Mike Percy created KUDU-1724:
--------------------------------
Summary: Add ability to elect a leader with an "unsafe" number of
votes
Key: KUDU-1724
URL: https://issues.apache.org/jira/browse/KUDU-1724
Project: Kudu
Issue Type: Bug
Components: consensus, ops-tooling, supportability
Reporter: Mike Percy
As a generalization of KUDU-1720, it would be useful to be able to start a
leader election that does not require a "safe" number of votes for the leader
to consider it successful.
Imagine that we have 5 replicas and 3 replicas are permanently offline. We know
that the remaining 3 replicas will never come back online and there is
currently no leader. As part of an emergency maintenance procedure, and
administrator needs to get a leader back online so that an emergency
configuration change can be forced (see KUDU-1721).
The administrator potentially has a couple of options:
1. Choose a leader based on how full the replica's log is, based on manual or
automatic inspection
2. Run a leader election that only considers the remaining nodes as potential
voters: for example, even though the full config is 5 nodes, if there are only
2 nodes remaining then this particular election can consider there to be only 2
valid voters.
Requiring some form of election to take place, even if it is not a "safe"
election, is more likely to lose the minimum possible amount of data since that
is what the election protocol is designed to do. Only the most up-to-date
remaining replica should get elected.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
