wiki:proposals/readonly

GeoNetwork on a read-only database

Date 2013-01-22
Contact(s) Heikki Doeleman
Status Done
Assigned to release 2.9.x
Resources Available (funding EEA)
Ticket # #1216
Github dev branch https://github.com/heikkidoeleman/core-geonetwork/tree/eeareadonly

Overview

This proposal aims to improve GeoNetwork's behaviour when it is running on a read-only database. A use case for this is that some users wish to set up their DBMS in a master/slave cluster, where the slave is read-only. When the master fails, the slave is automatically activated but is not automatically no longer read-only.

Without the changes in this proposal GeoNetwork, in such a scenario, would keep trying to write to the database, both behind the screens (e.g. periodic harvesters) or in response to user interaction (e.g. view a metadata, its popularity is increased). This leads to exceptions that slow the system down and further deteriorate the user experience by returning error responses.

Proposal Type

  • Type: Back-end change, GUI change
  • App: GeoNetwork
  • Module: main, web-client
  • Documents:

Voting History

  • Vote proposed on 31-01-2013.
  • +1 (1): Emanuele Tajariol, François Prunayre. Proposal accepted.
  • 0 (0)
  • -1 (0)

Motivations

Proposal

read-write services

A new abstract class NotInReadOnlyModeService is introduced, which will be the base class of all services that do CUD (create, update, delete) operations on the DB. This class implements Jeeves' Service as do all services. Its exec() method checks whether GeoNetwork is running in read-only mode and if so, it does nothing. If not, it delegates to serviceSpecificExec(), where the affected services should put their normal (non-read-only) execution code.

harvesters

When HarvesterManager is initialized, it takes GN's read-only mode status from the GeonetContext. If it is in read-only mode, harvester operations run (periodic) and invoke (user-instigated) do nothing.

determining read-only status

The read-only status of GeoNetwork is determined by a periodic 'DB heartbeat' that attempts to write (and delete) a value in the database. If the situation changes (i.e. GN is not read-only but fails to write, or GN is read-only but succeeds writing) the read-only status of GN is dynamically adapted. The heartbeat's initial and fixed delay in seconds can be set in config.xml and have default values 5 and 60. The heartbeat is disabled by default and can be enabled in config.xml by setting parameter DBHeartBeatEnabled to true.

other changes

There are cases where the DB-writing part of a service is that small that it is better to restrict these writes at a level below the service, to still allow the service to run also in read-only mode. An example is metadata view: this service write to the DB updating the metadata's popularity. Even so it is not made a NotInReadOnlyModeService, so also in read-only mode you can still use this service; instead the db-writing part is made conditional on readonly state at a level below the service. (of course this may be seen as a design flaw in the service behaviour and you could argue that there should exist a separate service to update the popularity -- but refactoring is outside the scope of this proposal).

Capabilities

When GeoNetwork is in read-only mode, the CSW Publication operations (Transaction and Harvest) are not returned in response to a CSW GetCapabilities request.

GUI

It is recommended that the GN GUI does not display any link to a service that is culled in a read-only situation. This proposal includes doing that in the Classic and Ext GUIs. An example of what the admin page looks like when GN is in readonly mode is this:

administration page in read-only mode

Testing

In config.xml, set the maxIdle connection parameter to 0 to force the pool to request new connection:

   <minIdle>0</minIdle>
   <maxIdle>0</maxIdle>

Change the DB read/write mode using:

-- For postgres
ALTER DATABASE eea_catalogue SET default_transaction_read_only = true;

The DBHeartBeat status will change in the log:

2013-01-25 18:10:21,122 WARN  [jeeves.apphand] - DBHeartBeat SQLException: ERROR: cannot execute INSERT in a read-only transaction
2013-01-25 18:10:21,123 INFO  [jeeves.apphand] - GeoNetwork remains in read-only mode
2013-01-25 18:10:41,123 INFO  [jeeves.apphand] - DBHeartBeat: GN is read-only ? true
2013-01-25 18:10:41,141 WARN  [jeeves.apphand] - GeoNetwork can write to the database, switching to read-write mode

Backwards Compatibility Issues

None.

New libraries added

None.

Risks

Everything involves some element of risk....

Participants

  • Heikki Doeleman
  • François Prunayre
Last modified 12 years ago Last modified on 03/20/13 07:41:32

Attachments (1)

Download all attachments as: .zip

Note: See TracWiki for help on using the wiki.