Page MenuHomePhabricator
Create Task
Maniphest T295050

Investigate mapdata API caching
Closed, ResolvedPublic2 Estimated Story Points
Actions

Description

This endpoint should have a 24-hour TTL, but responses seem to show cache headers being disabled and varnish x-cache always reads "miss, pass". This task is to look into the API logs to determine whether mapdata is being cached.

Also verify that the API endpoint is unable to return hidden revisions using the current user's permissions, or that if it does it prevents caching.

Related Objects
Search...

Event Timeline

awight created this task.Nov 4 2021, 3:07 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptNov 4 2021, 3:07 PM
TheDJ subscribed.EditedNov 4 2021, 9:40 PM

requires using &maxage= (and &uselang=content for non-private caching) when making the api request.
https://www.mediawiki.org/wiki/API:Caching_data

TheDJ added a subscriber: Unknown Object (User).EditedNov 4 2021, 10:21 PM

It made the following request for one on my examples:

http://localhost/wiki/api.php?action=query&format=json&formatversion=2&titles=Help%3AExtension%3AKartographer&prop=mapdata&mpdlimit=max&mpdgroups=_41b9327d1138471b6311f5b5c773a6d29cc986b6

this is driven by @wikimedia/mapdata DataLoader.prototype.fetch()

awight added a project: WMDE-TechWish-Sprint-2021-10-27.Nov 5 2021, 8:44 AM
awight moved this task from Backlog to In sprint on the WMDE-GeoInfo-FocusArea board.Nov 5 2021, 10:33 AM
thiemowmde claimed this task.Nov 8 2021, 3:36 PM
thiemowmde moved this task from Sprint Backlog to Tech Review on the WMDE-TechWish-Sprint-2021-10-27 board.
thiemowmde subscribed.

I confirmed:

  • This is not new, just for the sake of completeness: While it's possible to use revids in the mapdata API, it will never return an older revision. In other words: revids are translated into titles, and everything is done based on the title.
  • I deleted the latest revision by deleting the page and restoring all but the latest revision. The mapdata API worked as expected and did not return data from the deleted revision. Not even while I was logged in as admin.
  • Note it's not possible to hide only the revision text of the latest revision.

Caching:

  • See the comments above. Thanks, @TheDJ!
  • https://www.mediawiki.org/wiki/API:Caching_data as well as the code in e.g. https://phabricator.wikimedia.org/source/mediawiki/browse/master/includes/api/ApiMain.php$746 explain that any more aggressive caching (i.e. more aggressive than what web browsers do by default) happens only when the API module's cache mode is "public" (this is the case for mapdata) and when a max age is set.
  • That max age can be set from the client with an additional …&maxage=… or …&smaxage=… parameter in the URL, in seconds. In other words: It's up to the client to tell if they are fine with possibly receiving slightly outdated data.
  • It's also possible to enforce this from the server, per API module. See e.g. https://codesearch.wmcloud.org/search/?q=%3EsetCacheMaxAge.
  • My suggestion: Let's enforce some more aggressive caching (e.g. a full day, 3600 seconds) for all mapdata API responses that include a revision ID. This works because the way we plan to implement this creates two very different ways the API behaves:
    1. Requests without a revid return the latest revision, and will continue to do so. But since the latest revision can change any time, the same API request might return something different any time. We can't enforce any caching for this.
    2. This is the exact opposite when revids are supported. These API requests are guaranteed to always return the exact same data. We can cache these as long as we want. The only exception is when the old revision changes, e.g. is deleted. But this is fine, I believe. This doesn't allow arbitrary attack scenarios. Only users that queried the same page before – with the exact same API query – might still get a cached response. But they have seen this before.

Note: While I believe we should do this no matter what, it won't have much of an impact on our cluster. When the Varnish caching works as expected there won't be more than one mapdata API request anyway. The moment the resulting .png is cached there is no reason to query the mapdata API again, for a while.

Pages with more than one map are no exception. Each map will not only have a different URL, but a different sha1 hash as well (not guaranteed in Wikivoyage mode, but still very likely). In other words: Two mapdata API requests on the same page typically don't share any data anyway. They can't benefit from each other's cache.

TheDJ added a comment.EditedNov 8 2021, 3:48 PM

Just one more reminder that there are OTHER issues than just revid with the current static map implementation/caching, esp when it concerns language variants T246314: Map cannot be displayed when Simplified Chinese characters are present, and things like including images in the description without a size set: T281007: Maps rendering should not depend on user variable image settings (default width).

As the static map rendered is not a logged in user, it requires all such geojson to be rendered as 'anonymous' at all times, but this is currently not enforced (uselang=content + simple style parser always making use of canonical parser options) (both for anonymous and authenticated requests). I do not think this currently leads to regressions, but it is something to keep in mind every time we touch the caching, we do not want to make things worse.

thiemowmde mentioned this in T293841: Estimate impact of our changes on production caches.Nov 8 2021, 4:21 PM
awight added a comment.Nov 8 2021, 4:39 PM
  • My suggestion: Let's enforce some more aggressive caching (e.g. a full day, 3600 seconds) for all mapdata API responses that include a revision ID.

I love this suggestion!

Note: While I believe we should do this no matter what, it won't have much of an impact on our cluster. When the Varnish caching works as expected there won't be more than one mapdata API request anyway. The moment the resulting .png is cached there is no reason to query the mapdata API again, for a while.

There are multiple pipelines to consider. Mapdata will only be called by the static map generator once per day, per map. However, the browser will pull directly from mapdata on demand, so we should start tracking statistics about how often maps are clicked (or find archival analysis). What you've described will still be a dramatic improvement over the uncached, latest revision mapdata.

The point about deleted revision deserves its own investigation. When a revision is deleted, we have a responsibility to purge any associated data that might be cached. In our case, that means the Varnish cache of the page's maps needs to be purged. Let's see how other API modules handle this case, and what the acceptable lag time is.

thiemowmde added a comment.Nov 8 2021, 5:47 PM

the browser will pull directly from mapdata on demand […]

Only when we merge T149855, as far as I understand. Which makes revid support a hard dependency for T149855.

thiemowmde mentioned this in T295130: Kartotherian should set cache control headers when group not found.Nov 8 2021, 5:53 PM
awight added a project: WMDE-TechWish-Sprint-2021-11-10.Nov 10 2021, 10:56 AM
thiemowmde moved this task from Sprint Backlog to Tech Review on the WMDE-TechWish-Sprint-2021-11-10 board.Nov 10 2021, 10:56 AM
awight set the point value for this task to 2.Nov 10 2021, 11:07 AM
awight moved this task from Tech Review to Done on the WMDE-TechWish-Sprint-2021-11-10 board.Nov 11 2021, 2:29 PM

To summarize,

  • When the API encounters an error, either make the response no-cache, or give a very short cache.
  • When mapdata is requested by title, respond with a medium-length cache expiry e.g. 15 minutes.
  • When mapdata is requested by revid, respond with a long cache expiry e.g. 24 hours.

We aren't sure what to do about revision deletion, we might need to do something to respect this and hide oversighted data as soon as possible (and purge the images as well). What is the standard here? This might also not be a problem, because the URLs to the bad data will be hidden once the revision is deleted.

awight mentioned this in T293905: Performance review of proposed Kartographer/Kartotherian revid support.Nov 26 2021, 1:28 PM
thiemowmde added a project: WMDE-TechWish-Maintenance.Jan 19 2022, 11:27 AM
thiemowmde added a project: MediaWiki-libs-BagOStuff.Jan 20 2022, 3:37 PM
Restricted Application added a project: Performance-Team. · View Herald TranscriptJan 20 2022, 3:37 PM
Krinkle subscribed.EditedJan 21 2022, 9:45 PM

@thiemowmde The MediaWiki-Cache tag currently tracks several MediaWiki components, the most prominent of which is wikimedia/objectcache. It is not a generic/yellow tag for anything caching related. If it should remain tagged, please clarify for which component this is a bug or feature request.

thiemowmde added a comment.Jan 22 2022, 5:15 PM

The main idea was to let the people that are watching the MediaWiki-libs-BagOStuff tag have a look if our conclusions from the discussion above make sense. Are there some known best practices when an API module should actively ask to be cached, as outlined above?

Please feel free to remove the tag if that's not how it's meant to be used.

Krinkle removed a project: MediaWiki-libs-BagOStuff.EditedJan 22 2022, 9:31 PM

MediaWiki-libs-BagOStuff has neither members nor watchers, which matches how I generally understand component tags to be used.

With regards to caching api.php responses, I recommend taking a look at ApiOpenSearch, which is probably Action API module with the highest (frontend) traffic and uses the correct cache control. I'm personally skeptical of going with maxage parameters and such as those require clients to opt-in, and tend to be difficult to keep track of over time to make sure the right values are passed, and to define or document somewhere what the preferred settings are etc. I'd consider it a secondary strategy to use if there are no other options. If possible, I'd have the API module set its own cache control settings correctly with the visibility and duration set and documented inline by its maintainers. This also makes it clear that the module isn't meant to vary by session and the implicit user's rights or language/skin preferences that would otherwise poison caches. This doesn't mean it can't be localised, just that any JS client has to set uselang explicitly if/where needed.

Krinkle added a parent task: T293905: Performance review of proposed Kartographer/Kartotherian revid support.Jan 24 2022, 7:47 PM
dpifke edited projects, added Performance-Team (Radar); removed Performance-Team.Jan 24 2022, 7:47 PM
dpifke moved this task from Limbo to Watching on the Performance-Team (Radar) board.
thiemowmde added a project: WMDE-TechWish-Sprint-2022-02-02.Feb 2 2022, 9:42 AM
thiemowmde added a parent task: T295604: Kartographer mapdata API should return an empty result when the `mpdgroups` parameter is not matched.Feb 2 2022, 9:46 AM
thiemowmde moved this task from Incoming to In progress on the WMDE-TechWish-Maintenance board.Feb 2 2022, 1:15 PM
thiemowmde removed thiemowmde as the assignee of this task.Feb 9 2022, 10:39 AM
WMDE-Fisch moved this task from Sprint Backlog to Demo on the WMDE-TechWish-Sprint-2022-02-02 board.Feb 9 2022, 1:29 PM
thiemowmde mentioned this in T301341: Set cache control for mapdata API with old revisions.Feb 9 2022, 1:33 PM
thiemowmde added a parent task: T301341: Set cache control for mapdata API with old revisions.
thiemowmde closed this task as Resolved.Feb 15 2022, 9:35 AM
thiemowmde claimed this task.
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL