storage: prevent opening unsupported database engine #89836
Comments
jbowens
added
the
C-bug
|
What is the correct policy for when a version is too old? Is it correct to say that the database version must be at least |
Yeah, I think that's right. |
|
AFAICT this check already exists: cockroach/pkg/kv/kvserver/stores.go Line 407 in 3414b03 I verified manually by starting a new 21.2 cluster then running 22.2: Perhaps in the encryption-at-rest case we get an earlier, less useful error? In any case, it looks like we are covered functionally so I'm not sure there is anything to do here. |
This issue is about moving the check up to before we ever open the engine. The above check doesn't use the min-version file and uses the old cluster version key that's stored within the engine itself. In some cases, waiting until you've already opened the engine to check compatibility is too late and has potential to corrupt the database. We'd like to:
|
|
Ah, thanks for the clarification! If we make those changes, it feels like we'll need to require the existence of the min-version file. It looks like it was added in v21.2 so that would be a safe change at this point. |
This change adds a check for old versions as soon as we open the min version file, before opening the store. We currently check this at a later time; in some cases, it is too late and there is potential for corruption. Release note: None Fixes cockroachdb#89836
96394: storage: check for old store version upfront r=RaduBerinde a=RaduBerinde #### storage: minor cleanup around MinVersionIsAtLeastTargetVersion Removing this unused method from the Engine interface. Release note: None #### storage: check for old store version upfront This change adds a check for old versions as soon as we open the min version file, before opening the store. We currently check this at a later time; in some cases, it is too late and there is potential for corruption. Release note: None Fixes #89836 Co-authored-by: Radu Berinde <radu@cockroachlabs.com>
This change adds a check for old versions as soon as we open the min version file, before opening the store. We currently check this at a later time; in some cases, it is too late and there is potential for corruption. Release note: None Fixes cockroachdb#89836
Related to #42653.
Now that the active cluster version is persisted outside of the engine, we should fail early (before opening the Engine) if the database's cluster version is too old. This has come before in support issues where a client receives an inscrutable encryption-at-rest error message when they forgot to finalize the pervious version's cluster version.
This would also help guard against corruption based on assumptions that database state is at least the previous Cockroach version's cluster version.
Jira issue: CRDB-20461
The text was updated successfully, but these errors were encountered: