c/controller_backend: try to force-abort reconfiguration only on leaders

Previously, when force-aborting a reconfiguration, we appended an aborting configuration on all replicas. This can lead to log inconsistencies as on followers the configuration will be duplicated (one from own append, one replicated by the leader). Although these inconsistencies are expected for force-abort, if the leader is alive, we can minimize the chance of their appearance by waiting on followers for the aborting config to be replicated from the leader. Fixes redpanda-data#17847 (cherry picked from commit 8e221d3)
vbotbuildovich · Apr 24, 2024 · 031e6fd · 031e6fd
1 parent dde14e5
commit 031e6fd
Showing 1 changed file with 8 additions and 0 deletions.
diff --git a/src/v/cluster/controller_backend.cc b/src/v/cluster/controller_backend.cc
@@ -1685,6 +1685,14 @@ controller_backend::force_abort_replica_set_update(
         }
         co_return errc::waiting_for_recovery;
     } else {
+        auto leader_id = partition->get_leader_id();
+        if (leader_id && leader_id != _self) {
+            // The leader is alive and we are a follower. Wait for the leader to
+            // replicate the aborting configuration, but don't append it
+            // ourselves to minimize the chance of log inconsistency.
+            co_return errc::not_leader;
+        }
+
         vlog(
           clusterlog.debug,
           "[{}] force-aborting reconfiguration",