config: allow to configure an anonymous replica #9418
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Serpentian
reviewed
Nov 28, 2023
Totktonada
force-pushed
the
gh-xxxx-config-fix-anonymous-replica
branch
from
a45bc5c
to
63030ce
Compare
Totktonada
added a commit
to Totktonada/tarantool
that referenced
this pull request
Dec 5, 2023
This commit allows to bootstrap an anonymous replica from a replicaset, where all the instances are in read-only mode. The reason of the change is that there are no technical reasons to forbid this action. An anonymous replica is not registered in `_cluster` system space, so it can join a replicaset even if there are no writable instances. Fixes tarantool#9432 @TarantoolBot document Title: config: anonymous replica is now supported `replication.anon: true` option is now working. There are configuration constraints that are related to anonymous replicas. * A replicaset must contain at least one non-anonymous instance. * An anonymous replica can't be configured as writable instance using `database.mode` or `<replicaset>.leader` options. * An anonymous replica can't be configured with `replication.election_mode` equals to `candidate`, `voter` or `manual` (only `off` is allowed). A few more nuances about anonymous replicas: * Anonymous replicas are filtered out from default upstream list. * A `replication.failover: election` replicaset can contain anonymous replicas, but `replication.election_mode` defaults to `off` for them (unlike non-anonymous instances, where the default is `candidate`). * `replication.failover: supervised` skips anonymous replicas, when choosing a bootstrap leader. * A anonymous replica can joined a replicaset, which has all the instances in read-only mode (ulike a non-anonymous instance). See details in [1] and [2]. [1]: tarantool#9432 [2]: tarantool#9418
Totktonada
changed the title
Totktonada
added a commit
to Totktonada/tarantool
that referenced
this pull request
Dec 5, 2023
This commit allows to bootstrap an anonymous replica from a replicaset, where all the instances are in read-only mode. The reason of the change is that there are no technical reasons to forbid this action. An anonymous replica is not registered in `_cluster` system space, so it can join a replicaset even if there are no writable instances. Fixes tarantool#9432 @TarantoolBot document Title: config: anonymous replica is now supported `replication.anon: true` option is now working. There are configuration constraints that are related to anonymous replicas. * A replicaset must contain at least one non-anonymous instance. * An anonymous replica can't be configured as writable instance using `database.mode` or `<replicaset>.leader` options. * An anonymous replica can't be configured with `replication.election_mode` equals to `candidate`, `voter` or `manual` (only `off` is allowed). A few more nuances about anonymous replicas: * Anonymous replicas are filtered out from default upstream list. * A `replication.failover: election` replicaset can contain anonymous replicas, but `replication.election_mode` defaults to `off` for them (unlike non-anonymous instances, where the default is `candidate`). * `replication.failover: supervised` skips anonymous replicas, when choosing a bootstrap leader. * A anonymous replica can joined a replicaset, which has all the instances in read-only mode (unlike a non-anonymous instance). See details in [1] and [2]. [1]: tarantool#9432 [2]: tarantool#9418
Totktonada
force-pushed
the
gh-xxxx-config-fix-anonymous-replica
branch
from
63030ce
to
4711e53
Compare
p7nov
approved these changes
Dec 5, 2023
Totktonada
added a commit
to Totktonada/tarantool
that referenced
this pull request
Dec 5, 2023
This commit allows to bootstrap an anonymous replica from a replicaset, where all the instances are in read-only mode. The reason of the change is that there are no technical reasons to forbid this action. An anonymous replica is not registered in `_cluster` system space, so it can join a replicaset even if there are no writable instances. Fixes tarantool#9432 @TarantoolBot document Title: config: anonymous replica is now supported `replication.anon: true` option is now working. There are configuration constraints that are related to anonymous replicas. * A replicaset must contain at least one non-anonymous instance. * An anonymous replica can't be configured as writable instance using `database.mode` or `<replicaset>.leader` options. * An anonymous replica can't be configured with `replication.election_mode` equals to `candidate`, `voter` or `manual` (only `off` is allowed). A few more nuances about anonymous replicas: * Anonymous replicas are filtered out from default upstream list. * A `replication.failover: election` replicaset can contain anonymous replicas, but `replication.election_mode` defaults to `off` for them (unlike non-anonymous instances, where the default is `candidate`). * `replication.failover: supervised` skips anonymous replicas, when choosing a bootstrap leader. * A anonymous replica can joined a replicaset, which has all the instances in read-only mode (unlike a non-anonymous instance). See details in [1] and [2]. [1]: tarantool#9432 [2]: tarantool#9418
Totktonada
force-pushed
the
gh-xxxx-config-fix-anonymous-replica
branch
from
4711e53
to
603162d
Compare
ImeevMA
approved these changes
Dec 6, 2023
Totktonada
force-pushed
the
gh-xxxx-config-fix-anonymous-replica
branch
from
603162d
to
89c3b82
Compare
Totktonada
added a commit
to Totktonada/tarantool
that referenced
this pull request
Dec 6, 2023
This commit allows to bootstrap an anonymous replica from a replicaset, where all the instances are in read-only mode. The reason of the change is that there are no technical reasons to forbid this action. An anonymous replica is not registered in `_cluster` system space, so it can join a replicaset even if there are no writable instances. Fixes tarantool#9432 @TarantoolBot document Title: config: anonymous replica is now supported `replication.anon: true` option is now working. There are configuration constraints that are related to anonymous replicas. * A replicaset must contain at least one non-anonymous instance. * An anonymous replica can't be configured as writable instance using `database.mode` or `<replicaset>.leader` options. * An anonymous replica can't be configured with `replication.election_mode` equals to `candidate`, `voter` or `manual` (only `off` is allowed). A few more nuances about anonymous replicas: * Anonymous replicas are filtered out from default upstream list. * A `replication.failover: election` replicaset can contain anonymous replicas, but `replication.election_mode` defaults to `off` for them (unlike non-anonymous instances, where the default is `candidate`). * `replication.failover: supervised` skips anonymous replicas, when choosing a bootstrap leader. * A anonymous replica can joined a replicaset, which has all the instances in read-only mode (unlike a non-anonymous instance). See details in [1] and [2]. [1]: tarantool#9432 [2]: tarantool#9418
Serpentian
approved these changes
Dec 6, 2023
The commit effectively enables support of anonymous replicas in the
declarative configuration. It has several caveats (see the changelog
entry), which will be resolved in the following commits of the patchset.
An attempt to persist an instance name of an anonymous replica can't be
successful, because it has no entry in `_cluster` system space. Such an
attempt leads to ER_INSTANCE_NAME_MISMATCH error.
This commit patches the configuration applying logic to skip attempt to
set `box.cfg({instance_name = <...>})` if the instance is configured as
an anonymous replica using `replication.anon: true` option.
Part of tarantool#9432
NO_DOC=replication.anon option is already documented in the scope of
tarantool/doc#3851. The bugfix
shouldn't affect the documentation pages much, however related
constraints are summarized in a documentation request in the last
commit of the series.
This commit effectively allows to set `replication.anon: true` without specifying `replication.peers`. Without filtering out anonymous replicas from the list of upstreams we get an error regarding attempt to use an anonymous replica as an upstream for a non-anonymous instance. Also, anonymous replicas are excluded from autogenerated upstream list for other anonymous replicas. It makes the list the same on all the peers. A user can configure a custom data flow using `replication.peers` option. Part of tarantool#9432 NO_DOC=The documentation request is in the last commit of the series.
Filter out anonymous replicas when choosing a bootstrap leader in `replication.failover: supervised` mode. An anonymous replica can't be in read-write mode, so it can't be a replicaset bootstrap leader. Part of tarantool#9432 NO_DOC=It is bugfix. However, this detail is mentioned in the documentation request is in the last commit of the series just in case.
A replicaset that contains only anonymous replicas can't be bootstrapped, because all the instances must be in read-only mode. Part of tarantool#9432 NO_DOC=The documentation request is in the last commit of the series.
This commit adds several checks that are specific for `replication.failover` mode. * `replication.failover: off`: an anonymous replica shouldn't be set to read-write mode using `database.mode` option. * `replication.failover: manual`: an anonymous replica shouldn't be configured as a replicaset leader using `<replicaset>.leader` option. * `replication.failover: election`: an anonymous replica can't be configured with `replication.election_mode` other than `off`. This commit also adjusts default `replication.election_mode` to `off` for an anonymous replica if it is part of a `replication.failover: election` replicaset (the default for a non-anonymous instance is `candidate`). Part of tarantool#9432 NO_DOC=The documentation request is in the last commit of the series.
This commit allows to bootstrap an anonymous replica from a replicaset, where all the instances are in read-only mode. The reason of the change is that there are no technical reasons to forbid this action. An anonymous replica is not registered in `_cluster` system space, so it can join a replicaset even if there are no writable instances. Fixes tarantool#9432 @TarantoolBot document Title: config: anonymous replica is now supported `replication.anon: true` option is now working. There are configuration constraints that are related to anonymous replicas. * A replicaset must contain at least one non-anonymous instance. * An anonymous replica can't be configured as writable instance using `database.mode` or `<replicaset>.leader` options. * An anonymous replica can't be configured with `replication.election_mode` equals to `candidate`, `voter` or `manual` (only `off` is allowed). A few more nuances about anonymous replicas: * Anonymous replicas are filtered out from default upstream list. * A `replication.failover: election` replicaset can contain anonymous replicas, but `replication.election_mode` defaults to `off` for them (unlike non-anonymous instances, where the default is `candidate`). * `replication.failover: supervised` skips anonymous replicas, when choosing a bootstrap leader. * A anonymous replica can joined a replicaset, which has all the instances in read-only mode (unlike a non-anonymous instance). See details in [1] and [2]. [1]: tarantool#9432 [2]: tarantool#9418
Totktonada
force-pushed
the
gh-xxxx-config-fix-anonymous-replica
branch
from
89c3b82
to
e068c48
Compare
ylobankov
approved these changes
Dec 6, 2023
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
replication.anon: trueoption is now working.Mostly, it is the only thing that a user needs to know about this changeset.
However, technically speaking, several related configuration checks are introduced here and dependent defaults were adjusted to make usage of anonymous replicas smoother.
The new configuration constrainsts are the following.
database.modeor<replicaset>.leaderoptions.replication.election_modeequals tocandidate,voterormanual(onlyoffis allowed).A few more nuances about anonymous replicas:
replication.failover: electionreplicaset can contain anonymous replicas, butreplication.election_modedefaults toofffor them (unlike non-anonymous instances, where the default iscandidate).replication.failover: supervisedskips anonymous replicas, when choosing a bootstrap leader.Please, check out commits of the patchset for more detailed description of the constrains and nuances.
Fixes #9432