Handle repository creations, deletions and renames atomically

Renaming, creating and deleting repositories is racy in Praefect. They can also partially fail in awkward ways due to Praefect first applying the operations on the disks of the Gitalys and later updating its metadata store. In order to make these operations atomic, there's been ongoing work in the background to make it possible to perform these in the database in a manner that races are not possible and partial failures do not end up conflicting with future operations.

Renames can be fixed by doing the rename atomically in the database without moving any repositories on the disks.

Deletes can be modeled as simply deleting the repository's database record.

Creates are atomic by creating the repository's database record as the last step in the process.

The last piece of the puzzle is to ensure repositories always land in different directories on the disk. This ensures that a partial failure doesn't block a future operation from succeeding. This commit implements that piece by deriving a unique path for each repository to store their replicas. Existing repositories stay where they are but newly created repositories will land in unique directories.

Create might succeed on a disk but fail to be persisted in the database. Prior to this change, attempting to recreate a repository might fail due to the stale state on the disk. With this in place, the next attempt at creating the repository would still succeed as the new attempt would land the repository in a different directory on the disk.

Deletes have the same problem prior to this commit. The repository's metadata may be successfully deleted but if we fail to delete the repository from the disk, future creations and renames may fail if they conflict with the stale state. As creates now always land in a different directory, the stale state no longer causes problems.

Renames will work purely in the database, so any stale state on the disk will not affect them.

Closes #3485 (closed)
Closes #4003 (closed)

changed milestone to %14.6

added Category:Gitaly devopscreate groupgitaly + 1 deleted label

assigned to @samihiltunen

added 1 commit

• 47b1dc25 - Fix backup test with relative path rewriting

Compare with previous version

added sectiondev label

added 2 commits

• 006c65dc - Fix backup test with relative path rewriting
• c9b4ea0d - fix remove-repository tests

Compare with previous version

added 5 commits

• 5cd8cc07 - datastore: Add RenameRepositoryInPlace
• ed1d47d7 - praefect: Intercept RenameRepository calls
• 0f036457 - praefect: Remove RenameRepository handling from Coordinator
• 92ccd5cd - Fix backup test with relative path rewriting
• 94e95949 - fix remove-repository tests

Compare with previous version

added 13 commits

• 94e95949...bc322083 - 6 commits from branch master
• 1b2c9c84 - praefect: Remove repo creation test using SQL elector
• 2cd17e90 - praefect: Derive replica path from repository ID
• f82bfcba - datastore: Add RenameRepositoryInPlace
• f1fb6eae - praefect: Intercept RenameRepository calls
• 93521f2e - praefect: Remove RenameRepository handling from Coordinator
• 56eea0b8 - Fix backup test with relative path rewriting
• 394f8584 - fix remove-repository tests

Compare with previous version

added 1 commit

• d083596c - fix remove-repository tests

Compare with previous version

added 5 commits

• b0ffde33 - fixup! Fix backup test with relative path rewriting
• 6a4ff4b7 - Disable praefet in backup restore tests
• f37677a4 - fixup! praefect: Derive replica path from repository ID
• 0a997c7a - Amend TestCreateRepositoryFailure test for relative path rewriting
• b3c07f81 - Disable Praefect in filesystem peeking tests

Compare with previous version

added 1 commit

• 20749b3d - Disable Praefect in filesystem peeking tests

Compare with previous version

mentioned in merge request !4140 (merged)

mentioned in issue #3940 (closed)

mentioned in merge request !4143 (merged)

added 156 commits

• 20749b3d...7034511c - 150 commits from branch master
• 6adbdcbe - praefect: Remove repo creation test using SQL elector
• 30e0213e - praefect: Derive replica path from repository ID
• 32cf5bbb - datastore: Add RenameRepositoryInPlace
• 214af761 - praefect: Intercept RenameRepository calls
• f2017a30 - praefect: Remove RenameRepository handling from Coordinator
• 0ff00070 - Use Prafect's RemoveRepository from remove-repository subcommand

Compare with previous version

added 7 commits

• 14090076 - Resolve replica path in TestRestoreSubcommand
• ea3b48ad - Remove repo creation test using SQL elector
• 3a1c0618 - Generate unique replica paths for repositories
• 775545d4 - Add RenameRepositoryInPlace to RepositoryStore
• 9bb9a0c8 - Intercept RenameRepository calls in Praefect
• c9b6db09 - Remove RenameRepository handling from Coordinator
• 0543a05d - Use Prafect's RemoveRepository from remove-repository subcommand

Compare with previous version

added 16 commits

• 0543a05d...9046f9ad - 9 commits from branch master
• 91eaddfa - Resolve replica path in TestRestoreSubcommand
• 130bc532 - Remove repo creation test using SQL elector
• e650faf0 - Generate unique replica paths for repositories
• 065464c9 - Add RenameRepositoryInPlace to RepositoryStore
• 09bf43a8 - Intercept RenameRepository calls in Praefect
• d9d27701 - Remove RenameRepository handling from Coordinator
• badaca4a - Use Prafect's RemoveRepository from remove-repository subcommand

Compare with previous version

added 1 commit

• 22db64f3 - Use Praefect's RemoveRepository from remove-repository subcommand

Compare with previous version

added 1 commit

• 21d107b7 - Use Praefect's RemoveRepository from remove-repository subcommand

Compare with previous version

changed title from Draft: Handle RenameRepository calls atomically to Draft: Handle repository creations, deletions and renames atomically