Page MenuHomePhabricator
Create Task
Maniphest T183245

Ensure replica DB in labs is read-only
Closed, DuplicatePublic
Actions

Description

wikiadmin@deployment-db03[deploymentwiki]> SELECT @@global.read_only;
+--------------------+
| @@global.read_only |
+--------------------+
|                  0 |
+--------------------+
1 row in set (0.00 sec)

wikiadmin@deployment-db04[deploymentwiki]> SELECT @@global.read_only;
+--------------------+
| @@global.read_only |
+--------------------+
|                  0 |
+--------------------+
1 row in set (0.00 sec)

deployment-db04 is the replica, with deployment-db03 as its master, but it's not read-only. Because of a bug in MediaWiki (see T183242: DB handles obtained with DB_REPLICA should not allow writes), writes were being done directly to the replica, which caused inconsistencies and broke replication.

It should not have been possible for this replica server to be writable. Out of paranoia, I checked in production, and none of the replica DBs in production are writable.

Details

Related Changes in Gerrit:
SubjectRepoBranchLines +/-
[MCR] Fix SqlBlobStore using DB_REPLICA for writesmediawiki/coremaster+1 -1
Customize query in gerrit

Related Objects

Event Timeline

Catrope created this task.Dec 19 2017, 2:00 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptDec 19 2017, 2:00 PM
Catrope mentioned this in T183242: DB handles obtained with DB_REPLICA should not allow writes.Dec 19 2017, 2:01 PM
Catrope mentioned this in T183252: Unbreak replication in beta cluster.Dec 19 2017, 2:14 PM
gerritbot subscribed.Dec 19 2017, 2:59 PM

Change 399188 had a related patch set uploaded (by Addshore; owner: Addshore):
[mediawiki/core@master] [MCR] Fix SqlBlobStore using DB_REPLICA for writes

https://gerrit.wikimedia.org/r/399188

gerritbot added a project: Patch-For-Review.Dec 19 2017, 2:59 PM
gerritbot added a comment.Dec 19 2017, 3:06 PM

Change 399188 merged by jenkins-bot:
[mediawiki/core@master] [MCR] Fix SqlBlobStore using DB_REPLICA for writes

https://gerrit.wikimedia.org/r/399188

Catrope added a comment.Dec 21 2017, 10:35 AM

I've manually set deployment-db04 to read-only, but there should be a structural solution in place to prevent this from happening again. We somehow do manage to do this in production: every single production replica server is read-only, and I'm pretty sure there are guarantees of some kind for that.

EddieGP mentioned this in T110115: Possible to run writes (e.g. UPDATE) on Beta Cluster replica.Apr 30 2018, 6:20 PM
EddieGP closed this task as a duplicate of T110115: Possible to run writes (e.g. UPDATE) on Beta Cluster replica.May 1 2018, 4:58 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits