, resulting in a possibility of non-intersecting quorums.

Example scenario:

  1. we start with leader id 1, committed configuration: voters:1,2,3; learners:4,5
  2. 1,4,5 are partitioned from 2,3
  3. 1 finishes recovery of 4 and 5 and adds them as voters
  4. now 1 can remain the leader getting responses from 1,4,5 (that form a quorum in the new voter set 1,2,3,4,5) and 2,3 can elect a leader among themselves, say 2 (because 2,3 is a quorum in the old voter set 1,2,3)
  5. now 1 and 2 both think that they are legitimate leaders and can commit new entries, resulting in divergent logs.

To prevent this, in step 3 we don't add 5 as voter until the configuration with voter 4 is committed (or vice versa).

Backports Required

  • none - not a bug fix
  • none - this is a backport
  • none - issue does not exist in previous branches
  • none - papercut/not impactful enough to backport
  • v23.3.x
  • v23.2.x

Release Notes

Bug Fixes

  • Fix a bug that could lead to raft log inconsistencies when 2 out of 3 nodes in a configuration are changed.

@ztlpn ztlpn requested review from bharathv and mmaslankaprv April 5, 2024 14:28
mmaslankaprv
mmaslankaprv previously approved these changes Apr 5, 2024
View reviewed changes
bharathv
bharathv previously approved these changes Apr 5, 2024
View reviewed changes
@piyushredpanda
Copy link
Contributor

/ci-repeat

dotnwat
dotnwat reviewed Apr 5, 2024
View reviewed changes
src/v/raft/tests/raft_reconfiguration_test.cc
Comment on lines -69 to +86
consistency_level>>
consistency_level,
isolated_t>>
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🔥

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

love seeing unit tests!

@piyushredpanda
Copy link
Contributor

Build seems to be failing here, @ztlpn

@ztlpn ztlpn dismissed stale reviews from bharathv and mmaslankaprv via 195feac April 8, 2024 10:16
@ztlpn ztlpn force-pushed the raft-voter-add-divergence branch from 44f1272 to 195feac Compare April 8, 2024 10:16
@ztlpn ztlpn requested review from bharathv and mmaslankaprv April 8, 2024 10:18
@ztlpn ztlpn force-pushed the raft-voter-add-divergence branch from 195feac to 4e7a69a Compare April 8, 2024 13:22
mmaslankaprv
mmaslankaprv previously approved these changes Apr 8, 2024
View reviewed changes
@vbotbuildovich
Copy link
Collaborator

vbotbuildovich commented Apr 9, 2024
edited
Loading

ducktape was retried in https://buildkite.com/redpanda/redpanda/builds/47564#018ec35c-4118-46c6-b0bd-e5ebdb0177ca

ducktape was retried in https://buildkite.com/redpanda/redpanda/builds/47564#018ec363-6bdd-4bf8-829f-e0ac88543d61

ducktape was retried in https://buildkite.com/redpanda/redpanda/builds/47600#018ec749-0f07-41dc-afcd-eee752811673

ducktape was retried in https://buildkite.com/redpanda/redpanda/builds/47637#018eca7c-1e2d-4a4c-b647-0fbe5ef9bc7a

@ztlpn ztlpn force-pushed the raft-voter-add-divergence branch from 4e7a69a to 86c526f Compare April 10, 2024 21:37
ztlpn added 5 commits April 11, 2024 00:37
@ztlpn
raft: don't promote to voter if previous config is not committed
b1e1e02 
Otherwise we may add several new voters in quick succession, that the
old voters will not know of, resulting in a possibility of non-intersecting
quorums.

Example scenario:
1. we start with leader id 1, committed configuration: voters:1,2,3; learners:4,5
2. 1,4,5 are partitioned from 2,3
3. 1 finishes recovery of 4 and 5 and adds them as voters
4. now 1 can remain the leader getting responses from 1,4,5
   (that form a quorum in the new voter set 1,2,3,4,5)
   and 2,3 can elect a leader among themselves, say 2
   (because 2,3 is a quorum in the old voter set 1,2,3)
5. now 1 and 2 both think that they are legitimate leaders and can
   commit new entries, resulting in divergent logs.

To prevent this, in step 3 we don't add 5 as voter until the configuration with
voter 4 is committed (or vice versa).
@ztlpn
r/tests: pass destination id to dispatch callback
ccb5f64
@ztlpn
r/tests: clean up node directories
1085f75
@ztlpn
r/tests: check consistency only on target nodes after reconfig
eb82185 
If we test reconfig with faulty network, nodes leaving the raft group
are not guaranteed to be up to date because they might have left the
group before they have been fully recovered. So we restrict the
after-reconfig checks to target nodes.
@ztlpn
r/tests: add node isolation scenarios to reconfiguration utests
cea0c6c
@ztlpn ztlpn force-pushed the raft-voter-add-divergence branch from 86c526f to cea0c6c Compare April 10, 2024 22:37
@ztlpn ztlpn requested a review from mmaslankaprv April 11, 2024 07:39
@ztlpn ztlpn merged commit 8242d48 into redpanda-data:dev Apr 11, 2024
17 checks passed
@vbotbuildovich
Copy link
Collaborator

/backport v23.3.x

@vbotbuildovich
Copy link
Collaborator

/backport v23.2.x

@ztlpn ztlpn deleted the raft-voter-add-divergence branch April 11, 2024 12:16
@vbotbuildovich
Copy link
Collaborator

Failed to create a backport PR to v23.2.x branch. I tried:

git remote add upstream https://github.com/redpanda-data/redpanda.git
git fetch --all
git checkout -b backport-pr-17675-v23.2.x-644 remotes/upstream/v23.2.x
git cherry-pick -x b1e1e0298b4e2da7985bd43f15739852191a46ff ccb5f640f10a373f99e95daeab42d801ceefd469 1085f755a575f0baffb072059c22859e0040142a eb8218558514bba1c0533a5f028d93c7d32d6a6c cea0c6c85f7a56eaef603d8fbc7a69d3ebb923c0

Workflow run logs.

@vbotbuildovich vbotbuildovich mentioned this pull request Apr 11, 2024
Closed
@vbotbuildovich
Copy link
Collaborator

Failed to create a backport PR to v23.3.x branch. I tried:

git remote add upstream https://github.com/redpanda-data/redpanda.git
git fetch --all
git checkout -b backport-pr-17675-v23.3.x-536 remotes/upstream/v23.3.x
git cherry-pick -x b1e1e0298b4e2da7985bd43f15739852191a46ff ccb5f640f10a373f99e95daeab42d801ceefd469 1085f755a575f0baffb072059c22859e0040142a eb8218558514bba1c0533a5f028d93c7d32d6a6c cea0c6c85f7a56eaef603d8fbc7a69d3ebb923c0

Workflow run logs.

@vbotbuildovich vbotbuildovich mentioned this pull request Apr 11, 2024
Closed
This was referenced Apr 11, 2024
Merged
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dotnwat dotnwat dotnwat left review comments

@mmaslankaprv mmaslankaprv mmaslankaprv approved these changes

@bharathv bharathv Awaiting requested review from bharathv

Assignees
No one assigned
Labels
area/redpanda
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
6 participants
@ztlpn @piyushredpanda @vbotbuildovich @dotnwat @bharathv @mmaslankaprv