You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@kafka.apache.org by "Jason Gustafson (Jira)" <ji...@apache.org> on 2019/12/30 22:55:00 UTC

[jira] [Resolved] (KAFKA-661) Prevent a shutting down broker from re-entering the ISR

     [ https://issues.apache.org/jira/browse/KAFKA-661?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Jason Gustafson resolved KAFKA-661.
-----------------------------------
    Resolution: Fixed

This patch is fixed by KIP-320, which adds leader epoch validation to the replica fetchers. When the ISR is shrunk for the shutting down broker, the leader epoch will be bumped. Followers fetching with an older epoch will be fenced. This, along with the leader and ISR znode version checking ensures that a shutting down replica cannot be added back to the ISR.

> Prevent a shutting down broker from re-entering the ISR
> -------------------------------------------------------
>
>                 Key: KAFKA-661
>                 URL: https://issues.apache.org/jira/browse/KAFKA-661
>             Project: Kafka
>          Issue Type: Bug
>          Components: replication
>    Affects Versions: 0.8.0, 0.8.1
>            Reporter: Joel Jacob Koshy
>            Priority: Major
>
> There is a timing issue in controlled shutdown that affects low-volume topics. The leader that is being shut down receives a leaderAndIsrRequest informing it is no longer the leader and thus starts up a follower which starts issuing fetch requests to the new leader. We then shrink the ISR and send a StopReplicaRequest to the shutting down broker. However, the new leader upon receiving the fetch request expands the ISR again.
> This does not really have critical impact in the sense that it can cause producers to that topic to timeout. However, there are probably very few or no produce requests coming in as it primarily affects low-volume topics. The shutdown logic itself seems to be working correctly in that the leader has been successfully moved.
> One possible approach would be to use the callback feature in the ControllerBrokerRequestBatch and wait until the StopReplicaRequest has been processed by the shutting down broker before shrinking the ISR; and there are probably other ways as well.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)