SERVER-81229 Add replay protection to clone command of move primary

Author: m4nti5

src/mongo/db/s/clone_catalog_data_command.cpp

@@ -39,18 +39,22 @@
 #include "mongo/db/auth/action_type.h"
 #include "mongo/db/auth/authorization_session.h"
 #include "mongo/db/auth/resource_pattern.h"
+#include "mongo/db/cancelable_operation_context.h"
 #include "mongo/db/catalog/document_validation.h"
 #include "mongo/db/cloner.h"
 #include "mongo/db/cluster_role.h"
 #include "mongo/db/commands.h"
 #include "mongo/db/commands/feature_compatibility_version.h"
 #include "mongo/db/database_name.h"
+#include "mongo/db/dbdirectclient.h"
 #include "mongo/db/namespace_string.h"
 #include "mongo/db/operation_context.h"
 #include "mongo/db/repl/read_concern_level.h"
 #include "mongo/db/s/sharding_state.h"
 #include "mongo/db/server_options.h"
 #include "mongo/db/service_context.h"
+#include "mongo/db/transaction/transaction_participant.h"
+#include "mongo/db/write_block_bypass.h"
 #include "mongo/idl/idl_parser.h"
 #include "mongo/s/catalog/sharding_catalog_client.h"
 #include "mongo/s/grid.h"
@@ -66,6 +70,50 @@
 namespace mongo {
 namespace {
 
+void cloneDatabase(OperationContext* opCtx,
+                   const DatabaseName& dbName,
+                   StringData from,
+                   BSONObjBuilder& result) {
+    auto const catalogClient = Grid::get(opCtx)->catalogClient();
+    auto shardedOrUntrackedColls = catalogClient->getShardedCollectionNamespacesForDb(
+        opCtx, dbName, repl::ReadConcernLevel::kMajorityReadConcern, {});
+    const auto databasePrimary =
+        catalogClient->getDatabase(opCtx, dbName, repl::ReadConcernLevel::kMajorityReadConcern)
+            .getPrimary()
+            .toString();
+    auto unsplittableCollsOutsideDbPrimary =
+        catalogClient->getUnsplittableCollectionNamespacesForDbOutsideOfShards(
+            opCtx, dbName, {databasePrimary}, repl::ReadConcernLevel::kMajorityReadConcern);
+
+    std::move(unsplittableCollsOutsideDbPrimary.begin(),
+              unsplittableCollsOutsideDbPrimary.end(),
+              std::back_inserter(shardedOrUntrackedColls));
+
+    DisableDocumentValidation disableValidation(opCtx);
+
+    // Clone the non-ignored collections.
+    std::set<std::string> clonedColls;
+    bool forceSameUUIDAsSource = false;
+    {
+        FixedFCVRegion fcvRegion{opCtx};
+        forceSameUUIDAsSource =
+            feature_flags::gTrackUnshardedCollectionsOnShardingCatalog.isEnabled(
+                (*fcvRegion).acquireFCVSnapshot());
+    }
+
+    Cloner cloner;
+    uassertStatusOK(cloner.copyDb(opCtx,
+                                  dbName,
+                                  from.toString(),
+                                  shardedOrUntrackedColls,
+                                  forceSameUUIDAsSource,
+                                  &clonedColls));
+    {
+        BSONArrayBuilder cloneBarr = result.subarrayStart("clonedColls");
+        cloneBarr.append(clonedColls);
+    }
+}
+
 /**
  * Currently, _shardsvrCloneCatalogData will clone all data (including metadata). In the second part
  * of
@@ -93,6 +141,10 @@ class CloneCatalogDataCommand : public BasicCommand {
         return true;
     }
 
+    virtual bool supportsRetryableWrite() const override {
+        return true;
+    }
+
     Status checkAuthForOperation(OperationContext* opCtx,
                                  const DatabaseName& dbName,
                                  const BSONObj&) const override {
@@ -110,7 +162,6 @@ class CloneCatalogDataCommand : public BasicCommand {
              const DatabaseName&,
              const BSONObj& cmdObj,
              BSONObjBuilder& result) override {
-
         auto shardingState = ShardingState::get(opCtx);
         uassertStatusOK(shardingState->canAcceptShardedCommands());
 
@@ -139,45 +190,39 @@ class CloneCatalogDataCommand : public BasicCommand {
                 str::stream() << "Can't run _shardsvrCloneCatalogData without a source",
                 !from.empty());
 
-        auto const catalogClient = Grid::get(opCtx)->catalogClient();
-        auto shardedOrUntrackedColls = catalogClient->getShardedCollectionNamespacesForDb(
-            opCtx, dbName, repl::ReadConcernLevel::kMajorityReadConcern, {});
-        const auto databasePrimary =
-            catalogClient->getDatabase(opCtx, dbName, repl::ReadConcernLevel::kMajorityReadConcern)
-                .getPrimary()
-                .toString();
-        auto unsplittableCollsOutsideDbPrimary =
-            catalogClient->getUnsplittableCollectionNamespacesForDbOutsideOfShards(
-                opCtx, dbName, {databasePrimary}, repl::ReadConcernLevel::kMajorityReadConcern);
-
-        std::move(unsplittableCollsOutsideDbPrimary.begin(),
-                  unsplittableCollsOutsideDbPrimary.end(),
-                  std::back_inserter(shardedOrUntrackedColls));
-
-        DisableDocumentValidation disableValidation(opCtx);
-
-        // Clone the non-ignored collections.
-        std::set<std::string> clonedColls;
-        bool forceSameUUIDAsSource = false;
-        {
-            FixedFCVRegion fcvRegion{opCtx};
-            forceSameUUIDAsSource =
-                feature_flags::gTrackUnshardedCollectionsOnShardingCatalog.isEnabled(
-                    (*fcvRegion).acquireFCVSnapshot());
+        // For newer versions, execute the operation in another operation context with local write
+        // concern to prevent doing waits while we're holding resources (we have a session checked
+        // out).
+        if (TransactionParticipant::get(opCtx)) {
+            {
+                // Use ACR to have a thread holding the session while we do the cloning.
+                auto newClient = opCtx->getServiceContext()
+                                     ->getService(ClusterRole::ShardServer)
+                                     ->makeClient("SetAllowMigrations");
+                AlternativeClientRegion acr(newClient);
+                auto executor =
+                    Grid::get(opCtx->getServiceContext())->getExecutorPool()->getFixedExecutor();
+                auto newOpCtxPtr = CancelableOperationContext(
+                    cc().makeOperationContext(), opCtx->getCancellationToken(), executor);
+
+                AuthorizationSession::get(newOpCtxPtr.get()->getClient())
+                    ->grantInternalAuthorization(newOpCtxPtr.get()->getClient());
+                newOpCtxPtr->setWriteConcern(ShardingCatalogClient::kLocalWriteConcern);
+                WriteBlockBypass::get(newOpCtxPtr.get()).set(true);
+                cloneDatabase(newOpCtxPtr.get(), dbName, from, result);
+            }
+            // Since no write happened on this txnNumber, we need to make a dummy write to protect
+            // against older requests with old txnNumbers.
+            DBDirectClient client(opCtx);
+            client.update(NamespaceString::kServerConfigurationNamespace,
+                          BSON("_id"
+                               << "CloneCatalogDataStats"),
+                          BSON("$inc" << BSON("count" << 1)),
+                          true /* upsert */,
+                          false /* multi */);
+        } else {
+            cloneDatabase(opCtx, dbName, from, result);
         }
-
-        Cloner cloner;
-        uassertStatusOK(cloner.copyDb(opCtx,
-                                      dbName,
-                                      from.toString(),
-                                      shardedOrUntrackedColls,
-                                      forceSameUUIDAsSource,
-                                      &clonedColls));
-        {
-            BSONArrayBuilder cloneBarr = result.subarrayStart("clonedColls");
-            cloneBarr.append(clonedColls);
-        }
-
         return true;
     }
 };

src/mongo/db/s/move_primary_coordinator.cpp

@@ -518,8 +518,7 @@ void MovePrimaryCoordinator::assertNoOrphanedDataOnRecipient(
     };
 }
 
-std::vector<NamespaceString> MovePrimaryCoordinator::cloneDataToRecipient(
-    OperationContext* opCtx) const {
+std::vector<NamespaceString> MovePrimaryCoordinator::cloneDataToRecipient(OperationContext* opCtx) {
     // Enable write blocking bypass to allow cloning of catalog data even if writes are disallowed.
     WriteBlockBypass::get(opCtx).set(true);
 
@@ -530,28 +529,31 @@ std::vector<NamespaceString> MovePrimaryCoordinator::cloneDataToRecipient(
         uassertStatusOK(shardRegistry->getShard(opCtx, ShardingState::get(opCtx)->shardId()));
     const auto toShard = uassertStatusOK(shardRegistry->getShard(opCtx, toShardId));
 
-    const auto cloneCommand = [&] {
+    auto cloneCommand = [&](boost::optional<OperationSessionInfo> osi) {
         BSONObjBuilder commandBuilder;
         commandBuilder.append(
             "_shardsvrCloneCatalogData",
             DatabaseNameUtil::serialize(_dbName, SerializationContext::stateDefault()));
         commandBuilder.append("from", fromShard->getConnString().toString());
+        if (osi.is_initialized()) {
+            commandBuilder.appendElements(osi->toBSON());
+        }
         return CommandHelpers::appendMajorityWriteConcern(commandBuilder.obj());
-    }();
+    };
 
-    const auto cloneResponse =
-        toShard->runCommand(opCtx,
-                            ReadPreferenceSetting(ReadPreference::PrimaryOnly),
-                            DatabaseName::kAdmin,
-                            cloneCommand,
-                            Shard::RetryPolicy::kNoRetry);
+    auto clonedCollections = [&](const BSONObj& command) {
+        const auto cloneResponse =
+            toShard->runCommand(opCtx,
+                                ReadPreferenceSetting(ReadPreference::PrimaryOnly),
+                                DatabaseName::kAdmin,
+                                command,
+                                Shard::RetryPolicy::kNoRetry);
 
-    uassertStatusOKWithContext(
-        Shard::CommandResponse::getEffectiveStatus(cloneResponse),
-        "movePrimary operation on database {} failed to clone data to recipient {}"_format(
-            _dbName.toStringForErrorMsg(), toShardId.toString()));
+        uassertStatusOKWithContext(
+            Shard::CommandResponse::getEffectiveStatus(cloneResponse),
+            "movePrimary operation on database {} failed to clone data to recipient {}"_format(
+                _dbName.toStringForErrorMsg(), toShardId.toString()));
 
-    auto clonedCollections = [&] {
         std::vector<NamespaceString> colls;
         for (const auto& bsonElem : cloneResponse.getValue().response["clonedColls"].Obj()) {
             if (bsonElem.type() == String) {
@@ -562,8 +564,15 @@ std::vector<NamespaceString> MovePrimaryCoordinator::cloneDataToRecipient(
 
         std::sort(colls.begin(), colls.end());
         return colls;
-    }();
-    return clonedCollections;
+    };
+
+    try {
+        return clonedCollections(cloneCommand(getNewSession(opCtx)));
+    } catch (const ExceptionFor<ErrorCodes::NotARetryableWriteCommand>&) {
+        // TODO SERVER-83213: we're dealing with an older binary version, retry without the OSI
+        // protection. Remove once 8.0 is last-lts.
+        return clonedCollections(cloneCommand(boost::none));
+    }
 }
 
 void MovePrimaryCoordinator::assertClonedData(

src/mongo/db/s/move_primary_coordinator.h

@@ -87,6 +87,13 @@ class MovePrimaryCoordinator final
      */
     void cloneData(OperationContext* opCtx);
 
+    /**
+     * Requests to the recipient to clone all the collections of the given database currently owned
+     * by this shard. Once the cloning is complete, the recipient returns the list of the actually
+     * cloned collections.
+     */
+    std::vector<NamespaceString> cloneDataToRecipient(OperationContext* opCtx);
+
     /**
      * Logs in the `config.changelog` collection a specific event for `movePrimary` operations.
      */
@@ -107,14 +114,6 @@ class MovePrimaryCoordinator final
     void assertNoOrphanedDataOnRecipient(
         OperationContext* opCtx, const std::vector<NamespaceString>& collectionsToClone) const;
 
-
-    /**
-     * Requests to the recipient to clone all the collections of the given database currently owned
-     * by this shard. Once the cloning is complete, the recipient returns the list of the actually
-     * cloned collections.
-     */
-    std::vector<NamespaceString> cloneDataToRecipient(OperationContext* opCtx) const;
-
     /**
      * Ensures that the list of actually cloned collections (returned by the cloning command)
      * matches the list of collections to clone (persisted in the coordinator document).