Phabricator: Unable to view tasks in DB read-only mode
Open, LowPublic
Actions

Description

During a network partition last week, Phabricator's DB proxy failed over to a read-only replica. Even though the database was available in read-only mode, Phab was unavailable even for read-only operations like viewing a task:

Unhandled Exception ("AphrontQuery Exception")
#1290: The MariaDB server is running with the --read-only option so it cannot execute this statement

After the proxy fails over, it has to be restored manually (this is by design, in order to prevent flapping) which means that Phabricator won't even partially self-heal from the network partition: it will be completely unavailable until fixed by human intervention. That in turn can make disaster recovery more difficult.

Better would be if read-only operations were possible in read-only mode.

(Previously: It looks like this was noticed and declined in the context of an eqiad-codfw switchover, T232883.)

After we have configured the database host to be m3-slave, configured the correct TCP port, had the DB grants fixed.. we noticed we can now talk to the DB on a "non-active host" but the Phabricator phd service still does not like to start when the DB is readonly.

We know this from:

sudo -u phd /srv/phab/phabricator/bin/phd start
Freeing active task leases...
[2022-11-17 19:20:29] EXCEPTION: (AphrontQueryException) #1290: The MariaDB server is running with the --read-only option so it cannot execute this statement at [<phabricator>/src/infrastructure/storage/connection/mysql/AphrontBaseMySQLDatabaseConnection.php:396]
arcanist(), ava(), phabricator(), translations(), wmf-ext-misc()
  #0 AphrontBaseMySQLDatabaseConnection::throwQueryCodeException(integer, string) called at [<phabricator>/src/infrastructure/storage/connection/mysql/AphrontBaseMySQLDatabaseConnection.php:321]
  #1 AphrontBaseMySQLDatabaseConnection::throwQueryException(mysqli) called at [<phabricator>/src/infrastructure/storage/connection/mysql/AphrontBaseMySQLDatabaseConnection.php:217]
  #2 AphrontBaseMySQLDatabaseConnection::executeQuery(PhutilQueryString) called at [<phabricator>/src/infrastructure/storage/xsprintf/queryfx.php:8]
  #3 queryfx(AphrontMySQLiDatabaseConnection, string, string) called at [<phabricator>/src/applications/daemon/management/PhabricatorDaemonManagementWorkflow.php:522]
  #4 PhabricatorDaemonManagementWorkflow::freeActiveLeases() called at [<phabricator>/src/applications/daemon/management/PhabricatorDaemonManagementWorkflow.php:306]
  #5 PhabricatorDaemonManagementWorkflow::executeStartCommand(array) called at [<phabricator>/src/applications/daemon/management/PhabricatorDaemonManagementStartWorkflow.php:37]
  #6 PhabricatorDaemonManagementStartWorkflow::execute(PhutilArgumentParser) called at [<arcanist>/src/parser/argument/PhutilArgumentParser.php:492]
  #7 PhutilArgumentParser::parseWorkflowsFull(array) called at [<arcanist>/src/parser/argument/PhutilArgumentParser.php:377]
  #8 PhutilArgumentParser::parseWorkflows(array) called at [<phabricator>/scripts/daemon/manage_daemons.php:24]

As pointed out by @brennen there are the following upstream tickets related to making Phabricator work in RO mode.

https://secure.phabricator.com/T4571

https://secure.phabricator.com/T10769

We would like to have this and have a working RO phab in the inactive data center.

Related Objects

Mentioned Here: T232883: Make PHD run on the backup phabricator server (phab2001, currently)

Event Timeline

RLazarus created this task.Jul 27 2022, 12:18 AM

Restricted Application added a subscriber: Aklapper. · View Herald TranscriptJul 27 2022, 12:18 AM

Aklapper renamed this task from Unable to view tasks in read-only mode to Unable to view tasks in DB read-only mode.Jul 27 2022, 9:26 AM

Dzahn renamed this task from Unable to view tasks in DB read-only mode to Phabricator: Unable to view tasks in DB read-only mode.Jul 29 2022, 5:59 PM

Dzahn triaged this task as High priority.

Dzahn added projects: serviceops-radar, Release-Engineering-Team (Radar).

It looks like this was noticed and declined in the context of an eqiad-codfw switchover, T232883

Note that the declining specifically was in terms of having the alternative phabricator app running, not in terms of the alternative database.

Last time I was told, however (please take this with a grain of salt, I am not Phab expert), that phabricator requires read-write even for basic read-only functionality, due to how it handles its session data, so I am not sure how to prevent this, other than either let it split-brain, or some kind of redundant consensus making automation layer. O moving session data outside of the db so it can read data from the db in some kind of "emergency" mode.

Phabricator has a read only config flag which can be set for expected read only. It is very poor at degrading naturally to read only in an emergency.

If someone wants me to do some testing on my phorge instance, I can do.

jbond edited projects, added collaboration-services; removed SRE.Nov 4 2022, 1:35 PM

LSobanski moved this task from Incoming to Backlog on the collaboration-services board.Nov 4 2022, 3:38 PM

To be investigated during the Phorge PoC.

LSobanski lowered the priority of this task from High to Low.Jan 17 2023, 4:19 PM

LSobanski updated the task description. (Show Details)Jan 17 2023, 4:39 PM

LSobanski merged a task: T323312: make Phabricator work with readonly DB.

LSobanski added a subscriber: brennen.

LSobanski added a subscriber: Dzahn.

Joe added a project: SRE-Sprint-Week-Sustainability-March2023.Mar 21 2023, 9:18 AM

Joe moved this task from Backlog to E_TOO_BIG_MAYBE_OKR? on the SRE-Sprint-Week-Sustainability-March2023 board.

In T313879#8531556, @LSobanski wrote:

To be investigated during the Phorge PoC.

Resetting status as we have a Phorge PoC nowadays

Phabricator: Unable to view tasks in DB read-only modeOpen, LowPublicActions

Description

Related Objects

Event Timeline

Phabricator: Unable to view tasks in DB read-only mode
Open, LowPublic
Actions