Description
It would be helpful from an availability perspective to allow aborting a failed config-change operation.
This requires some careful thought to determine a safe design but some options might include:
- Allow a second concurrent config change operation to proceed if it reverts the "active" config to the "committed" config
- If the config change fails, have the leader attempt to rev the term and push a new NO_OP OpId with the same log index as the config change but a new term.
Attachments
Issue Links
- duplicates
-
KUDU-1194 consensus: Allow abort of uncommittable config change ops
- Open