Commit 758f403
SqlRush
fix(cluster): spec-5.15 Hardening v1.2 — cold-bootstrap proof on durable slot, not live CSSD
A founding survivor could mis-classify itself as a rejoiner and refuse its own
writes (53R61) after an UNRELATED node fail-stop, blocking 3-node reconfig (the
join-remaster barrier never completes — surfaced by spec-5.16 t/326).
Root cause: the v1.1 cold-bootstrap proof (cluster_reconfig_bootstrap_quorum_at_initial)
counted live CSSD-alive peers. Transient IC / heartbeat churn could drop the
quorum below threshold, leaving a genuine co-booting member UNDECIDED (its
joiner gate never latched BOOTSTRAP). An unrelated peer's later fail-stop then
advanced the cluster epoch, and joiner_self_tick reclassified the still-UNDECIDED
member as a rejoiner: it closed its own write gate and timed out to 53R61.
INV-J14's latch only covered the BOOTSTRAP branch, not the UNDECIDED window.
Fix: anchor the co-boot quorum on the durable voting-disk slot instead of live
CSSD. Count a declared peer toward the quorum only on a valid observed slot
(cluster_reconfig_get_observed_slot true, generation > 0) at epoch INITIAL —
never on a default-0 placeholder, never on live CSSD state. Stable across CSSD
churn, so a founding member latches BOOTSTRAP reliably during formation, before
any unrelated epoch advance. The quorum threshold (declared/2+1) and the
rejoiner predicate (any peer epoch > INITIAL) are unchanged; only the "alive at
INITIAL" predicate moves to the durable slot.
Unit: test_cluster_reconfig U20 (valid-slot-vs-CSSD differentiator + default-0
fail-closed, TDD red->green) and U19 updated to the durable-slot semantics.
No on-disk / wire / catalog / GUC change; no catversion bump.
Spec: spec-5.15-online-declared-node-join-membership.md (Hardening v1.2)1 parent b150aa8 commit 758f403
2 files changed
Lines changed: 100 additions & 19 deletions
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
1200 | 1200 | | |
1201 | 1201 | | |
1202 | 1202 | | |
1203 | | - | |
| 1203 | + | |
| 1204 | + | |
| 1205 | + | |
| 1206 | + | |
1204 | 1207 | | |
1205 | | - | |
1206 | | - | |
1207 | | - | |
1208 | | - | |
1209 | | - | |
1210 | | - | |
| 1208 | + | |
| 1209 | + | |
| 1210 | + | |
| 1211 | + | |
| 1212 | + | |
| 1213 | + | |
| 1214 | + | |
| 1215 | + | |
| 1216 | + | |
| 1217 | + | |
| 1218 | + | |
| 1219 | + | |
| 1220 | + | |
| 1221 | + | |
| 1222 | + | |
| 1223 | + | |
| 1224 | + | |
| 1225 | + | |
| 1226 | + | |
| 1227 | + | |
| 1228 | + | |
| 1229 | + | |
1211 | 1230 | | |
1212 | 1231 | | |
1213 | 1232 | | |
1214 | 1233 | | |
1215 | 1234 | | |
1216 | | - | |
| 1235 | + | |
1217 | 1236 | | |
1218 | 1237 | | |
1219 | 1238 | | |
| 1239 | + | |
| 1240 | + | |
| 1241 | + | |
| 1242 | + | |
1220 | 1243 | | |
1221 | 1244 | | |
1222 | 1245 | | |
1223 | 1246 | | |
1224 | | - | |
| 1247 | + | |
1225 | 1248 | | |
1226 | 1249 | | |
| 1250 | + | |
1227 | 1251 | | |
1228 | | - | |
| 1252 | + | |
1229 | 1253 | | |
1230 | | - | |
1231 | | - | |
| 1254 | + | |
| 1255 | + | |
| 1256 | + | |
| 1257 | + | |
| 1258 | + | |
| 1259 | + | |
| 1260 | + | |
| 1261 | + | |
1232 | 1262 | | |
1233 | 1263 | | |
1234 | 1264 | | |
1235 | | - | |
| 1265 | + | |
1236 | 1266 | | |
1237 | 1267 | | |
1238 | 1268 | | |
| |||
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
1413 | 1413 | | |
1414 | 1414 | | |
1415 | 1415 | | |
1416 | | - | |
1417 | | - | |
1418 | 1416 | | |
1419 | | - | |
| 1417 | + | |
| 1418 | + | |
| 1419 | + | |
| 1420 | + | |
1420 | 1421 | | |
1421 | 1422 | | |
1422 | 1423 | | |
1423 | 1424 | | |
1424 | 1425 | | |
1425 | 1426 | | |
1426 | | - | |
1427 | | - | |
1428 | | - | |
| 1427 | + | |
| 1428 | + | |
| 1429 | + | |
| 1430 | + | |
| 1431 | + | |
| 1432 | + | |
| 1433 | + | |
| 1434 | + | |
| 1435 | + | |
| 1436 | + | |
| 1437 | + | |
| 1438 | + | |
| 1439 | + | |
| 1440 | + | |
| 1441 | + | |
| 1442 | + | |
| 1443 | + | |
| 1444 | + | |
| 1445 | + | |
| 1446 | + | |
| 1447 | + | |
| 1448 | + | |
| 1449 | + | |
| 1450 | + | |
| 1451 | + | |
| 1452 | + | |
| 1453 | + | |
| 1454 | + | |
| 1455 | + | |
| 1456 | + | |
| 1457 | + | |
| 1458 | + | |
| 1459 | + | |
1429 | 1460 | | |
| 1461 | + | |
| 1462 | + | |
| 1463 | + | |
| 1464 | + | |
| 1465 | + | |
| 1466 | + | |
| 1467 | + | |
| 1468 | + | |
| 1469 | + | |
| 1470 | + | |
| 1471 | + | |
| 1472 | + | |
| 1473 | + | |
| 1474 | + | |
| 1475 | + | |
| 1476 | + | |
| 1477 | + | |
| 1478 | + | |
| 1479 | + | |
1430 | 1480 | | |
1431 | 1481 | | |
1432 | 1482 | | |
| |||
1508 | 1558 | | |
1509 | 1559 | | |
1510 | 1560 | | |
| 1561 | + | |
1511 | 1562 | | |
1512 | 1563 | | |
1513 | 1564 | | |
| |||
0 commit comments