-
Type: Bug
-
Resolution: Unresolved
-
Priority: Major - P3
-
None
-
Affects Version/s: None
-
Component/s: None
-
Server Programmability
See design doc for details. SERVER-61141 should've accomplished what we need. Check that the multitenant migrations tests already cover all the TenantMigrationRecipientAccessBlocker cases we need to test for Merge.
EDIT:
In-memory RTAB is used to reject user donor snapshot reads earlier than rejectReadsBeforeTimestamp after shard merge commit because the first version of shard merge doesn't preserve/copy donor history. In-memory RTAB is deleted once the recipient state document is deleted. Currently, TTL delete the state document after shard merge completion with GC delay of tenantMigrationGarbageCollectionDelayMS (default is 15 mins). This is risky as there is no guarantee that R’s oldest timestamp >= rejectReadsBeforeTimestamp after GC delay. So, after merge commit, we can have readers trying to do donor data reads at snapshot earlier than rejectReadsBeforeTimestamp after GC delay. And, there will be nothing to prevent those readers from reading inconsistent data, violating snapshot read guarantees.
(The same problem exists in MTM protocol as well).
- depends on
-
SERVER-61141 Create TenantMigrationRecipientAccessBlocker for each tenant
- Closed
-
SERVER-67372 Make tenant migration recipient delete its state document in its run method
- Closed
- is depended on by
-
SERVER-59794 Make existing tenant migration js tests work with empty tenant id
- Closed
- is related to
-
SERVER-65236 Make tenant migration donor delete its state doc in its run method
- Closed