KAFKA-16533; Update voter handling

[jsancio]

Add support for handling the update voter RPC. The update voter RPC is used to automatically update the voters supported kraft versions and available endpoints as the operator upgrades and reconfigures the KRaft controllers.

The add voter RPC is handled as follow:

1. Check that the leader has fenced the previous leader(s) by checking that the HWM is known, otherwise return the REQUEST_TIMED_OUT error.
2. Check that the cluster supports kraft.version 1, otherwise return the UNSUPPORTED_VERSION error.
3. Check that there are no uncommitted voter changes, otherwise return the REQUEST_TIMED_OUT error.
4. Check that the updated voter still supports the currently finalized kraft.version, otherwise return the INVALID_REQUEST error.
5. Check that the updated voter is still listening on the default listener.
6. Append the updated VotersRecord to the log. The KRaft internal listener will read this uncommitted record from the log and update the voter in the set of voters.
7. Wait for the VotersRecord to commit using the majority of the voters. Return a REQUEST_TIMED_OUT error if it doesn't commit in time.
8. Send the UpdateVoter successful response to the voter.

Lastly, this change also implements the ability for the leader to update its own entry in the voter set when it becomes leader for an epoch. This is done by updating the voter set and writing a control batch as the first batch in a new leader epoch.

Committer Checklist (excluded from commit message)

• Verify design and implementation
• Verify test coverage and CI build status
• Verify documentation (including upgrade notes)

[ahuang98]

Only a few minor comments

[ahuang98]

nit: specialized update voter handler

[jsancio]

Done

[ahuang98]

nit: I know this is the convention handleFetchSnapshotRequest uses too, but could we rename to leaderValidationError?

[jsancio]

Are you referring to the variable name? Replace "leaderValidation" with "leaderValidationError"?

[jsancio]

Done

[ahuang98]

wonder if we might benefit from the update voter response schema including an error message field.

[jsancio]

I thought about this before. The ErrorMessage field is a human readable message meant to be displayed to the end user. This is why the admin RPCs (AddVoter and RemoveVoter) have the additional ErrorMessage field. UpdateVoter is an internal RPC. Internal RPCs don't tend to have a human readable error message.

[ahuang98]

what about some logging in the error cases? although the RPC is internal, an invalid update could stem from operator action (and it could be useful for them to dig into logs to understand why an update failed)

[ahuang98]

do want to catch any illegalArgumentExceptions that might be thrown from this method?

[jsancio]

Hmm. Catching IllegalArgumentExceptions is not enough. Let me file an issue to audit all of the validation of the new RPCs: https://issues.apache.org/jira/browse/KAFKA-17264

[ahuang98]

does this need to be passed in vs imported in UpdateVoterHandler?

[jsancio]

Not sure I understand the question. In general inputs to a type or method should be limited to what they require. This avoid passing a configuration object with many methods where only one is used or required.

[ahuang98]

sorry, you can ignore this comment. I had mistakenly thought it would be possible to import the underlying config in UpdateVoterHandler

[ahuang98]

another place where it would be nice if there was an error msg (or at least logging)

[ahuang98]

nit: Return true if the provided voter node ...

[jsancio]

Done.

[cmccabe]

It seems like RequestResponseTest.createUpdateRaftVoterResponse has not been updated to set these new fields.

[jsancio]

Fixed.

[cmccabe]

LGTM. Committed.