Hi Raft folks,
I'm Hitoshi Mitake, nice to meet you.
I'd like to share a potential problem of Raft which can cause deadlock
triggered by membership change. I found the problem in etcd and fixed
it (
https://github.com/coreos/etcd/pull/3479 ). However, I thought
this bug isn't etcd implementation specific one. So I thought sharing
it on raft-dev would be a little bit valuable for developers working
on other Raft implementations, even though the problem can happen only
in very corner cases.
The problem can be caused in the below 2 steps:
1. construct N node cluster
2. add N new nodes without starting the new members
After finishing add N nodes, a total number of the cluster becomes 2 *
N and a quorum number of the cluster becomes N + 1. It means
membership change requires at least N + 1 nodes because Raft treats
membership information in its log like other ordinal log append
requests for design simplicity (especially for reducing a number of
RPC types and storage types?).
Assume the node information (in a case of etcd, peer URL) of the added
nodes are wrong because of miss operation or bugs in wrapping program
which launch raft implmenetations. In such a case, both of adding and
removing members are impossible because the quorum isn't preserved. Of
course ordinal requests cannot be served. The cluster would seem to be
deadlock.
The problem can easily avoided by rejecting reconfiguration request in
a case of a number of running node < quorum of reconfigured cluster.
So it doesn't mean any weakpoints of Raft design.
However, I believe considering this problem in practical
implementation is valuable. Because Raft algorithm doesn't say
anything about an order of starting a newly added node and
reconfiguration request (if I understand correctly). Therefore there
can be the effect of miss operation or bugs of launcher programs
between two events.
I'm very new to Raft. If this problem is already known, sorry for noise ;)
Thanks,
Hitoshi