> What do you mean by "the changes of expelled replicas"?

Check the comment in replica_clear_id. Right now when you delete
replica from _cluster, you keep its slot in vclock. The goal is to
reuse it.

> However, it's true that vclock comparisons are used in creating snapshots
> and finding the latest xlog on recovery.
> So an anonymous replica won't create new snapshots if the only new changes
> are the one made on the anonymous replica. Some problems with recovery may
> also exist. I don't know whether it's severe enough, but looks not so good.
> Thanks for pointing this out!
>
> >
> >
> > A much safer bet would be to use a new special id number, like
> > UINT64_MAX, and not change meaning of an existing id.
>
> This won't help IMO. We still have cases where this vclock component
> should be ignored (replication) and cases where it should be taken into
> account (checkpoint/xlog clock).
> What about this change? I pushed it to the branch.
> Also there's no need to fix vclock tests anymore.

It is also a hack. It's best if all of the complexity of an
anonymous replica resides on it and the master doesn't deal with
it in any way. Refusing the connection from master with a proper
error message seems to be simple & reliable way to do it without
mangling vclock logic.