Before this PR:
PingableLeader and BatchPingableLeader are mounted as Jersey resources only in TimeLockAgent.
After this PR:
PingableLeader and BatchPingableLeader can be mounted as Jersey resources only or Jersey and Undertow resources in TimeLockAgent.
==COMMIT_MSG==
==COMMIT_MSG==
Priority:
P2
Concerns / possible downsides (what feedback would you like?):
I have checked the APIs return the same output for a selection of path params / arguments on IL. I am blocking the PR on a smoke test in our internal testing environment.
PaxosResourcesFactory/TimeLockAgent interaction will need to be refactored. Currently, we mount things both on Jersey and Undertow (both in test setups and prod setups). We should move towards separating the two and conditionally mount the resource (if an undertow registrar is present, do not mount jersey components). This is a FLUP for when we migrate all resources.
Is documentation needed?:
No
Compatibility
Does this PR create any API breaks (e.g. at the Java or HTTP layers) - if so, do we have compatibility?:
No
Does this PR change the persisted format of any data - if so, do we have forward and backward compatibility?:
Yes
The code in this PR may be part of a blue-green deploy. Can upgrades from previous versions safely coexist? (Consider restarts of blue or green nodes.):
Yes
Does this PR rely on statements being true about other products at a deployment - if so, do we have correct product dependencies on these products (or other ways of verifying that these statements are true)?:
No
Does this PR need a schema migration?
No
Testing and Correctness
What, if any, assumptions are made about the current state of the world? If they change over time, how will we find out?:
N/A
What was existing testing like? What have you done to improve it?:
Server testing uses Dropwizard, this is a larger effort which we should do once we fully move to Undertow.
If this PR contains complex concurrent or asynchronous code, is it correct? The onus is on the PR writer to demonstrate this.:
N/A
If this PR involves acquiring locks or other shared resources, how do we ensure that these are always released?:
N/A
Execution
How would I tell this PR works in production? (Metrics, logs, etc.):
TimeLock wrapper is live, goes through leader elections and does not emit 500s.
Has the safety of all log arguments been decided correctly?:
N/A
Will this change significantly affect our spending on metrics or logs?:
No
How would I tell that this PR does not work in production? (monitors, etc.):
TimeLock wrapper emits 500s, is not able to go through leader election successfully, sees bad performance.
If this PR does not work as expected, how do I fix that state? Would rollback be straightforward?:
Recall and rollback
If the above plan is more complex than “recall and rollback”, please tag the support PoC here (if it is the end of the week, tag both the current and next PoC):
Scale
Would this PR be expected to pose a risk at scale? Think of the shopping product at our largest stack.:
No, it might even be beneficial for perf
Would this PR be expected to perform a large number of database calls, and/or expensive database calls (e.g., row range scans, concurrent CAS)?:
No
Would this PR ever, with time and scale, become the wrong thing to do - and if so, how would we know that we need to do something differently?:
No
Development Process
Where should we start reviewing?:
PaxosResourcesFactory.java
If this PR is in excess of 500 lines excluding versions lock-files, why does it not make sense to split it?:
Please tag any other people who should be aware of this PR:
@jeremyk-91
@sverma30
@raiju
General
Before this PR: PingableLeader and BatchPingableLeader are mounted as Jersey resources only in TimeLockAgent. After this PR: PingableLeader and BatchPingableLeader can be mounted as Jersey resources only or Jersey and Undertow resources in TimeLockAgent. ==COMMIT_MSG== ==COMMIT_MSG==
Priority: P2 Concerns / possible downsides (what feedback would you like?): I have checked the APIs return the same output for a selection of path params / arguments on IL. I am blocking the PR on a smoke test in our internal testing environment.
PaxosResourcesFactory/TimeLockAgent interaction will need to be refactored. Currently, we mount things both on Jersey and Undertow (both in test setups and prod setups). We should move towards separating the two and conditionally mount the resource (if an undertow registrar is present, do not mount jersey components). This is a FLUP for when we migrate all resources. Is documentation needed?: No
Compatibility
Does this PR create any API breaks (e.g. at the Java or HTTP layers) - if so, do we have compatibility?: No Does this PR change the persisted format of any data - if so, do we have forward and backward compatibility?: Yes The code in this PR may be part of a blue-green deploy. Can upgrades from previous versions safely coexist? (Consider restarts of blue or green nodes.): Yes Does this PR rely on statements being true about other products at a deployment - if so, do we have correct product dependencies on these products (or other ways of verifying that these statements are true)?: No Does this PR need a schema migration? No
Testing and Correctness
What, if any, assumptions are made about the current state of the world? If they change over time, how will we find out?: N/A What was existing testing like? What have you done to improve it?: Server testing uses Dropwizard, this is a larger effort which we should do once we fully move to Undertow. If this PR contains complex concurrent or asynchronous code, is it correct? The onus is on the PR writer to demonstrate this.: N/A If this PR involves acquiring locks or other shared resources, how do we ensure that these are always released?: N/A
Execution
How would I tell this PR works in production? (Metrics, logs, etc.): TimeLock wrapper is live, goes through leader elections and does not emit 500s. Has the safety of all log arguments been decided correctly?: N/A Will this change significantly affect our spending on metrics or logs?: No How would I tell that this PR does not work in production? (monitors, etc.): TimeLock wrapper emits 500s, is not able to go through leader election successfully, sees bad performance. If this PR does not work as expected, how do I fix that state? Would rollback be straightforward?: Recall and rollback If the above plan is more complex than “recall and rollback”, please tag the support PoC here (if it is the end of the week, tag both the current and next PoC):
Scale
Would this PR be expected to pose a risk at scale? Think of the shopping product at our largest stack.: No, it might even be beneficial for perf Would this PR be expected to perform a large number of database calls, and/or expensive database calls (e.g., row range scans, concurrent CAS)?: No Would this PR ever, with time and scale, become the wrong thing to do - and if so, how would we know that we need to do something differently?: No
Development Process
Where should we start reviewing?: PaxosResourcesFactory.java If this PR is in excess of 500 lines excluding versions lock-files, why does it not make sense to split it?:
Please tag any other people who should be aware of this PR: @jeremyk-91 @sverma30 @raiju