Page MenuHomePhabricator
Create Task
Maniphest T395881

Set up x1 replication to Wiki Replicas
Open, Stalled, MediumPublic
Actions

Description

As discussed in T395072: Add "wikishared" database to wiki replicas. This is also a blocker for T387419: Create wiki replicas views for globaljsonlinks tables.

Two reasons why we want this (there may be more):

  1. DBAs would like to move some data to x1, but if they do Wiki Replicas will lose access to it (see comment from @Ladsgroup below)
  2. Wiki Replicas users expect that all data from production DBs is available in Wiki Replicas, unless there are privacy concerns.

@Ladsgroup wrote in T395072#10851754:

We definitely should do that which helps us DBAs argue for moving data out of core sections that are pressured for capacity to x1. For example, I want to move wbc_entity_usage tables out of core dbs but x1 not replicating to the cloud blocks the move.

And I emphaisze that I agree with Manuel, privacy subteam of security must sign off on which tables can be replicated and which can't (and what views are needed) before we can make any move

Related Objects
Search...

Event Timeline

fnegri created this task.Jun 3 2025, 9:21 AM
Restricted Application added a project: cloud-services-team. · View Herald TranscriptJun 3 2025, 9:21 AM
Restricted Application added a subscriber: Aklapper. · View Herald Transcript
fnegri mentioned this in T395072: Add "wikishared" database to wiki replicas.Jun 3 2025, 9:21 AM
fnegri added a parent task: T395072: Add "wikishared" database to wiki replicas.
fnegri added a parent task: T387419: Create wiki replicas views for globaljsonlinks tables.
fnegri mentioned this in T387419: Create wiki replicas views for globaljsonlinks tables.
Marostegui added a comment.Jun 3 2025, 9:50 AM

This definitely needs a review from security before we can proceed.
This will also likely need specific triggers/views.

But first, we need to get an indication on:

  • tables that can be replicated entirely as they are
  • tables tha cannot be replicated at all
  • tables that need some redactions
  • tables that require some specific views
fnegri added a comment.Jun 3 2025, 9:55 AM

we need to get an indication on

Who is best placed to provide the answers here? I'm looping in Data-Engineering as well.

Ladsgroup added a comment.Jun 3 2025, 9:58 AM
In T395881#10878832, @fnegri wrote:

we need to get an indication on

Who is best placed to provide the answers here? I'm looping in Data-Engineering as well.

Privacy subteam of security.

Novem_Linguae subscribed.Jun 3 2025, 3:09 PM
Gehel added a project: Data-Engineering.Jun 4 2025, 7:08 AM
taavi moved this task from Backlog to Wiki replicas on the Data-Services board.Jun 4 2025, 10:20 AM
VirginiaPoundstone subscribed.Jun 4 2025, 4:08 PM

@fnegri can you remind me what initiative this supports? Better yet add the context to the description. If there are relevant deadlines or plans, please include those as well. Thank you!

VirginiaPoundstone moved this task from Incoming (new tickets) to Needs Clarification on the Data-Engineering board.Jun 4 2025, 4:11 PM
fnegri updated the task description. (Show Details)Jun 5 2025, 11:28 AM
fnegri updated the task description. (Show Details)
fnegri added a comment.Jun 5 2025, 11:33 AM

@VirginiaPoundstone I updated the task description with more context. I will also ask in the user-created parent tasks if they have specific use cases why they would like to have this section, or if it's just for the sake of completeness.

fnegri moved this task from Inbox to Watching on the cloud-services-team board.Jun 11 2025, 2:13 PM
fnegri added a comment.Jun 25 2025, 8:47 AM

A use case for having x1 in Wiki Replicas was discussed in T387419: Create wiki replicas views for globaljsonlinks tables: being able to "generate statistics and usage information about charts". The tables used by the Chart extension are in the x1 section.

fnegri added a subscriber: GGoncalves-WMF.Jun 25 2025, 2:19 PM
fnegri mentioned this in T401295: Decide how to use the new clouddb hosts (clouddb102[2-5]).Aug 6 2025, 9:02 AM
Ottomata added a project: Data-Platform-SRE.Oct 8 2025, 5:27 PM
Ottomata moved this task from Needs Clarification to Tag with Radar on the Data-Engineering board.
Ottomata subscribed.

Tagging Data-Platform-SRE to get their input.

BTullis mentioned this in T407485: Set up x1 replication to an-redacteddb1001.Oct 16 2025, 11:38 AM
BTullis mentioned this in T407486: Set up x1 replication to an-redacteddb1001.
BTullis subscribed.Oct 16 2025, 11:50 AM

I created T407485 to track the work required to add this section to an-redacteddb1001 and set up the initial replication.

I'm conscious that @Marostegui has said this, back in June.

In T395881#10878825, @Marostegui wrote:

This definitely needs a review from security before we can proceed.
This will also likely need specific triggers/views.

But first, we need to get an indication on:

  • tables that can be replicated entirely as they are
  • tables that cannot be replicated at all
  • tables that need some redactions
  • tables that require some specific views

When you say:

tables that cannot be replicated at all

...do you mean that certain table might be entirely filtered out of the MariaDB replication so that it never leaves the upstream x1 replica?
Or do you just mean that there is no view of these tables defined at all?

Is it safe for me to start defining a puppet resource for this x1 section on an-redacteddb1001 now, or do we still need to wait for a privacy/security review before taking any action?

Ladsgroup added a comment.Oct 16 2025, 12:06 PM

It's worth noting that because of the table catalog (T363581), now all tables that should be fully filtered or are fully public can be easily determined and already will be filtered when someone sets up the replication (We did catalog x1 tables too: T399302). That leaves only updating maintain-views for partially public tables.

Marostegui added a comment.Oct 17 2025, 5:51 AM
In T395881#11280914, @BTullis wrote:

I created T407485 to track the work required to add this section to an-redacteddb1001 and set up the initial replication.

I'm conscious that @Marostegui has said this, back in June.

In T395881#10878825, @Marostegui wrote:

This definitely needs a review from security before we can proceed.
This will also likely need specific triggers/views.

But first, we need to get an indication on:

  • tables that can be replicated entirely as they are
  • tables that cannot be replicated at all
  • tables that need some redactions
  • tables that require some specific views

When you say:

tables that cannot be replicated at all

...do you mean that certain table might be entirely filtered out of the MariaDB replication so that it never leaves the upstream x1 replica?

Correct

Or do you just mean that there is no view of these tables defined at all?

We've had both cases, tables that we may be okay at some point and tables that we are 100% sure will never be allowed to have views on and hence we even exclude them in the replication thread.

Is it safe for me to start defining a puppet resource for this x1 section on an-redacteddb1001 now, or do we still need to wait for a privacy/security review before taking any action?

I think we can start puppetizing this, but we definitely need a security review before proceeding with any data movement.

Gehel triaged this task as Medium priority.Oct 21 2025, 1:05 PM
Gehel edited projects, added Essential-Work, Data-Platform-SRE (2025.10.17 - 2025.11.07); removed Data-Platform-SRE.
Gehel moved this task from Backlog - project to Backlog - operations on the Data-Platform-SRE (2025.10.17 - 2025.11.07) board.
fnegri added a subtask: T408692: Set up replication on new hosts clouddb102[2-5].Oct 29 2025, 3:15 PM
Gehel edited projects, added Data-Platform-SRE (2025.11.07 - 2025.11.28); removed Data-Platform-SRE (2025.10.17 - 2025.11.07).Nov 7 2025, 1:32 PM
Gehel moved this task from Backlog - project to Backlog - operations on the Data-Platform-SRE (2025.11.07 - 2025.11.28) board.
taavi added a subtask: T409560: Add support for x1 and x4 sections on wiki replicas on the load balancer layer.Nov 7 2025, 3:20 PM
Gehel edited projects, added Data-Platform-SRE (2026.01.05 - 2026.01.23); removed Data-Platform-SRE (2025.11.07 - 2025.11.28).Jan 8 2026, 1:15 PM
Gehel moved this task from Backlog - project to Backlog - operations on the Data-Platform-SRE (2026.01.05 - 2026.01.23) board.
Rsilvola moved this task from Incoming to Watching on the Privacy Engineering board.Jan 20 2026, 3:34 PM
Ladsgroup changed the task status from Open to Stalled.Jan 21 2026, 7:17 PM
Ladsgroup created subtask T415219: Privacy review of x1 tables in preparation of adding them to wikireplicas.

Blocked on T415219: Privacy review of x1 tables in preparation of adding them to wikireplicas

Gehel edited projects, added Data-Platform-SRE (2026.01.23 - 2026.02.13); removed Data-Platform-SRE (2026.01.05 - 2026.01.23).Jan 23 2026, 10:04 AM
Gehel moved this task from Backlog - project to Backlog - operations on the Data-Platform-SRE (2026.01.23 - 2026.02.13) board.
sbassett changed the status of subtask T415219: Privacy review of x1 tables in preparation of adding them to wikireplicas from Open to In Progress.Jan 26 2026, 5:31 PM
taavi changed the status of subtask T409560: Add support for x1 and x4 sections on wiki replicas on the load balancer layer from Open to Stalled.Feb 5 2026, 12:00 PM
Gehel moved this task from Backlog - operations to Blocked/Waiting on the Data-Platform-SRE (2026.01.23 - 2026.02.13) board.Feb 10 2026, 2:18 PM
Gehel edited projects, added Data-Platform-SRE (2026-02-13 - 2026-03-06); removed Data-Platform-SRE (2026.01.23 - 2026.02.13).Feb 16 2026, 3:30 PM
Gehel moved this task from Backlog - project to Blocked/Waiting on the Data-Platform-SRE (2026-02-13 - 2026-03-06) board.
BTullis changed the status of subtask T407485: Set up x1 replication to an-redacteddb1001 from Open to Stalled.Mar 3 2026, 12:06 PM
Gehel edited projects, added Data-Platform-SRE (2026-03-06 - 2026-03-27); removed Data-Platform-SRE (2026-02-13 - 2026-03-06).Mar 6 2026, 2:01 PM
Gehel moved this task from Backlog - project to Blocked/Waiting on the Data-Platform-SRE (2026-03-06 - 2026-03-27) board.
Gehel edited projects, added Data-Platform-SRE (2026-03-27 - 2026-04-17); removed Data-Platform-SRE (2026-03-06 - 2026-03-27).Fri, Mar 27, 9:52 AM
Gehel moved this task from Backlog - project to Blocked/Waiting on the Data-Platform-SRE (2026-03-27 - 2026-04-17) board.
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits