This repository was archived by the owner on Sep 30, 2024. It is now read-only.
[fix] switch id column of user_repo_permissions table to bigint#52299
Merged
Conversation
This is to avoid overflow on the primary key, which defaults to a sequence value. We are using insert queries with ON CONFLICT DO SOMETHING. These types of queries first try to insert the row, hence they compute the next value in sequence. Even if we do not actually insert any rows because of conflict. With user_repo_permissions table this might become a problem, as can be seen in [#inc-209-fiverr-user-permission-sync-is-broken](https://sourcegraph.slack.com/archives/C058XNX78D8/p1684785371774189)
Contributor
|
Codenotify: Notifying subscribers in CODENOTIFY files for diff d08b09e...3c64607.
|
sashaostrikov
approved these changes
May 23, 2023
sashaostrikov
left a comment
Contributor
There was a problem hiding this comment.
Question: I think this migration will take a while to run on the client's databases, is this a concern or not?
Contributor
Author
@willdollman is running the migraiton on the scaletesting instance now. If it takes too long, I can try to avoid recalculating the IDs on the |
Contributor
Author
Here is a screenshot of run on the scaletesting instance, which has > 200k repos and > 40k users and more than 5M rows in the table I expect customer instances to be much smaller, so it should not be a huge concern, unless we have a specific timeout on SQL migrations. |
Contributor
|
The backport to To backport manually, run these commands in your terminal: # Fetch latest updates from GitHub
git fetch
# Create a new working tree
git worktree add .worktrees/backport-5.0 5.0
# Navigate to the new working tree
cd .worktrees/backport-5.0
# Create a new branch
git switch --create backport-52299-to-5.0
# Cherry-pick the merged commit of this pull request and resolve the conflicts
git cherry-pick -x --mainline 1 e423a65a82fd465fe8c069278ae06d53ca2c91f2
# Push it to GitHub
git push --set-upstream origin backport-52299-to-5.0
# Go back to the original working tree
cd ../..
# Delete the working tree
git worktree remove .worktrees/backport-5.0Then, create a pull request where the |
kopancek
added a commit
that referenced
this pull request
May 23, 2023
This fix is to avoid overflow on the primary key, which defaults to a sequence value of type `int`. We are using insert queries with ON CONFLICT DO SOMETHING. These types of queries first try to insert the row, hence they compute the next value in sequence. Even if we do not actually insert any rows because of conflict. With `user_repo_permissions` table this might become a problem, as can be seen in [#inc-209-fiverr-user-permission-sync-is-broken](https://sourcegraph.slack.com/archives/C058XNX78D8/p1684785371774189) In general, on each permission sync, we do an [`INSERT INTO user_repo_permissions VALUES ... ON CONFLICT DO UPDATE SET ...` ](https://sourcegraph.sourcegraph.com/github.com/sourcegraph/sourcegraph@main/-/blob/enterprise/internal/database/perms_store.go?L424). This call potentially inserts thousands of rows. But since most of the time it does not do anything, we needlessly increment the value of the sequence for the primary key. This sequence value needs to be calculated before the insert itself, which was not known to me before. In general it might take ~30-90 days to hit this limit. This time might be lower than that in case of huge instances. Depending on how often we write to the DB and how many rows we try to write on each permission sync. This also depends on how the permissions are setup on the customer side, e.g. how many repos a user can access on average. Example - if we attempt to write 1000 rows every second to the database, it results in `2147483647 / (1000 * 60 * 60 * 24) = 24.855` days. But in most cases we write less, so it will take more time. Switched to bigint for the primary key. My worst case calculation is, that we try to write 1 million rows to the DB every second, which in turn results in the following: `9223372036854775807 / (1000000 * 60 * 60 * 24 * 365) = 292471.2086` years. So we should never hit that limit again. We do not really care that the IDs are sparse, as we only use them to have a primary key on the table. Tested locally the SQL migration queries, going both up and down. Tested locally the changes in the DB store as well. DB store change is also covered by unit tests already. The part of the migration that resets the primary key on all rows has been tested with a customer instance during the incident. Even if we lose all the data in the `user_repo_permissions` table, it's not a complete tragedy since we automatically recover by filling the data periodically in again. (cherry picked from commit e423a65)
Merged
unknwon
pushed a commit
that referenced
this pull request
May 26, 2023
## Description backport #52299 to 5.0 I needed to change the parent of the migration in metadata.yaml and there was a bazel conflict. I did it manually, not sure if there's a better process for it... ## Test plan Tested locally that it still builds...
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
4 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
This fix is to avoid overflow on the primary key, which defaults to a sequence value of type
int. We are using insert queries with ON CONFLICT DO SOMETHING. These types of queries first try to insert the row, hence they compute the next value in sequence. Even if we do not actually insert any rows because of conflict.With
user_repo_permissionstable this might become a problem, as can be seen in #inc-209-fiverr-user-permission-sync-is-brokenThe problem
In general, on each permission sync, we do an
INSERT INTO user_repo_permissions VALUES ... ON CONFLICT DO UPDATE SET .... This call potentially inserts thousands of rows. But since most of the time it does not do anything, we needlessly increment the value of the sequence for the primary key. This sequence value needs to be calculated before the insert itself, which was not known to me before.In general it might take ~30-90 days to hit this limit. This time might be lower than that in case of huge instances.
Depending on how often we write to the DB and how many rows we try to write on each permission sync. This also depends on how the permissions are setup on the customer side, e.g. how many repos a user can access on average.
Example - if we attempt to write 1000 rows every second to the database, it results in
2147483647 / (1000 * 60 * 60 * 24) = 24.855days. But in most cases we write less, so it will take more time.The fix
Switched to bigint for the primary key. My worst case calculation is, that we try to write 1 million rows to the DB every second, which in turn results in the following:
9223372036854775807 / (1000000 * 60 * 60 * 24 * 365) = 292471.2086years. So we should never hit that limit again.We do not really care that the IDs are sparse, as we only use them to have a primary key on the table.
Test plan
Tested locally the SQL migration queries, going both up and down. Tested locally the changes in the DB store as well. DB store change is also covered by unit tests already. The part of the migration that resets the primary key on all rows has been tested with a customer instance during the incident.
Even if we lose all the data in the
user_repo_permissionstable, it's not a complete tragedy since we automatically recover by filling the data periodically in again.