kv: don't serve non-locking, read-write requests on followers#60765
Merged
craig[bot] merged 1 commit intocockroachdb:masterfrom Feb 19, 2021
Merged
kv: don't serve non-locking, read-write requests on followers#60765craig[bot] merged 1 commit intocockroachdb:masterfrom
craig[bot] merged 1 commit intocockroachdb:masterfrom
Conversation
Member
|
This change is |
Discovered while investigating a test failure in cockroachdb#59566. In 278a21b, we shifted from talking about read and write requests to locking and non-locking requests when deciding whether a request could be served on a follower. This prevented locking scans and gets from being served on followers. However, it began letting lone HeartbeatTxn and EndTxn requests past the old `!IsReadOnly()` check. Luckily, these were still prevented from being served on followers because they are only sent in read-write transactions, which were also prevented from performing follower reads. Yesterday, in 0ac8ab9, we lifted this second limitation, allowing read-write transactions to perform follower reads for non-locking batches. However, this no longer prevented HeartbeatTxn and EndTxn requests from being routed and served on follower replicas. This resulted in a pretty disastrous situation where in very rare cases, a follower was proposing a write under a lease that it did not own. Luckily, new assertions added in cockroachdb#59566 caught this. This commit fixes this oversight be re-introducing "read-only" as a condition for serving follower reads. Release note: None
1e8ad6b to
9fc00c3
Compare
aayushshah15
approved these changes
Feb 19, 2021
Contributor
aayushshah15
left a comment
There was a problem hiding this comment.
Reviewable status:
complete! 1 of 0 LGTMs obtained (waiting on @andreimatei)
Contributor
Author
|
TFTR! bors r+ |
Contributor
|
Build failed (retrying...): |
Contributor
|
Build succeeded: |
This was referenced Feb 23, 2021
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Discovered while investigating a test failure in #59566.
In 278a21b, we shifted from talking about read and write requests to
locking and non-locking requests when deciding whether a request could
be served on a follower. This prevented locking scans and gets from
being served on followers. However, it began letting lone HeartbeatTxn
and EndTxn requests past the old
!IsReadOnly()check. Luckily, thesewere still prevented from being served on followers because they are
only sent in read-write transactions, which were also prevented from
performing follower reads.
Yesterday, in 0ac8ab9, we lifted this second limitation, allowing
read-write transactions to perform follower reads for non-locking
batches. However, this no longer prevented HeartbeatTxn and EndTxn
requests from being routed and served on follower replicas. This
resulted in a pretty disastrous situation where in very rare cases, a
follower was proposing a write under a lease that it did not own.
Luckily, new assertions added in #59566 caught this.
This commit fixes this oversight be re-introducing "read-only" as a
condition for serving follower reads.
Release note: None