[Tarantool-patches] [RFC] Quorum-based synchronous replication
Vladislav Shpilevoy
v.shpilevoy at tarantool.org
Wed Apr 22 23:28:03 MSK 2020
>>>> Basically, it would be nice to see the split-brain problem description here,
>>>> and its solution for us.
>>>>
>>> I believe the split-brain is under orchestrator control either - we
>>> should provide API to switch leader in the cluster, so that when a
>>> former leader came back it will not get quorum for any txn it has,
>>> replying to customers with failure as a result.
>>
>> Exactly. We should provide something for this from inside. But are there
>> any details? How should that work? Should all the healthy replicas reject
>> everything from the false-leader? Should the false-leader somehow realize,
>> that it is not considered a leader anymore, and should stop itself? If we
>> choose the former way, how a replica defines who is the true leader? For
>> example, some replicas still may consider the old leader as a true master.
>> If we choose the latter way, what is the algorithm of determining that we
>> are not a leader anymore?
>>
> It is all about external orchestration - if replica can't get ping from
> leader it stops, reporting its status to orchestrator.
> If leader lost number of replicas that makes quorum impossible - it
> stops replication, reporting to the orchestrator.
> Will it be sufficient to cover the question?
Perhaps.
More information about the Tarantool-patches
mailing list