Homec4science

Move toward multi-master replicated repositories

Authored by epriestley <git@epriestley.com> on Apr 11 2016, 20:58.

Description

Move toward multi-master replicated repositories

Summary:
Ref T4292. This mostly implements the locking/versioning logic for multi-master repositories. It is only active on Git SSH pathways, and doesn't actually do anything useful yet: it just does bookkeeping so far.

When we read (e.g., git fetch) the logic goes like this:

  • Get the read lock (unique to device + repository).
    • Read all the versions of the repository on every other device.
    • If any node has a newer version:
      • Fetch the newer version.
      • Increment our version to be the same as the version we fetched.
  • Release the read lock.
  • Actually do the fetch.

This makes sure that any time you do a read, you always read the most recently acknowledged write. You may have to wait for an internal fetch to happen (this isn't actually implemented yet) but the operation will always work like you expect it to.

When we write (e.g., git push) the logic goes like this:

  • Get the write lock (unique to the repository).
    • Do all the read steps so we're up to date.
    • Mark a write pending.
      • Do the actual write.
    • Bump our version and mark our write finished.
  • Release the write lock.

This allows you to write to any replica. Again, you might have to wait for a fetch first, but everything will work like you expect.

There's one notable failure mode here: if the network connection between the repository node and the database fails during the write, the write lock might be released even though a write is ongoing.

The "isWriting" column protects against that, by staying locked if we lose our connection to the database. This will currently "freeze" the repository (prevent any new writes) until an administrator can sort things out, since it'd dangerous to continue doing writes (we may lose data).

(Since we won't actually acknowledge the write, I think, we could probably smooth this out a bit and make it self-healing most of the time: basically, have the broken node rewind itself by updating from another good node. But that's a little more complex.)

Test Plan:

  • Pushed changes to a cluster-mode repository.
  • Viewed web interface, saw "writing" flag and version changes.
  • Pulled changes.
  • Faked various failures, got sensible states.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T4292

Differential Revision: https://secure.phabricator.com/D15688

Details

Committed
epriestley <git@epriestley.com>Apr 12 2016, 17:57
Pushed
aubortJan 31 2017, 17:16
Parents
rPH58eef68b7c60: Rough cut of repository cluster status panel
Branches
Unknown
Tags
Unknown

Event Timeline

epriestley <git@epriestley.com> committed rPH4244cad99073: Move toward multi-master replicated repositories (authored by epriestley <git@epriestley.com>).Apr 12 2016, 17:57