Log cross-DB modifications in production
Right now we have PreventCrossJoins
and PreventCrossDatabaseModification
. We don't plan on using these to raise exceptions in production but we may consider using these to log violations in production so that we can gain confidence that there are no such problems left in the code.
We will need to consider the performance implications of using this middleware in production as it adds SQL parsing to every DB query.
If the performance impact is signficant we could consider:
- Sampling: Only some percentage of DB queries (random so as to ensure we get a sample across everything) get parsed and validated
- Only during specific times: Only enable this for a fixed period of time. Possibly related to the validation phase of the rollout plan &6160 (closed)
Plan
Introduce a number of monitoring facilities as part of production executing sampling very small portion of requests to get a sense how many queries are misaligned:
-
PreventCrossDatabaseModification
as a way to observe transactions performing 2PC that needs to be broken down: !74177 (merged) -
GitlabSchemaMetrics
as a way to observe via Prometheus metrics all queries and schemas used by them vs database connection: !73839 (merged) -
Enable PreventCrossDatabaseModification
on production gitlab-com/gl-infra/production#5950 (closed) -
GitlabSchema
as a way to track failures of misaligned queries related to current phase. Since we configure what is expected today as part of configuration we can accurately track exceptions from codepaths not aligned with this- Moved to #347402 (closed)
Edited by Dylan Griffith