Page MenuHomePhabricator
Differential D13213

[keyserver] stall secondary nodes until database version is equal to or greater than latest wrapped in transaction request blocking migration version.
ClosedPublic
Actions

Authored by will on Aug 30 2024, 8:49 AM.
Tags
None
Referenced Files
Unknown Object (File)
Tue, Oct 22, 6:29 PM
Unknown Object (File)
Tue, Oct 22, 1:18 PM
Unknown Object (File)
Tue, Oct 22, 1:18 PM
Unknown Object (File)
Tue, Oct 22, 10:22 AM
Unknown Object (File)
Tue, Oct 22, 10:22 AM
Unknown Object (File)
Fri, Oct 18, 5:15 PM
Unknown Object (File)
Thu, Oct 10, 1:10 PM
Unknown Object (File)
Oct 7 2024, 2:41 AM
View All 51 Files
Subscribers
ashoat
tomek

Details

Reviewers
ashoat
Commits
rCOMM432041206b16: [keyserver] stall secondary nodes until database version is equal to or greater…
Summary

This blocks the secondary nodes from accepting any other traffic other than health checks while the current dbVersion is less than the latest migration specifying wrap_in_transaction_and_block_requests.

Depends on D13212

Test Plan

I created two migrations and a new keyserver docker image.

Both migrations included await sleep. The first migration specified wrap_in_transaction_and_block_requests and the second migration specified run_simultaneously_with_requests.

While the first migration was running (and the primary node was unavailable due to running the migration), only health checks were available on the load balancer, meaning that the secondary nodes were only accepting health check traffic.

I also console logged to ensure the loop was running. On the second migration however, all endpoints were available for secondary nodes.

Diff Detail

Repository
rCOMM Comm
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

will created this revision.Aug 30 2024, 8:49 AM
Herald added subscribers: tomek, ashoat. · View Herald TranscriptAug 30 2024, 8:49 AM
Harbormaster returned this revision to the author for changes because remote builds failed.Aug 30 2024, 8:59 AM
Harbormaster failed remote builds in B31373: Diff 43817!
Harbormaster completed remote builds in B31373: Diff 43817.Aug 30 2024, 9:56 AM
will requested review of this revision.Aug 30 2024, 9:56 AM
will added a child revision: D13105: [docs] Include documentation on running your own self-hosted keyserver through aws.Aug 30 2024, 1:11 PM
will added a reviewer: ashoat.Sep 3 2024, 8:01 AM
ashoat accepted this revision.Sep 4 2024, 11:08 PM

In D13172, you had to stop the Express server after starting it, which forced you to introduce a new dependency (stoppable). Why was that not necessary here?

keyserver/src/keyserver.js
211–216 ↗(On Diff #43817)

You could probably dedup lines 211 and 215 if you use a do-while loop

This revision is now accepted and ready to land.Sep 4 2024, 11:08 PM
ashoat mentioned this in D13172: [keyserver] run a temporary express health check server during migration for AWS load balancer health checks.Sep 4 2024, 11:16 PM
will added a comment.Sep 5 2024, 6:39 AM
In D13213#373288, @ashoat wrote:

In D13172, you had to stop the Express server after starting it, which forced you to introduce a new dependency (stoppable). Why was that not necessary here?

In this diff, we don't use two express servers. Express servers start with only health checks. Endpoints are dynamically added after we confirm the migration has occurred.

In D13172, we have an express server initialized in the master process. This express server didn't exist before. The situation was that we need the health check to be available during the migration and so needed to be initialized in the master process. However, this express server conflicts with later express servers in non-master processes that listen on the same port.

For example, if there's a hanging request on the master express server, the actual keyserver endpoints would never become available until all requests are resolved. This unfortunately doesn't seem to be guaranteed unless we use something like stoppable to forcibly shutdown the master express server so non-master servers can listen on the port.

This diff doesn't require the health check to exist prior to any non-master process code and so we can simply start with a health check and add endpoints later with a single express server.

will removed a parent revision: D13209: [keyserver] add migration type to migrations.Sep 8 2024, 8:16 PM
will edited the summary of this revision. (Show Details)Sep 8 2024, 8:18 PM
will added a parent revision: D13212: [keyserver] only wrap migration in transaction if specified in migrationType.
will marked an inline comment as done.Sep 8 2024, 8:34 PM
will updated this revision to Diff 43953.Sep 8 2024, 8:48 PM

update latest version to block on with default

will updated this revision to Diff 43954.Sep 8 2024, 8:51 PM

review feedback

Harbormaster completed remote builds in B31475: Diff 43953.Sep 8 2024, 9:06 PM
Harbormaster completed remote builds in B31476: Diff 43954.
will removed a child revision: D13105: [docs] Include documentation on running your own self-hosted keyserver through aws.Sep 8 2024, 9:11 PM
will updated this revision to Diff 43955.Sep 8 2024, 9:15 PM

switch around

Harbormaster completed remote builds in B31477: Diff 43955.Sep 8 2024, 9:32 PM
Closed by commit rCOMM432041206b16: [keyserver] stall secondary nodes until database version is equal to or greater… (authored by will). · Explain WhySep 8 2024, 9:48 PM
This revision was automatically updated to reflect the committed changes.
will added a commit: rCOMM432041206b16: [keyserver] stall secondary nodes until database version is equal to or greater….
ashoat added inline comments.Sep 9 2024, 12:38 PM
keyserver/src/keyserver.js
213

Why'd you opt to sleep first? Doesn't this slow down all secondary node startup by 5s?

will added inline comments.Sep 9 2024, 12:44 PM
keyserver/src/keyserver.js
213

Even if we slept after we set dbVersion, wouldn't it still slow down secondary node startup by 5s? Was wondering if we needed to do another dbVersion < latestWrapInTransactionAndBlockRequestsVersion check inside the do block, but thought against it.

Code clarity wise, it likely makes more sense to flip them, so I'll do that right now.

will added inline comments.Sep 9 2024, 12:48 PM
keyserver/src/keyserver.js
213

https://phab.comm.dev/D13273

Revision Contents
Changeset List

PathSize
keyserver/
src/
database/
12 lines
36 lines

Diff 43960

View Options

keyserver/src/database/migration-config.js

Loading...
View Options

keyserver/src/keyserver.js

Loading...