Support specifying expected primary in ERS/PRS

[timvaillancourt]

Description

This PR allows a EmergencyReparentShard/PlannedReparentShard request to contain the alias of the primary we expect to be the current primary for the action to succeed. If this alias is incorrect or stale, the reparent fails with an error indicating there is a failed precondition/mismatch.

This is useful to prevent races between external automation that runs reparents and Vitess (vtorc and vtctld), which may reparent a shard in the time external automation is creating/processing it's own reparent request. With this support added, automation with a stale view of the world will encounter an error instead of triggering an potentially unnecessary reparent

In the future, Vitess could use this field internally to be more explicit but because everything uses shard locks, it should never encounter a mismatch

Related Issue(s)

Resolves #16430

Checklist

• "Backport to:" labels have been added if this change should be back-ported to release branches
• If this change is to be back-ported to previous releases, a justification is included in the PR description
• Tests were added or are not required
• Did the new or modified tests pass consistently locally and on CI?
• Documentation was added or is not required

Deployment Notes

[vitess-bot]

Review Checklist

Hello reviewers! 👋 Please follow this checklist when reviewing this Pull Request.

General

• Ensure that the Pull Request has a descriptive title.
• Ensure there is a link to an issue (except for internal cleanup and flaky test fixes), new features should have an RFC that documents use cases and test cases.

Tests

• Bug fixes should have at least one unit or end-to-end test, enhancement and new features should have a sufficient number of tests.

Documentation

• Apply the release notes (needs details) label if users need to know about this change.
• New features should be documented.
• There should be some code comments as to why things are implemented the way they are.
• There should be a comment at the top of each new or modified test to explain what the test does.

New flags

• Is this flag really necessary?
• Flag names must be clear and intuitive, use dashes (-), and have a clear help text.

If a workflow is added or modified:

• Each item in Jobs should be named in order to mark it as required.
• If the workflow needs to be marked as required, the maintainer team must be notified.

Backward compatibility

• Protobuf changes should be wire-compatible.
• Changes to _vt tables and RPCs need to be backward compatible.
• RPC changes should be compatible with vitess-operator
• If a flag is removed, then it should also be removed from vitess-operator and arewefastyet, if used there.
• vtctl command output order should be stable and awk-able.

[codecov]

Codecov Report

Attention: Patch coverage is 50.00000% with 15 lines in your changes missing coverage. Please review.

Project coverage is 69.43%. Comparing base (2e2b223) to head (40c78a2).
Report is 15 commits behind head on main.

Files with missing lines	Patch %	Lines
go/cmd/vtctldclient/command/reparents.go	12.50%	14 Missing ⚠️
go/vt/vtctl/grpcvtctldserver/server.go	75.00%	1 Missing ⚠️

Additional details and impacted files

@@           Coverage Diff            @@
##             main   #16852    +/-   ##
========================================
  Coverage   69.43%   69.43%            
========================================
  Files        1571     1571            
  Lines      203021   203223   +202     
========================================
+ Hits       140970   141117   +147     
- Misses      62051    62106    +55     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[mattlord]

You'll want to add support for this in the client command, no? Here: go/cmd/vtctldclient/command/reparents.go

[timvaillancourt]

You'll want to add support for this in the client command, no? Here: go/cmd/vtctldclient/command/reparents.go

@mattlord oh thanks, yes I'll add support for the CLI binary 👍👀

[timvaillancourt]

Added:

tvaillancourt@tvailla-ltmxctu vitess % ./bin/vtctldclient EmergencyReparentShard --help 2>&1 | grep expected-primary
      --expected-primary string          Alias of a tablet that must be the current primary in order for the reparent to be processed.

👍

[arthurschreiber]

@timvaillancourt Can we have that same cli flag for PlannedReparentShard as well? 😬

[timvaillancourt]

@arthurschreiber in the original issue we discussed adding this to PRS too but the recommendation was to use the new primary flag to fence things. Of course that only works if all systems agree on a candidate, which isn't guaranteed

I'd be on board with adding this to PRS too if no objections

[arthurschreiber]

Adding this to PRS would make our operations a lot more robust. Obviously, PRS takes a lock before modifying a shard, so no two PRS operations can run at the same time, but we'd also like to guarantee that we don't fail over a shard during the buffer cooldown period we have set.

We can check the time when the current primary started serving, but we can't guarantee that a PRS from some other automation or manual call jumps in between the check of the timestamp and the call to PRS. Allowing us to specify the expected current primary for PRS as well would allow us to abort if the primary got changed unexpectedly.

[mattlord]

I think the idea of being able to enforce a specific sequence or state machine for the shard leadership/primaryship makes a lot of sense for both ERS and PRS, FWIW. 🙂

[timvaillancourt]

@arthurschreiber / @mattlord yeah, I think it's a good idea for both so I'll update this PR to add that

As mentioned, Vitess could use this internally too (probably in +1 release). It would never hit a conflict (unless we broke something) but it wouldn't hurt either

EDIT: I also realized RequiredPrimary might be more clear. Any thoughts?

[timvaillancourt]

I think I prefer the field-name RequiredPrimary now but let's vote on it

🎉 for ExpectedPrimary
🚀 for RequiredPrimary
👀 for ExpectedCurrentPrimary
😄 for RequiredCurrentPrimary

Or other suggestions appreciated

[GuptaManan100]

LGTM!

[deepthi]

I think I prefer the field-name RequiredPrimary now but let's vote on it

🎉 for ExpectedPrimary 🚀 for RequiredPrimary

Or other suggestions appreciated

RequiredCurrentPrimary OR ExpectedCurrentPrimary :)

[deepthi]

LGTM. Once the flag name is final, you should edit the PR description to document command usage. I've added a label that prevents merge, and you can remove the label and merge it at that point.

[timvaillancourt]

LGTM. Once the flag name is final, you should edit the PR description to document command usage. I've added a label that prevents merge, and you can remove the label and merge it at that point.

Sounds good! It looks like there weren't many strong opinions on naming

I think I've flip/flopped back to leaving this as-is. My reasoning is if I say what I'm asking to do out loud it is "do X reparent and I expect Y to be still be the primary". And I feel adding Current is redundant because there can only be a single primary