-
Notifications
You must be signed in to change notification settings - Fork 874
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix: remove acl-check and cancel instead when REPLCONF ACK fails to validate #2920
Changes from 5 commits
4ba6329
1338315
e4a001c
4aaf734
480bb79
c9f6748
a5ca313
7f6c78e
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -1147,7 +1147,13 @@ void Service::DispatchCommand(CmdArgList args, facade::ConnectionContext* cntx) | |
// Bonus points because this allows to continue replication with ACL users who got | ||
// their access revoked and reinstated | ||
if (cid->name() == "REPLCONF" && absl::EqualsIgnoreCase(ArgS(args_no_cmd, 0), "ACK")) { | ||
LOG(ERROR) << "Tried to reply to REPLCONF"; | ||
// TODO remove this comment when we remove the acl-checker | ||
// This code will allow us to transition on later versions without | ||
// breaking replica/master setup with different versions of dragonfly | ||
auto info_ptr = server_family_.GetReplicaInfo(dfly_cntx); | ||
if (info_ptr) { | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. dont you need to call DflyCmd::CancelReplication? |
||
info_ptr->cntx.Cancel(); | ||
} | ||
return; | ||
} | ||
dfly_cntx->SendError(std::move(*err)); | ||
|
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -116,6 +116,10 @@ class ProtocolClient { | |
return sock_.get(); | ||
} | ||
|
||
void SetSocketTimeout(uint32_t msec) { | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Is this called ? |
||
sock_->set_timeout(msec); | ||
} | ||
|
||
private: | ||
ServerContext server_context_; | ||
|
||
|
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -893,6 +893,7 @@ void Replica::RedisStreamAcksFb() { | |
} | ||
} | ||
|
||
// TODO(kostasrim): Remove this on 20/6/2024 | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. I am a bit confused. Should not you remove the replica side checks so that later you will be able to remove master side responses? There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Sorry, my bad here. While I was making the changes I realized that the code I introduced above is enough to allow us a smooth transition (that means as long as two subsequent versions of df contain the code below we can remove both the acl-checks and be fine without the clients noticing.
However, I do agree we should remove this now. I will push an update soon. |
||
class AclCheckerClient : public ProtocolClient { | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. This introduces a small bug if master is an older version that we cover in our tests. The problem is that if ACL of the I guess this setup is more probably since upgrading from one version to the other would involve a replica copying the data and then being promoted to master. An intermediate solution would be to keep this check for older version masters and deprecate/completely remove at some later point. I am open for suggestions There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. this is fine, the use-case is not interesting. |
||
public: | ||
AclCheckerClient(ServerContext server, Context* cntx) | ||
|
@@ -918,6 +919,7 @@ class AclCheckerClient : public ProtocolClient { | |
LOG(INFO) << "Failed to connect with acl client " << ec.message(); | ||
cntx_->Cancel(); | ||
} | ||
SetSocketTimeout(4000); | ||
} | ||
|
||
Context* cntx_; | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@adiholden please help me reviewing these changes