Page MenuHomePhabricator

Move toward multi-master replicated repositories
ClosedPublic

Authored by epriestley on Apr 12 2016, 12:22 PM.
Tags
None
Referenced Files
F12837923: D15688.diff
Thu, Mar 28, 5:40 PM
Unknown Object (File)
Wed, Mar 27, 6:44 AM
Unknown Object (File)
Feb 10 2024, 8:31 PM
Unknown Object (File)
Jan 28 2024, 1:50 AM
Unknown Object (File)
Jan 17 2024, 12:40 AM
Unknown Object (File)
Dec 26 2023, 5:51 PM
Unknown Object (File)
Dec 15 2023, 1:55 PM
Unknown Object (File)
Nov 30 2023, 12:53 AM
Subscribers
None

Details

Summary

Ref T4292. This mostly implements the locking/versioning logic for multi-master repositories. It is only active on Git SSH pathways, and doesn't actually do anything useful yet: it just does bookkeeping so far.

When we read (e.g., git fetch) the logic goes like this:

  • Get the read lock (unique to device + repository).
    • Read all the versions of the repository on every other device.
    • If any node has a newer version:
      • Fetch the newer version.
      • Increment our version to be the same as the version we fetched.
  • Release the read lock.
  • Actually do the fetch.

This makes sure that any time you do a read, you always read the most recently acknowledged write. You may have to wait for an internal fetch to happen (this isn't actually implemented yet) but the operation will always work like you expect it to.

When we write (e.g., git push) the logic goes like this:

  • Get the write lock (unique to the repository).
    • Do all the read steps so we're up to date.
    • Mark a write pending.
      • Do the actual write.
    • Bump our version and mark our write finished.
  • Release the write lock.

This allows you to write to any replica. Again, you might have to wait for a fetch first, but everything will work like you expect.

There's one notable failure mode here: if the network connection between the repository node and the database fails during the write, the write lock might be released even though a write is ongoing.

The "isWriting" column protects against that, by staying locked if we lose our connection to the database. This will currently "freeze" the repository (prevent any new writes) until an administrator can sort things out, since it'd dangerous to continue doing writes (we may lose data).

(Since we won't actually acknowledge the write, I think, we could probably smooth this out a bit and make it self-healing most of the time: basically, have the broken node rewind itself by updating from another good node. But that's a little more complex.)

Test Plan
  • Pushed changes to a cluster-mode repository.
  • Viewed web interface, saw "writing" flag and version changes.
  • Pulled changes.
  • Faked various failures, got sensible states.

Event Timeline

epriestley retitled this revision from to Move toward multi-master replicated repositories.
epriestley updated this object.
epriestley edited the test plan for this revision. (Show Details)
epriestley added a reviewer: chad.

Here is a thrilling photo showing a number and also a little icon:

Screen Shot 2016-04-12 at 5.31.36 AM.png (667×1 px, 113 KB)

chad edited edge metadata.
This revision is now accepted and ready to land.Apr 12 2016, 3:07 PM
This revision was automatically updated to reflect the committed changes.