From e331b1f6e438b885c8749a71194d5e2c77f54b19 Mon Sep 17 00:00:00 2001 From: Vladimir Dolzhenko Date: Tue, 2 Oct 2018 13:24:47 +0200 Subject: [PATCH] enforced check that there is only one allocation id on adding/removing fake allocation id --- .../org/elasticsearch/cluster/routing/IndexRoutingTable.java | 3 ++- .../cluster/routing/allocation/IndexMetaDataUpdater.java | 5 +++++ 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/server/src/main/java/org/elasticsearch/cluster/routing/IndexRoutingTable.java b/server/src/main/java/org/elasticsearch/cluster/routing/IndexRoutingTable.java index c3eb217003e60..3aca5fa0798d9 100644 --- a/server/src/main/java/org/elasticsearch/cluster/routing/IndexRoutingTable.java +++ b/server/src/main/java/org/elasticsearch/cluster/routing/IndexRoutingTable.java @@ -142,7 +142,8 @@ boolean validate(MetaData metaData) { if (shardRouting.primary() && shardRouting.initializing() && shardRouting.recoverySource().getType() == RecoverySource.Type.EXISTING_STORE && inSyncAllocationIds.contains(shardRouting.allocationId().getId()) == false && - inSyncAllocationIds.contains(RecoverySource.ExistingStoreRecoverySource.FORCED_ALLOCATION_ID) == false) + (inSyncAllocationIds.contains(RecoverySource.ExistingStoreRecoverySource.FORCED_ALLOCATION_ID) == false + || inSyncAllocationIds.size() != 1)) throw new IllegalStateException("a primary shard routing " + shardRouting + " is a primary that is recovering from " + "a known allocation id but has no corresponding entry in the in-sync " + "allocation set " + inSyncAllocationIds); diff --git a/server/src/main/java/org/elasticsearch/cluster/routing/allocation/IndexMetaDataUpdater.java b/server/src/main/java/org/elasticsearch/cluster/routing/allocation/IndexMetaDataUpdater.java index 8de8e4460bca8..18ed0801abadc 100644 --- a/server/src/main/java/org/elasticsearch/cluster/routing/allocation/IndexMetaDataUpdater.java +++ b/server/src/main/java/org/elasticsearch/cluster/routing/allocation/IndexMetaDataUpdater.java @@ -177,6 +177,11 @@ private IndexMetaData.Builder updateInSyncAllocations(RoutingTable newRoutingTab inSyncAllocationIds.addAll(updates.addedAllocationIds); inSyncAllocationIds.removeAll(updates.removedAllocationIds); + assert oldInSyncAllocationIds.contains(RecoverySource.ExistingStoreRecoverySource.FORCED_ALLOCATION_ID) == false + || inSyncAllocationIds.size() == 1 + && inSyncAllocationIds.contains(RecoverySource.ExistingStoreRecoverySource.FORCED_ALLOCATION_ID) == false : + "fake allocation id has to be removed, inSyncAllocationIds:" + inSyncAllocationIds; + // Prevent set of inSyncAllocationIds to grow unboundedly. This can happen for example if we don't write to a primary // but repeatedly shut down nodes that have active replicas. // We use number_of_replicas + 1 (= possible active shard copies) to bound the inSyncAllocationIds set