Validate build hash of joining node #65249
Assignees
Labels
:Distributed Coordination/Cluster Coordination
Cluster formation and cluster state publication, including cluster membership and fault detection.
>enhancement
Team:Distributed (Obsolete)
Meta label for distributed team (obsolete). Replaced by Distributed Indexing/Coordination.
Comments
DaveCTurner
added
>enhancement
:Distributed Coordination/Cluster Coordination
elasticmachine
added
the
Team:Distributed (Obsolete)
|
Pinging @elastic/es-distributed (Team:Distributed) |
|
We discussed this in the most recent team sync and decided to proceed. This change will block any folks that are inadvertently relying on today's lenience in their testing workflows, and we don't have a good way to determine who those people are, so the Cloud testing folks have requested an escape hatch to temporarily restore the lenient behaviour in case it's needed in an emergency. We'll introduce and immediately deprecate a system property that provides this escape hatch. |
DaveCTurner
added a commit
to DaveCTurner/elasticsearch
that referenced
this issue
Nov 30, 2020
There is no guarantee of wire compatibility between nodes running different builds of the same version, but today we do not validate whether two communicating nodes are compatible or not. This results in confusing failures that look like serialization bugs, and it usually takes nontrivial effort to determine that the failure is in fact due to the user running incompatible builds. This commit adds the build hash to the transport service handshake and validates that matching versions have matching build hashes. Closes elastic#65249
DaveCTurner
added a commit
to DaveCTurner/elasticsearch
that referenced
this issue
Dec 2, 2020
There is no guarantee of wire compatibility between nodes running different builds of the same version, but today we do not validate whether two communicating nodes are compatible or not. This results in confusing failures that look like serialization bugs, and it usually takes nontrivial effort to determine that the failure is in fact due to the user running incompatible builds. This commit adds the build hash to the transport service handshake and validates that matching versions have matching build hashes. Closes elastic#65249
DaveCTurner
added a commit
that referenced
this issue
Dec 2, 2020
There is no guarantee of wire compatibility between nodes running different builds of the same version, but today we do not validate whether two communicating nodes are compatible or not. This results in confusing failures that look like serialization bugs, and it usually takes nontrivial effort to determine that the failure is in fact due to the user running incompatible builds. This commit adds the build hash to the transport service handshake and validates that matching versions have matching build hashes. Closes #65249
DaveCTurner
added a commit
that referenced
this issue
Dec 2, 2020
There is no guarantee of wire compatibility between nodes running different builds of the same version, but today we do not validate whether two communicating nodes are compatible or not. This results in confusing failures that look like serialization bugs, and it usually takes nontrivial effort to determine that the failure is in fact due to the user running incompatible builds. This commit adds the build hash to the transport service handshake and validates that matching versions have matching build hashes. Closes #65249 Backport of #65732
DaveCTurner
added a commit
to DaveCTurner/elasticsearch
that referenced
this issue
Dec 2, 2020
Today in `7.x` there is a deprecated system property that bypasses the check that prevents nodes of incompatible builds from communicating. This commit removes the system property in `master` so that the check is always enforced. Relates elastic#65601, elastic#65249
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Today our more intrepid users sometimes form a cluster from unreleased versions in order to test out new functionality. This is usually fine, and indeed is encouraged, but can lead to difficulties if they happen to use two different builds of the same numbered version since there is no guarantee of compatibility between such builds. Clusters like this can behave quite strangely and it can be tricky to work out why. A similar issue occurs when using a remote cluster with an equal version but a different build hash.
I'm opening this issue to discuss whether we should prevent an invalid mix of nodes from forming a faulty cluster or remote cluster connection by sharing
Build.CURRENT.hash()as well asVersion.CURRENTsomewhere in the handshaking process. If two nodes determine that they have the same numbered version, but a different build hash, then they would emit a warning and drop the connection.The text was updated successfully, but these errors were encountered: