You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on Jan 27, 2023. It is now read-only.
The internal anchore http client handler has support for configuring timeouts on http connections, which currently is only used in select, targeted locations in the logic (for example, in the policy engine -> catalog upcall, put in as part of issue #154 ).
Under certain network conditions where an internal host/port starts holding connections indefinitely, other internal clients can experience blocking which only clears if the services are restarted (and the network condition is cleared).
As an operator of anchore engine, it would be a useful addition to be able to configure internal clients to timeout, in order to avoid indefinite blocking, even if this timeout value would set very high (as some internal anchore connections can be long lived).
The text was updated successfully, but these errors were encountered:
we have encountered the problem about analyzer that it stops image scan after running around 2 hours.
all workers stop working. it is wired at first place. So we took some time to go deeper, and notice that it is one problem in infrastructure level about network connection.
we checked all the connections in all analyzers, and I found that
• all the workers stuck on loading analyze result to policy engine
• there are same number of connections connecting to policy engine in established state
we checked all the policy engine and notice that
• the policy engines have finished the image load work
• there are no connections from any client
It means that the connections have been closed from policy engine side, but analyzers don't get the FIN signal on closing TCP connection.
So workers stuck on the waiting for connection finish.
Then I checked the source code of anchore in http.py and notice that the timeout of connection is None. It means that the connection never timeouts if there are any package drop(or other reasons) in infrastructure level, and the connection will stuck.
So I did the change on the http client to add default timeout on all anchore requests(anchy post, update, get) to have default timeout.
The internal anchore http client handler has support for configuring timeouts on http connections, which currently is only used in select, targeted locations in the logic (for example, in the policy engine -> catalog upcall, put in as part of issue #154 ).
Under certain network conditions where an internal host/port starts holding connections indefinitely, other internal clients can experience blocking which only clears if the services are restarted (and the network condition is cleared).
As an operator of anchore engine, it would be a useful addition to be able to configure internal clients to timeout, in order to avoid indefinite blocking, even if this timeout value would set very high (as some internal anchore connections can be long lived).
The text was updated successfully, but these errors were encountered: