WFE: Add new key-value ratelimits implementation #7089
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
@beautifulentropy, this PR appears to contain configuration changes. Please ensure that a corresponding deployment ticket has been filed with the new configuration values. |
18 tasks
beautifulentropy
force-pushed
the
ratelimits-add-to-wfe
branch
from
79f905d
to
05ffd61
Compare
pgporada
reviewed
Sep 19, 2023
I didn't actually write that comment. It shows green because I removed the content in that comment which came directly after it and was no longer applicable due to a change I made inside the function. |
beautifulentropy
force-pushed
the
ratelimits-add-to-wfe
branch
3 times, most recently
from
39fbdf5
to
e546830
Compare
beautifulentropy
force-pushed
the
ratelimits-add-to-wfe
branch
from
e546830
to
f2e93de
Compare
pgporada
reviewed
Oct 2, 2023
pgporada
previously approved these changes
Oct 2, 2023
aarongable
reviewed
Oct 3, 2023
pgporada
approved these changes
Oct 3, 2023
aarongable
approved these changes
Oct 4, 2023
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Integrate the key-value rate limits from #6947 into the WFE. Rate limits are backed by the Redis source added in #7016, and use the SRV record shard discovery added in #7042.
Part of #5545
Notes for reviewers:
There were a lot of small changes necessary to complete this change:
Changes in ratelimits:
Nameanfmt.Stringerand utilize the newString()method throughout.NewRegistrationsPerIPv6Range.*redis.Ringconstruction, outside of the Redis Source. These metrics are germane to client itself, not the source implementation in ratelimits.ratelimits.RedisSource.timeout. We should instead rely on the go-redis read and write timeouts.Changes in bredis:
rocsp_config.RedisConfigtobredis.Config.MustRegisterClientMetricsCollector()for registering go-redis client metrics.bredis.Configand a new constructorNewRingFromConfig()to handle go-redis client and service discovery construction. This is much cleaner than constructing a client inside of the WFE and will be useful if/when we add more Redis caches to the WFE.lookup.updateNow()now re-registers client metrics when new shards are discovered.Changes in rocsp/config:
NewReadingClient()toMakeReadClient()MakeReadClient()calls the newbredis.MustRegisterClientMetricsCollector()for consistency.Change in wfe2:
NewRegistrationsPerIP/v6Rangeinside the newcheckNewAccountLimits()func and if the subsequent ra.NewRegistration() call fails, refund the spent limit quota using the newrefundNewAccountLimits().Changes in cmd/boulder-wfe:
*redis.Ringclient, the bredis.Lookup (optionally), and add the resulting Limiter to the resultingWebFrontEndImpl.