someone managed to orphan their participant! #617
Comments
|
Another one: |
|
https://www.gittip.com/?limit=1000 woooooahhh. Is there potential to make this feature a drop down menu option as a sort of primitive search engine? |
|
@abnor Oooh! That's neat with the new design, good find. :) BTW, what's your Twitter? |
|
I do not have a Twitter... Should I? |
|
@abnor Yes. :) |
|
Okayyyy |
https://www.gittip.com/6a2ab9485317/ wtf? |
|
+1 from @mvdkleijn on Twitter. |
|
Solution seems simple to me... delete (on a regular basis) all profiles that don't have any accounts connected and don't have any bank or credit card account connected. Also: are we sure these are accidentally orphaned accounts or could these be some form of spam? Note: https://www.gittip.com/1a36b29a7161/ has a credit card connected... |
|
@mvdkleijn The db repair is straightforward, yes. The hard part is understanding how these happen in the first place and closing any loopholes. |
|
@whit537 I’ll see if I can run / think of some test scenarios to replicate the problem. If any orphaned accounts have funds escrowed with us we'll need to figure out what to do with that. |
|
Possibly related to how Twitter handles accounts (and deactivation)? See screenshot in #54 and the remark by @sprice at #54 (comment) |
|
The code in question is in https://github.com/gittip/www.gittip.com/blob/master/gittip/models/_mixin_elsewhere.py#L119. The orphaned participant is just renamed to a random username and kept in the participants table. Since I do not know the history of the code I don't know if it has ever worked differently. If this is the correct way to count orphaned participants select count(*) from participants where not exists (select * from elsewhere where elsewhere.participant=username);then we actually have 6182 of them (and not 559) out of almost 50k. The Steps to create orphaned participant:
@whit537 Why do we keep orphans around? Is there some danger in deleting the orphans that have corresponding entry in |
ghost
assigned
|
The query to show the unexplained orphans: select username, ctime, claimed_time, session_expires
from participants
where not exists (select * from elsewhere where elsewhere.participant=username)
and not exists (select * from absorptions where archived_as=username)
order by ctime desc; |
|
Dropping from Infrastructure per IRC. |
|
I decided to revisit this issue now when we fixed #1704. The accounts that were involved in manifestation of that bug are: I have run github searches for all of them but except the first one, none were involved in any bugs. I am closing this issue on the grounds that keeping orphans in the |
|
Oh well, that was too quick. There are still unexplained orphans from #617 (comment). Continuing in #1768. |
|
I have a new theory on where the unexplained orphans might be coming from. Recently we got a new orphan #1856. It has the same gittip/elsewhere/init.py#L97 Both places immediately attach When the site is under a stress (read slow) user might hit refresh in the take over page trying to get it working. It does not cancel the currently running request handling and starts another one with the same data. Both transaction can get to a point gittip/models/_mixin_elsewhere.py#L327 where they would be wrestling with trying to attach a single account elsewhere to two newly created participants, obviously only one of them winning. I'll try to prepare a simplified example to illustrate the situation and actually confirm if something like that is possible and if it gets fixed by using higher levels of transaction isolation. |
|
Why do we actually do gittip/models/_mixin_elsewhere.py#L327? Why don't we just dump the account elsewhere? We are not using it for anything (not attaching any information to it). If the proper '/on/...' url gets visited the elsewhere account gets recreated if missing anyway. @whit537 anything I am missing here? I love deleting code 😛 |
|
To recreate the problem by hand, follow the these steps:
Which is what is happening. If we were to upgrade the isolation level at least to 'repeatable read' we would not have this problem because the whole transaction would get snapshot of the db at the beginning of the transaction (update would find the row to update, which would conflict and raise error). To be able to upgrade the isolation level of the transactions we need to be able to deal with serialization errors. Also further (deeper) thought needs to go into API review - for example current take_over function if called after serialization failure would unexpectedly undo itself. TL DR;
|
|
Looking at papertrail what was happening at the time the orphan was created I have only one relevant line which seems to point to the |
|
!m @zwn
The one thing I can think of is that we keep the association with the old participant, so if needed we would be able to reconstruct that the old participant has this elsewhere attached to it. In the long run #1549 is the way to go. |
|
I ran the branch.sql to delete the users. I didn't append it to schema.sql because it changed data and not schema. Pruned in bd32cea. |
Check this out:
https://www.gittip.com/c9b2c1e22b5d/
I discovered this by expanding the leaderboard, like so:
https://www.gittip.com/?limit=20
Investigate!
The text was updated successfully, but these errors were encountered: