Explore read-only mode monkey-patch
I've discussed one idea with Stan during our 1-on-1:
- X hours before we mark every repository as read-only (the same flag we use for the hashed storage migration, not the archived one)
- This allow replication to catch-up and finish, and creates a very minimal disruption (you can still access everything, but can't change your code).
- We can then trigger verification recheck on anything that verification wasn't matching on the database before
- This will mean we will re-check anything that was not stale/unchanged since last verification
- After failover we remove the flag from any repository that verification is matching.
- If we want to do any recovery or investigate the ones not matching we still have then locked out and as last resort we rsync/scp them as "force download" will not work after the failover. Hopefully this will be very close to
0.
- If we want to do any recovery or investigate the ones not matching we still have then locked out and as last resort we rsync/scp them as "force download" will not work after the failover. Hopefully this will be very close to
The goal here is to identify the minimum amount of change we will need on the codebase (monkey-patch) and/or have the scripts ready to try at the Thursday rehearsal.
Just marking repositories as read-only will help with existing ones, but not with newly created, we will need to patch those, or maybe use a temporary database trigger for it.
I will investigate, simulate and document here before promoting it to our checklist
Edited by Toon Claes