New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Distribute container/volume garbage-collection across workers #1959
Comments
Regarding the step "Add a process on the worker that periodically invokes this sync command", I would suggest to add on each worker a randomization factor when calculating the time for the next "sync", to avoid a synchronized "sync" storm from the workers to the ATC. |
On k8s, when a worker dies (for whatever reason), I would like it to re-register with the same name and be in a state to take on work. To do this, I'd like it to synchronize with ATC on startup, and if the simplest and most foolproof state to agree on is the empty state, as if this worker never existed before, that works for me. I don't want to have to clear the concourse-work-dir before I start the concourse process to ensure clean startup, or need to call another command (eg retire-worker, or fly prune-worker) to get ATC to agree on the empty state. |
There's one thing to be very careful about here. Say this order of operations happens:
Not sure what to do about this yet. One way to do it would be to linearize it in some way that the ATC can tell that the |
Nice distributed system race condition :-) One possibility would be to make the ATC the source of truth for the sequence number (the "monotonically increasing number") as follows:
|
Breaking this down into some bite-sized issues:
|
Breaking out the tasks further
|
#1959 Submodule src/github.com/concourse/atc 310a311..97c9af1: > Add APIs to list destroying containers > Update marked destroy containers api without team context > Add API to report volumes to destroyed for a given worker > Add mark API > Merge pull request #271 from timrchavez/timrchavez/issue_1717 > Merge pull request #265 from SHyx0rmZ/set-content-type Submodule src/github.com/concourse/bin 6cd414a80..baac81ca9: > Add new runner for sweeping containers > Merge pull request #42 from osis/releasethequickstart Submodule src/github.com/concourse/topgun 7706c3b..e9251aa: > Enable debug to see more logs for Topgun Submodule src/github.com/concourse/tsa 62eb12d..5576ee1: > Add command to sync work status with ATC > Add tsa cmd to sweep containers Submodule src/github.com/concourse/worker 907ef55..85f0974: > Add sweeper runner to worker start command Signed-off-by: Rui Yang <ryang@pivotal.io>
#1959 Submodule src/github.com/concourse/atc f498067..4561536: > cleanup of reaper URL and reaper client references Submodule src/github.com/concourse/bin 11139b93e..505ce5502: > Remove reaper URL for heartbeat msg Submodule src/github.com/concourse/tsa 51a5503..88b5b1f: > Remove reaper addr from forward connection of workers Submodule src/github.com/concourse/worker 13192ce..05f8abe: > Cleanup http client defaults > Remove reaper addr from heartbeat msg Signed-off-by: Shash Reddy <sreddy@pivotal.io>
#1959 Submodule src/github.com/concourse/atc c92ce5b..448ebf3: > Cleanup volume GC Submodule src/github.com/concourse/tsa 88b5b1f..0d97c09: > Add sweep and report functionality for volumes Submodule src/github.com/concourse/worker 05f8abe..f388956: > Run volume GC after container GC Signed-off-by: Shash Reddy <sreddy@pivotal.io>
Looks good! See : These calls are where the worker reports the list of containers it knows about, and the ATC destroys any |
Feature Request
What challenge are you facing?
Currently the ATC is responsible for destroying containers/volumes across workers. This is very network-intensive and error prone and difficult to parallelize while having reasonable resource consumption (it's easy to just have a swarm of connections lead to a 'too many open files' error). This happened to our large-scale Concourse instance, Wings, resulting in the whole server being dead and volumes leaking forever.
A Modest Proposal
Here's one idea:
/api/v1/workers/<name>/sync
(or something). Details described after.sync
(or whatever we call this), which does aPOST
to the above endpoint with the worker's list of container/volume handles.DESTROYING
state. This is passed on to the caller of thesync
command.sync
command (using the worker's private key as authorization), and destroys the returned containers/volumes.This has quite a few benefits:
unknown handle
errors - the initialPOST
will clear them out. Ref. Lots ofunknown handle
errors #1255, unknown handle ... after cleaning of the workers volumes #1305, Unknown handle makes pipeline unusable #1322, failed to find created volume in baggageclaim #1550, "unknown handle" errors after upgrading Concourse 2.6.0 to 3.3.4 #1721, unknown handle on repository. #1821. As a result this should help out with Investigation: non-BOSH worker operation lifecycle #1457.The text was updated successfully, but these errors were encountered: