New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Allow interactive requests to reopen a re-created db instance #3050
Conversation
aa0b7a3
to
74c3c9a
Compare
Saw some unexpected success test failures:
So perhaps the existing code wasn't totally wrong. The question is what should happen if we end up finding a previous instance of a db in the cache. With the current PR we'll let the user roll with the old db, and when they perform a transaction operation, we'd silently upgrade it to the new db version. And then they can keep holding on that stale handle and be none the wiser. In the previous scheme, any old db handle immediately threw a |
74c3c9a
to
2308734
Compare
Updated approach: the idea is that we have different behaviors for interactive requests vs background tasks. Interactive requests should be able to auto-reopen to a new db instance if it was re-created. Background tasks, like indexers, for example, would want to handle the |
2308734
to
c98cd62
Compare
952e757
to
993e2d4
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks good but lets convince ourselves that the security properties changing are enforced correctly in a test. As as adding the inverse of the test you have that shows that interactive=false would throw the error we're expecting.
@davisp good call about the security test, I don't think we enforce security check on the new instance. We do have a test for when we reopen in a non-interactive way: couchdb/src/fabric/test/fabric2_db_crud_tests.erl Lines 156 to 161 in 993e2d4
|
Ah, good catch on there being a test already. Lets add a comment there to let future us know there's a subtle thing being tested with the new interactive flag. |
993e2d4
to
bb743b2
Compare
Previously, if a database was re-created on another node, a request with that database might have found the previous db instance in the cache. In that case it would have correctly reopened the db while in a transaction, but, because the old db instance was deleted it would throw a database_does_not_exist which was not the correct behavior. To prevent that from happening, introduce an interactive = true|false option when opening a database. User requests may specify that option and then when the db is re-opened, it will allow it to automatically upgrade to the new db instance instead returning an error. Background processes will still get a database_doest_not_exist error if they keep a db open which has now been re-created. The interactive option may also be used in the future to set other transaction parameters like timeouts and retries that might be different for interactive requests vs background tasks.
bb743b2
to
e88438f
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
+1
Previously, if a database was re-created on another node, a request with that database might have found the previous db instance in the cache. In that case it would have correctly reopened the db while in a transaction, but, because
the old db instance was deleted it would throw a database_does_not_exist which was not the correct behavior.
To prevent that from happening, introduce an
interactive = true|false
option when opening a database. User requests may specify that option and then when the db is re-opened, it will allow it to automatically upgrade to the new db instance instead of returning an error.Background processes will still get a
database_doest_not_exist
error if they keep a db open which has now been re-created.The interactive option may also be used in the future to set other transaction parameters like timeouts and retries that might be different for interactive requests vs background tasks.
Previously the UUID was checked in an attempt to prevent successfully re-opening an old database instance, in case it was deleted and re-created. However that is not necessary as the open line above would have already fetched the current db version