Changed server_state public methods sst_received() and wait_until_state()
to report errors as return value instead of throwing exceptions.
This was done to gradually get rid of public methods which report
errors via exceptions.
This change was part of MDEV-30419.
It turns out that avoiding apply error on fragment removal failure, is
not a safe thing to do. If the DBMS restarts, with a entry in the
streaming log storage, it may be recovered by creating a corresponding
streaming applier.
This reverts commit da5098b622bc6f92c9265bacf4c1168fd69b38b5.
for SYNCED event as expected.
2. Fix transition to `s_joined` only after we have a complete state.
Complete state is reached in the following 3 cases:
- SST seqno exceeds connected seqno
- view seqno equals connected seqno (view processed == view connected)
- current state is `s_donor`
Refs codership/wsrep-lib#175
The fallthrough comment is not enough to silence the warning
with -Wimplicit-fallthrough=5.
This commit also fixes submodule handling in github actions.
This patch introduces a queue to store ids of transactions that failed
to send a rollback fragment in streaming_rollback(). This is to avoid
potentially missed rollback fragments when a cluster splits and then
later reforms. Rollback fragments would be missing if a node rolled
back a transaction locally (either BFed or voluntary rollback) while
non-primary, and the attempt to send rollback fragment failed in
transaction::streaming_rollback().
Transaction that fail to send rollback fragment can proceed to
rollback locally. However we must ensure that rollback fragments for
those transactions are eventually delivered by the cluster. This must
be done before a potentially conflicting writeset causes BF-BF
conflicts in the rest of the cluster.
The new feature which allows application to set transaction as PA unsafe
caused problems for streaming replication use cases. In apply_write_set(),
it is assumed that write set flags must be 0 for existing streaming
replication transaction. However, if SR transaction modifies non PK table,
the replicated fragment may have pa_unsafe flag.
Fixed by changing the condition detecting SR transactions to accept pa_unsafe
flag. This avoids the apply_write_set() execution from falling down to assert(0)
in the "condition tree"
* Added unit tests for transaction::xa_detach() and
transaction::xa_replay()
* Added unit tests for wsrep::xid
* Fixed minor issues pointed out by reviewer
Add support for detaching XA transactions. This is useful for handling
the case where the DBMS client has a transaction in prepared state and
disconnects. Before disconnect, the DBMS calls the newly introduced
client_state::xa_detach(), to cleanup the local transaction and
convert it to a high priority transaction. The DBMS may later attempt
to terminate the transaction through client_state::commit_by_xid() or
client_state::rollback_by_xid().
Also in this patch:
- Fix client_state::close() so that it does not rollback transactions
in prepared state
- Changed class wsrep::xid representation to hold enough information
so that DBMS can convert to its native representation
- Fix potential infinite loop in
server_state::find_streaming_applier(wsrep:xid&)
- Append SR keys on prepare fragment and make it pa_unsafe
- Handle one phase commit (simply fall back to two phase)
- Do not rollback prepared streaming clients in
server_state::close_orphaned_transactions()
This patch changes the handling of a rollback fragment so that
the high_priority_service adopts and starts a new transaction only
if fragment removal has to be performed.
When no fragment removal happens, starting a new transaction is
unnecessary: a dummy write set is logged instead and the transaction
is not cleaned up properly in DBMS side.
which complicates diagnostics and debugging.
Don't ignore provider return codes and more verbose error logging for
sst_sent(), sst_received(), set_encryption_key() methods
Refs codership/wsrep-lib#127
Shutting down the provider may cause replication/appling failures, which
may further result to disconnect calls from failing operations.
Allow concurrent disconnect requests to deal with such a situations.
- High priority interface method to apply NBO begin, separate from
apply_toi() in order to avoid implementation to force interpreting
ws_meta flags.
- Method to put client_state into NBO mode when applying NBO begin.
The client_state will process in m_local mode.
- Unit tests for applying NBO
* Add method `restore_prepared_transaction` to `client_state` class
which restores a transaction state from storage given its xid.
* Add method `commit_or_rollback_by_xid` to terminate prepared XA
transactions by xid.
* Make sure that transactions in prepared state are not rolled back
when their master fails/partitions away.
Force fragment replication when XA transaction is prepared, with
prepare fragment. Commit fragment happens in before_commit().
Adjusted fragment removal, which cannot happen in atomically with the
executing transaction.
Added a wsrep::thread_service interface to allow application to
inject instrumented thread, mutex and condition variable implementation
for provider.
The interface is defined in include/wsrep/thread_service.hpp.
Sample implementation is provided in dbsim/db_threads.[h|c]pp.
This patch will also clean up some remaining dependencies to
wsrep-API compilation units so that the dependency to wsrep-API
is header only. This will extending the provider support to
later wsrep-API versions.
In convert_streaming_client_to_applier() the new streaming applier
is created and deleted if the server has been disconnected. However,
releasing streaming applier may modify thread local storage. Call
store_globals() to restore thread local storage before returning.
Sanity checks to detect concurrency bugs were assuming a threading
model where each client state would always be processed within
single thread of execution. This however may be too strong assumption
if the application uses some kind of thread pooling.
This patch relaxes those assumptions by removing current_thread_id_
from client_state and relaxing assertions against owning_thread_id_.
This patch also adds a new method
wait_rollback_complete_and_acquire_ownership() into
client_state. This method is idempotent and can be used to gain
control to client_state before before_command() is called.
The method will wait until possible background rollback process is
over and marks the state to s_exec to protect the state against
new background rollbacks.
Other fixes/improvements:
- High priority globals state is restored after discarding streaming.
- Allowed server_state transition donor -> synced.
- Client state method store_globals() was renamed to acquire_ownership()
to better describe the intent. Method store_globals() was left for
backwards compatibility and marked deprecated.
- populate and pass real error description buffer to provider in case
of applying error
- return 0 from server_state::on_apply() if error voting confirmed
consistency
- remove fragments and rollback after fragment applying failure
- always release streaming applier on commit or rollback
Fixes a bug where the fact that an SR master leaves the primary view
gets missed. When two consecutive primary views have the same
membership we now assume that every SR needs to be rolled back, as the
system may have been through a state of only non-primary components.
Moved the check for transaction state before certification step
into separate method abort_or_interrupted() which will check the state
and adjust state and client_state error status accordingly.
Moved the check for abort_or_interrupted() to happen before
the state is changed to certifying and write set data is appended.
This makes the check atomic and reduces the probability of race
conditions. After this check we rely on provider side transaction
state management and error reporting until the certification step
is over.
Change to public API: Pass client_state mutex wrappend in unique_lock
object to client_service::interrupted() call. This way the DBMS side
has a control to the lock object in case it needs to unlock it
temporarily. The underlying mutex will always be locked when the lock
object is passed via interrupted() call.
Other: Allow server_state change from donor to connected. This may
happen if the joiner crashes during SST and the provider reports
it before the DBMS side SST mechanism detects the error.
Earlier versions of cluster software may not support storing
the view info into stable storage. In order to work around this
during rolling upgrade, skip sanity checks for recovered view
if the view state_id ID is undefined.
Flag init_initialized_ must be checked before changing the
state to s_initializing in on_primary_view() in order to avoid
race between main thread and applier thread. Otherwise it is
possible that main thread gains control after setting state
to initializing and changes the flag init_initialized_ to true
before the check is done in on_primary_view().
Convert streaming client to applier only if the server is not
in disconnected state. In disconnected state the appliers map
is supposed to be empty and will be reconstructed from fragment
storage when the server is connected back to cluster.
Introduced server_service recover_streaming_appliers() interface
call which will be called in total order whenever streaming appliers
must be recovered. The call comes with two overloads, one which
can be called from client context (e.g. after SST has been received)
and the other from high priority context (e.g. view event handling).
The client context overload should be eventually be deprecated once
there is a mechanism to make provider signal that it has joined to
the cluster and will start applying events.
