[GitHub] [zookeeper] hanm commented on a change in pull request #1069: ZOOKEEPER-3056: Fails to load database with missing snapshot file but with valid transaction log file.

[GitBox]

hanm commented on a change in pull request #1069: ZOOKEEPER-3056: Fails to load 
database with missing snapshot file but with valid transaction log file.
URL: https://github.com/apache/zookeeper/pull/1069#discussion_r319677093
 
 

 ##########
 File path: 
zookeeper-server/src/main/java/org/apache/zookeeper/server/persistence/FileTxnSnapLog.java
 ##########
 @@ -232,11 +240,19 @@ public long restore(DataTree dt, Map<Long, Integer> 
sessions, PlayBackListener l
         } else {
             trustEmptyDB = autoCreateDB;
         }
+
         if (-1L == deserializeResult) {
             /* this means that we couldn't find any snapshot, so we need to
              * initialize an empty database (reported in ZOOKEEPER-2325) */
             if (txnLog.getLastLoggedZxid() != -1) {
-                throw new IOException("No snapshot found, but there are log 
entries. " + "Something is broken!");
+                // ZOOKEEPER-3056: provides an escape hatch for users upgrading
+                // from old versions of zookeeper (3.4.x, pre 3.5.3).
+                if (!trustEmptySnapshot) {
+                    throw new IOException(EMPTY_SNAPSHOT_WARNING + "Something 
is broken!");
+                } else {
+                    LOG.warn(EMPTY_SNAPSHOT_WARNING + "This should only be 
allowed during upgrading.");
+                    trustEmptySnapshot = false;
+                }
             }
 
             if (trustEmptyDB) {
 
 Review comment:
   I thought about this, and I didn't get into `trustEmptyDB` because it seems 
create another problem for upgrading, which might require a separate discussion.
   
   Basically if we don't set `trustEmptyDB`, then it's possible to have 
zookeeper server in a valid state with no snapshot files but only transaction 
log files similar to older version of ZooKeeper. Since we treat such case as 
invalid, yet we essentially allow such case happen in first place, this seems 
self contradictory and inconsistent. Always creating at least one snapshot 
sounds like a good solution here, but that require we always execute the code 
path when `trustEmptyDB ` is set (which, is the default case).
   
   Is there any cases where we don't want to set `trustEmptyDB ` ?
   

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


With regards,
Apache Git Services