-
Notifications
You must be signed in to change notification settings - Fork 21.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Disable automatic write protection on replicas #42450
Disable automatic write protection on replicas #42450
Conversation
I am in favor of this. Is there any other reason for rails to know if the db is a replica? If not, I imagine you can remove a fair bit more code. |
Yes, we need to know a configuration is a replica so that we don't run rake tasks against it. I don't think offhand there is any other code to remove since we're not dropping replica support, just dropping the automatic prevent_writes from it.
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks Adam! This also needs a changelog entry.
42cfc1f
to
eca7582
Compare
activerecord/CHANGELOG.md
Outdated
* Disable automatic write protection on replicas | ||
|
||
Write protection no longer automatically enable for replicas. | ||
Now each application controls when to enable automatic write protection. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Do you think it's worth mentioning this on https://edgeguides.rubyonrails.org/active_record_multiple_databases.html too?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I am reading now, if it was mentioned before we should probably remove it, but I don't know how/if we should mention rails not doing something you maybe didn't know it did at all before.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I had a quick read through and couldn't find any mention of this behaviour. I think AR.while_preventing_writes
could be mentioned but it's not really in the scope of this PR.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I can't find a spot that seems like it needs updating, but it is totally possible I am missing it. Let me know if I missed anything @ghiculescu 🙂
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I would add onto the guides and explain that if you want replicas to act like replicas they need to be configured with readonly users
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
^ that is alluded to, kind of
@HParker I'll make a separate PR, because I don't think I'm making much sense here.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Under the setup section we have:
Second, the username for the writers and replicas should be different, and the replica user's permissions should be set to only read and not write.
When using a replica database, you need to add a replica: true entry to the replica in the database.yml. This is because Rails otherwise has no way of knowing which one is a replica and which one is the writer.
https://edgeguides.rubyonrails.org/active_record_multiple_databases.html#setting-up-your-application
Should I expand on that?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Just noticed this line: https://github.com/rails/rails/blob/eca7582718225ef40a7618293a13924561194aae/activerecord/lib/active_record/connection_handling.rb#L355. Should it also be removed? It gets called by |
Thanks @ghiculescu that line in connection_handling turned up a lot of places I missed ❤️ |
bf9000d
to
8d7d4d9
Compare
activerecord/test/cases/connection_adapters/legacy_connection_handlers_multi_db_test.rb
Outdated
Show resolved
Hide resolved
16034e2
to
5d47eb3
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think the CHANGELOG can be clearer - but once that's fixed and the conflicts are resolved this looks good to me 👍🏼
activerecord/CHANGELOG.md
Outdated
@@ -1,3 +1,10 @@ | |||
* Disable automatic write protection on replicas |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
* Disable automatic write protection on replicas | |
* Disable automatic write protection on replicas. |
activerecord/CHANGELOG.md
Outdated
@@ -1,3 +1,10 @@ | |||
* Disable automatic write protection on replicas | |||
|
|||
Write protection no longer automatically enable for replicas. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Write protection no longer automatically enable for replicas. | |
Write protection is no longer automatically enabled for replicas. Write protection should be enabled by the database user settings. |
activerecord/CHANGELOG.md
Outdated
* Disable automatic write protection on replicas | ||
|
||
Write protection no longer automatically enable for replicas. | ||
Now each application controls when to enable automatic write protection. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Now each application controls when to enable automatic write protection. |
This allows users to use write protection if they want, but no longer treats it as a catch all. Write protection is not accurate enough to classify all cases correctly. Instead users should configure their replicas to not allow writes and rely on the database erroring if the query is not allowed. Co-authored-by: Alex Ghiculescu <alexghiculescu@gmail.com>
5d47eb3
to
951deec
Compare
Thanks @eileencodes! updated |
@@ -1,3 +1,9 @@ | |||
* Disable automatic write protection on replicas. | |||
|
|||
Write protection is no longer automatically enabled for replicas. Write protection should be enabled by the database user settings. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can we expand with an example what "Write protection should be enabled by the database user settings." means?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Good idea @rafaelfranca, I put together #42529
I am not sure how much detail to add since it is not only database specific, but also configuration specific. Depending on how your primary and replica are setup you might want a totally different configuration. Ideally you would setup a local database user to be very similar to how your production users are setup.
This allows users to use write protection if they want, but no longer treats it as a catch all. Write protection is not accurate enough to classify all cases correctly. Instead users should configure their replicas to not allow writes and rely on the database erroring if the query is not allowed.
Alternative solution for: #42432
Fixes: #42432