Page MenuHomePhabricator
Create Task
Maniphest T139970

Centralauth last deployment creating database contention on CentralAuthUser::saveSettings (Lock wait timeout exceeded; try restarting transaction)
Closed, ResolvedPublicPRODUCTION ERROR
Actions

Description

As I commented here initially: T119736#2445587

Since 2016-07-05 at 23h UTC (probably, a software deploy) there is high rate of Lock wait timeout exceeded; try restarting transaction (10.64.16.30). This host is centralauth master and the queries are CentralAuthUser::saveSettings:

https://logstash.wikimedia.org/#dashboard/temp/AVXVMNhAw3dCNxx2bE7U

Details

ProjectBranchLines +/-Subject
mediawiki/extensions/CentralAuthmaster+7 -1Set gu_auth_token when adding new users
Customize query in gerrit

Related Objects

Event Timeline

jcrespo created this task.Jul 11 2016, 5:19 PM
Restricted Application added subscribers: Zppix, Aklapper. · View Herald TranscriptJul 11 2016, 5:19 PM
jcrespo added a comment.Jul 13 2016, 5:59 PM

These continue being the 50% of the database errors currently (when zhwiki users go to sleep T140108).

jcrespo added subscribers: Anomie, Tgr.Jul 14 2016, 7:59 AM

<_joe_> jynus: I guess you should notify that to @Tgr and @Anomie at least

Anomie added a comment.Jul 14 2016, 1:57 PM

It looks like the majority of the logged URLs seem to be from #Echo, along the lines of /w/api.php?centralauthtoken=[varies]&format=json&notwikis=enwiki&action=query&meta=notifications&notprop=count%7Clist&notgroupbysection=1&notunreadfirst=1. Very likely the reason this started is their "fire off a lot of parallel API requests on $user->saveSettings()" that they turned on recently that has caused several other bugs.

But there's no reason that these requests should be having to save the CentralAuthUser. I suspect the reason it's happening is because CentralAuthUser doesn't set gu_auth_token on newly-added users, so the next request for the user is having to update the database to save it. So let's try fixing that first.

gerritbot added a subscriber: gerritbot.Jul 14 2016, 1:57 PM

Change 298963 had a related patch set uploaded (by Anomie):
Set gu_auth_token when adding new users

https://gerrit.wikimedia.org/r/298963

gerritbot added a project: Patch-For-Review.Jul 14 2016, 1:57 PM
jcrespo mentioned this in T121161: CentralAuthCreateLocalAccountJob failing on meta due to Echo deadlocks.Jul 14 2016, 2:01 PM
Mattflaschen-WMF added a project: Notifications.Jul 14 2016, 6:36 PM
gerritbot added a comment.Jul 14 2016, 8:52 PM

Change 298963 merged by jenkins-bot:
Set gu_auth_token when adding new users

https://gerrit.wikimedia.org/r/298963

ReleaseTaggerBot added a project: MW-1.28-release (WMF-deploy-2016-07-19_(1.28.0-wmf.11)).Jul 14 2016, 9:00 PM
elukey added a subscriber: elukey.Jul 15 2016, 2:13 PM

Tons of 503s today for (what appears to be) the same issue:

https://logstash.wikimedia.org/#/dashboard/temp/AVXu3JKcT4MudYQNSuOT (credits to Jaime)

Outage last from ~13:24 to ~13:33 UTC

Anomie mentioned this in T130384: CentralAuth doesn't check if given valid but unusable name.Jul 15 2016, 3:22 PM
Anomie mentioned this in T140478: Populate gu_auth_token for existing users.Jul 15 2016, 3:56 PM
jcrespo closed this task as Resolved.Jul 20 2016, 3:36 PM
jcrespo claimed this task.

According to kibana, I do not see this error anymore, having disappeared at 2016-07-19 15:00 UTC:

https://logstash.wikimedia.org/goto/52ba432ceedd3803801fde6807e16737

I suppose some kind of deployment happened at that time, so this is resolved for me.

Anomie added a comment.Jul 20 2016, 3:45 PM

Probably https://gerrit.wikimedia.org/r/#/c/299704/, which turns off the problematic Echo feature now that the transition is completed.

Catrope added a subscriber: Catrope.Jul 20 2016, 4:09 PM

Is T140692: "CAS update failed on gu_cas_token" thrown by CentralAuth autocreation jobs related / a duplicate?

Anomie added a comment.Jul 20 2016, 4:14 PM

Seems very similar, but not exactly a duplicate. This one would happen when the lock is held so long that other connections time out, while that would happen when the lock isn't held long enough to time out.

The reduced contention now that Echo isn't making lots of simultaneous requests should have reduced the incidence of that one too, and the patch to void having CentralAuthUser->getAuthToken() need to call CentralAuthUser->resetAuthToken() in the first place will benefit that too.

MarcoAurelio moved this task from Incoming to Done on the MediaWiki-extensions-CentralAuth board.Dec 15 2016, 4:10 PM
Restricted Application added a project: Collaboration-Team-Triage. · View Herald TranscriptDec 15 2016, 4:10 PM
mmodell changed the subtype of this task from "Task" to "Production Error".Aug 28 2019, 11:11 PM
Aklapper removed a subscriber: Anomie.Oct 16 2020, 5:39 PM
Content licensed under Creative Commons Attribution-ShareAlike 3.0 (CC-BY-SA) unless otherwise noted; code licensed under GNU General Public License (GPL) or other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL