Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

release-24.1: raft: re-enable config change safety #124820

Merged
merged 2 commits into from
May 29, 2024
Merged

release-24.1: raft: re-enable config change safety #124820

merged 2 commits into from
May 29, 2024

Conversation

blathers-crl[bot]
Copy link

@blathers-crl blathers-crl bot commented May 29, 2024
edited by pav-kv
Loading

Backport 2/2 commits from #124804 on behalf of @pav-kv.

/cc @cockroachdb/release

Config changes in this raft implementation require a safety constraint: the leader must not append a config change if it hasn't applied all config changes in its log.

The DisableConfChangeValidation flag disables this check under the assumption that the state machine layer provides the equivalent guarantee. However, it is hard to argue that this is true in split leaseholder/leader scenarios.

This commit re-enables this check, to bring the safety back. The other two state-machine-level checks concerned with entering and leaving joint configs can still be disabled.

Related to #105797, etcd-io/raft#81, #106515 (#106515 (comment))

Epic: none
Release note: none

Release justification: safety bug fix

pav-kv added 2 commits May 29, 2024 12:37
@pav-kv
raft: re-enable config change safety
3917e87 
Config changes in this raft implementation require a safety constraint:
the leader must not append a config change if it hasn't applied all
config changes in its log.

The DisableConfChangeValidation flag disables this check under the
assumption that the state machine layer provides the equivalent
guarantee. However, it is hard to argue that this is true in split
leaseholder/leader scenarios.

This commit re-enables this check, to bring the safety back. The other
two state-machine-level checks concerned with entering and leaving joint
configs can still be disabled.

Epic: none
Release note: none
@pav-kv
testdata: add test for dropping conf change
2af261b 
This commit adds a test which ensures a config change is not proposed if
the leader has another yet unapplied config change.

Epic: none
Release note: none
@blathers-crl blathers-crl bot added blathers-backport This is a backport that Blathers created automatically. O-robot Originated from a bot. labels May 29, 2024
@blathers-crl blathers-crl bot force-pushed the blathers/backport-release-24.1-124804 branch from 3917e87 to af16f42 Compare May 29, 2024 18:30
@blathers-crl blathers-crl bot requested a review from a team May 29, 2024 18:30
@blathers-crl blathers-crl bot force-pushed the blathers/backport-release-24.1-124804 branch from c4e7b02 to 3917e87 Compare May 29, 2024 18:30
@blathers-crl blathers-crl bot requested review from nvanbenschoten and pav-kv May 29, 2024 18:31
@blathers-crl blathers-crl bot force-pushed the blathers/backport-release-24.1-124804 branch from 754a5fc to 2af261b Compare May 29, 2024 18:31
@cockroach-teamcity
Copy link
Member

This change is Reviewable

@blathers-crl blathers[crl]
Copy link
Author

blathers-crl bot commented May 29, 2024
edited by pav-kv
Loading

Thanks for opening a backport.

Please check the backport criteria before merging:

  • Backports should only be created for serious
    issues     or test-only changes.
  • Backports should not break backwards-compatibility.
  • Backports should change as little code as possible.
  • Backports should not change on-disk formats or node communication protocols.
  • Backports should not add new functionality (except as defined
    here).
  • Backports must not add, edit, or otherwise modify cluster versions; or add version gates.
  • All backports must be reviewed by the owning areas TL and one additional
    TL. For more information as to how that review should be conducted, please consult the backport
    policy    .
If your backport adds new functionality, please ensure that the following additional criteria are satisfied:
  • There is a high priority need for the functionality that cannot wait until the next release and is difficult to address in another way.
  • The new functionality is additive-only and only runs for clusters which have specifically “opted in” to it (e.g. by a cluster setting).
  • New code is protected by a conditional check that is trivial to verify and ensures that it only runs for opt-in clusters. State changes must be further protected such that nodes running old binaries will not be negatively impacted by the new state (with a mixed version test added).
  • The PM and TL on the team that owns the changed code have signed off that the change obeys the above rules.
  • Your backport must be accompanied by a post to the appropriate Slack
    channel (#db-backports-point-releases or #db-backports-XX-X-release) for awareness and discussion.

Also, please add a brief release justification to the body of your PR to justify this
backport.

@blathers-crl blathers-crl bot added the backport Label PR's that are backports to older release branches label May 29, 2024
nvanbenschoten
nvanbenschoten approved these changes May 29, 2024
View reviewed changes
Copy link
Member

@nvanbenschoten nvanbenschoten left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do we need to get this back to v23.2 in one form or another as well?

@pav-kv
Copy link
Collaborator

pav-kv commented May 29, 2024

I think so, this behaviour was changed last summer.

@pav-kv pav-kv merged commit 51aaf2f into release-24.1 May 29, 2024
18 of 20 checks passed
@pav-kv pav-kv deleted the blathers/backport-release-24.1-124804 branch May 29, 2024 19:36
@pav-kv pav-kv mentioned this pull request Jun 12, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@nvanbenschoten nvanbenschoten nvanbenschoten approved these changes

@pav-kv pav-kv Awaiting requested review from pav-kv

Assignees

@pav-kv pav-kv

Labels
backport Label PR's that are backports to older release branches blathers-backport This is a backport that Blathers created automatically. O-robot Originated from a bot.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@cockroach-teamcity @pav-kv @nvanbenschoten