Page MenuHomePhabricator
Create Task
Maniphest T103206

Spike: How to make our new limbo implementation high-availability?
Closed, ResolvedPublic2 Estimate Story Points
Actions

Description

Conclusions

The easiest solution from a development perspective would be to use Redis Cluster, which is available in Redis >= 3.0.0 and is recommended by the Redis authors as the best current practice. It transparently supports sharding, automatic failover, and node migration. Unfortunately, this has not yet landed in Ubuntu's stable distro, and I can't find any examples of successful production deployment, so it's out of the question for now.

Instead, we're going to do a manual sharding thing and simple master-slave replication. The topology will be like,

  • Payments 1001-1003: Each run a Redis master.
  • Payments 1004: Runs three Redis slaves, one for each master.

The following changes will need to be made to client code:

  • The DonationInterface frontends will read and write to Redis on localhost, each box maintaining its own limbo. If the completed transaction hook cannot find a limbo entry for the donation being processed, check whether the data is available on any of the three slaves. Failure to pop from the FIFO queue during transaction completion is fine, the orphan slayer is already robust against that.
  • The orphan slayer will pop from each master, going round-robin and taking one message from each queue.
  • The slayer should probably only use slaves for actual read operations (getting limbo data), and not substitute a slave read for a master pop (pull and dequeue most recent record) like we do from the frontend, otherwise we'll have to come up with a mechanism to prevent repeatedly chasing our tail.

Related Objects
Search...

StatusSubtypeAssignedTask
 DeclinedNoneT77909 [epic] Make WorldPay more robust
 ResolvedPcoombeT86086 Make DI forms visually match what's on donate wiki
 DeclinedNoneT85583 Fix WP mobile forms
 OpenNoneT1189 Polish : Credit card input form should reflect organization of credit card
 OpenNoneT86234 Do not log CC exp date
 ResolvedNoneT93293 Fundraise in Japan: July 1-29
 Declined atgoT93019 Make worldpay forms for Japan
 ResolvedNoneT93301 Fundraise in France: October 31 - November 28
 DeclinedNoneT89046 Make automated refunds possible in Worldpay
 DeclinedNoneT91694 Worldpay: donors on Firefox receiving weird SSL error
 OpenNoneT109064 Untranslated Credit Card fields (GlobalCollect iframes)
Restricted Task
Restricted Task
 OpenJgreenT77912 [epic] PCI gap analysis and Improvements
Restricted Task
 ResolvedawightT92922 Use the new queue wrapper for limbo, antimessage, and orphan slaying
 ResolvedawightT92918 Adapt the Memcache queue subclass
 ResolvedawightT99015 All code that writes to the limbo queue will start writing to both queues.
 ResolvedawightT99016 Check Memcache limbo contents for sanity
 ResolvedawightT99018 Stop writing to ActiveMQ once orphan slaying on Redis has been tested
ResolvedawightT99017 Orphan slayer reads from frack Redis rather than ActiveMQ
 ResolvedawightT99152 Provide access to limbo messages without knowing keys
 ResolvedawightT106906 Populate an hour of limbo queue in the new Redis store
 ResolvedawightT107848 Spike: Orphan logline conspicuously missing
 ResolvedawightT107852 Fix cheesiness: be more transactional when popping messages from the limbo queue
 InvalidawightT107958 Reduce cheesiness: Abort orphan slayer job when we hit a total elapsed time like 4 minutes
Restricted Task
 ResolvedawightT103206 Spike: How to make our new limbo implementation high-availability?
 DeclinedNoneT98802 Bug: WorldPay audit processing needs more error checking
Restricted Task
 DeclinedNoneT112665 Unbreak WMF-hosted Worldpay workflow
 DeclinedNoneT113787 WPUS: TransDetVer2 audit parsing is broken
 DeclinedNoneT113789 EXTERNAL Only block French cards on France form.

Event Timeline

awight created this task.Jun 20 2015, 12:41 AM
awight claimed this task.
awight raised the priority of this task from to High.
awight updated the task description. (Show Details)
awight added projects: Fundraising Sprint Lou Reed, Fundraising-Backlog-Old, Fundraising Sprint Miles Davis.
awight added a project: Unplanned-Sprint-Work.
awight set Security to None.
awight edited a custom field.
awight added subscribers: awight, Aklapper.
awight added a comment.Jun 20 2015, 1:11 AM

Doesn't seem that the phpredis extension supports clustering natively, looking at rediscluster now to decide whether we need the abstraction.

awight added a subscriber: Jgreen.Jun 20 2015, 1:11 AM
awight added a comment.Jun 20 2015, 1:32 AM

RedisCluster doesn't support transactions yet, either. I tried to pry around in the innards and could improve nothing but causing a stack trace.

@Jgreen, what do you think about a single master with slaves, or some clever load-balancing situation so our client only connects to a single server?

awight added a comment.Jun 20 2015, 1:34 AM

Note to self: Another way out out of this hole would be to rewrite the transactions as pipelines, and become robust to the predictable ways data will be corrupted.

awight moved this task from Backlog to PCI on the Fundraising-Backlog-Old board.Jun 23 2015, 1:04 AM
awight renamed this task from Find a PHP Redis client that supports CAS transactions against a cluster to Spike: How to make our new limbo implementation high-availability?.Jul 1 2015, 8:40 PM
awight updated the task description. (Show Details)
awight updated the task description. (Show Details)Jul 1 2015, 8:54 PM
awight updated the task description. (Show Details)Jul 1 2015, 9:00 PM
awight updated the task description. (Show Details)
awight moved this task from Doing to Done on the Fundraising Sprint N*E*R*D board.Jul 1 2015, 10:04 PM
awight closed this task as Resolved.Jul 3 2015, 6:02 PM
mmodell removed a subscriber: awight.Jun 22 2017, 9:38 PM
Content licensed under Creative Commons Attribution-ShareAlike 3.0 (CC-BY-SA) unless otherwise noted; code licensed under GNU General Public License (GPL) or other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL