diff --git a/design/recovery-internals.md b/design/recovery-internals.md index 244c90c373..c30ffd812f 100644 --- a/design/recovery-internals.md +++ b/design/recovery-internals.md @@ -182,7 +182,7 @@ Now the main steps in recovery have finished. The CC keeps waiting for all tLogs ## Phase 6: ACCEPTING_COMMITS -The transaction system starts to accept new transactions. This doesn't mean that this committed data will be available for reading by clients, because storage servers are not guaranteed to be alive in the recovery process. In case storage servers have not been alive, write-only transactions can be committed and will be buffered in tLogs. If storage servers are unavailable for long enough, pushing tLogs' memory usage above a configurable threshold, rakekeepr will throttle all transactions. +The transaction system starts to accept new transactions. This doesn't mean that this committed data will be available for reading by clients, because storage servers are not guaranteed to be alive in the recovery process. In case storage servers have not been alive, write-only transactions can be committed and will be buffered in tLogs. If storage servers are unavailable for long enough, pushing tLogs' memory usage above a configurable threshold, ratekeeper will throttle all transactions. ## Phase 7: ALL_LOGS_RECRUITED diff --git a/fdbserver/QuietDatabase.actor.cpp b/fdbserver/QuietDatabase.actor.cpp index 029080da4d..07cdae9dd4 100644 --- a/fdbserver/QuietDatabase.actor.cpp +++ b/fdbserver/QuietDatabase.actor.cpp @@ -673,6 +673,8 @@ ACTOR Future repairDeadDatacenter(Database cx, .detail("RemoteDead", remoteDead) .detail("PrimaryDead", primaryDead); g_simulator->usableRegions = 1; + g_simulator->killDataCenter( + primaryDead ? g_simulator->primaryDcId : g_simulator->remoteDcId, ISimulator::KillInstantly, true); wait(success(ManagementAPI::changeConfig( cx.getReference(), (primaryDead ? g_simulator->disablePrimary : g_simulator->disableRemote) + " repopulate_anti_quorum=1",