Unsafe distributed lock with Redis #19
Description
Hey guys,
I stumbled upon this gem while working on an updated test suite for activejob-locking. When I was using the Redis client/implementation my tests for parallel lock acquisition failed, so the lock was over-acquired. (Eg. 3 time parallel processes, on the same machine or on different machines, could acquire the same lock, each)
The issue is based on the Redis watch command in case there is no such key in the first place. To work around this a user must make sure to set the key (to an empty string) before any process wants to acquire the lock. This can be done at application boot or while deployments.
I set up a demo repository for reproducibility: https://github.com/Jack12816/suo-dlm-redis-bug
The Memcached client/implementation does not suffer from this issue as far as I can tell.
See Redlock for a canonical Redis DLM algorithm as an alternative, in case you care about the safety guarantee that at any given moment, only one client can hold a lock.
Proposal: Maybe we could add a hint about this in the readme?