endpoint: Do not skip datapath rewrites on duplicate regenerations #10949
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
jrajahalme
added
kind/bug
|
Commit 668cc2018dffcb51e7db633d77cc28d43b520a8d does not contain "Signed-off-by". Please follow instructions provided in https://docs.cilium.io/en/stable/contributing/development/contributing_guide/#developer-s-certificate-of-origin |
maintainer-s-little-helper
bot
added
the
dont-merge/needs-sign-off
|
test-me-please |
jrajahalme
force-pushed
the
pr/jrajahalme/endpoint-regen-level-race
branch
from
3108d82
to
8b90486
Compare
maintainer-s-little-helper
bot
removed
the
dont-merge/needs-sign-off
|
test-me-please |
joestringer
requested changes
Apr 14, 2020
pkg/endpoint/endpoint.go
Outdated
| if !<-e.Regenerate(®eneration.ExternalRegenerationMetadata{Reason: reason}) { | ||
| if !<-e.Regenerate(®eneration.ExternalRegenerationMetadata{ | ||
| Reason: reason, | ||
| RegenerationLevel: regeneration.RegenerateWithoutDatapath, // Needs datapath load?? |
There was a problem hiding this comment.
This seems to be only used from the following API:
PATCH /endpoint/{id} request
Who knows what someone could shove in there, probably best to
Suggested change
| RegenerationLevel: regeneration.RegenerateWithoutDatapath, // Needs datapath load?? | |
| RegenerationLevel: regeneration.RegenerateWithDatapathRewrite, |
There was a problem hiding this comment.
Refactored with this change.
pkg/endpoint/endpoint.go
Outdated
| e.Regenerate(®eneration.ExternalRegenerationMetadata{Reason: "updated security labels"}) | ||
| e.Regenerate(®eneration.ExternalRegenerationMetadata{ | ||
| Reason: "updated security labels", | ||
| RegenerationLevel: regeneration.RegenerateWithoutDatapath, // Needs datapath load?? |
There was a problem hiding this comment.
Identity is a static variable substituted in the ELF:
cilium/pkg/datapath/loader/template.go
Line 217 in 2845ccd
So we need to do an ELF rewrite here.
Suggested change
| RegenerationLevel: regeneration.RegenerateWithoutDatapath, // Needs datapath load?? | |
| RegenerationLevel: regeneration.RegenerateWithDatapathRewrite, |
There was a problem hiding this comment.
Refactored with this change.
pkg/endpoint/endpoint.go
Outdated
| ParentContext: ctx, | ||
| Reason: "Initial build on endpoint creation", | ||
| ParentContext: ctx, | ||
| RegenerationLevel: regeneration.RegenerateWithoutDatapath, // Needs datapath load?? |
There was a problem hiding this comment.
When an endpoint is created it needs to be regenerated at least from the template. Rewrite will take care of this.
Suggested change
| RegenerationLevel: regeneration.RegenerateWithoutDatapath, // Needs datapath load?? | |
| RegenerationLevel: regeneration.RegenerateWithDatapathRewrite, |
There was a problem hiding this comment.
Refactored with this change.
pkg/endpoint/restore.go
Outdated
| @@ -166,7 +166,8 @@ func (e *Endpoint) RegenerateAfterRestore() error { | |||
| scopedLog := log.WithField(logfields.EndpointID, e.ID) | |||
|
|
|||
| regenerationMetadata := ®eneration.ExternalRegenerationMetadata{ | |||
| Reason: "syncing state to host", | |||
| Reason: "syncing state to host", | |||
| RegenerationLevel: regeneration.RegenerateWithoutDatapath, // Needs datapath load?? | |||
There was a problem hiding this comment.
During restore we don't know what the state of the datapath is so we at least need to rewrite.
Suggested change
| RegenerationLevel: regeneration.RegenerateWithoutDatapath, // Needs datapath load?? | |
| RegenerationLevel: regeneration.RegenerateWithDatapathRewrite, |
There was a problem hiding this comment.
Changed as indicated.
joestringer
requested changes
Apr 14, 2020
There was a problem hiding this comment.
Please also either rename the PR title or add a release-note section to add a one-sentence implication of the bug fixed in user-friendly language, the current title sounds innocuous and users will not know that this is the bug causing the issue in their cluster.
jrajahalme
force-pushed
the
pr/jrajahalme/endpoint-regen-level-race
branch
from
8b90486
to
b7bf8bc
Compare
jrajahalme
changed the title
|
test-me-please |
aanm
approved these changes
Apr 14, 2020
jrajahalme
force-pushed
the
pr/jrajahalme/endpoint-regen-level-race
branch
from
b7bf8bc
to
f835fb4
Compare
|
test-me-please |
Replace setState() with the current state with the corresponding status log to make it clearer that the state is not being changed in this case. Signed-off-by: Jarno Rajahalme <jarno@covalent.io>
Force explicit initialization of regeneration reason to avoid defaulting to regeneration without datapath. Signed-off-by: Jarno Rajahalme <jarno@covalent.io>
jrajahalme
force-pushed
the
pr/jrajahalme/endpoint-regen-level-race
branch
from
f835fb4
to
9b7f024
Compare
|
Rebased to skip flaky Travis CI on ARM |
|
test-me-please |
Store the highest skipped regeneration level so that the regeneration can be performed on the required level. This is achieved by refactoring Endpoint.RegenerateIfAlive() into three pieces: - setRegenerateStateLocked(): Change Endpoint state for regeneration, if not already done. If the current state indicates that a regeneration is already pending, store the current regenetion level to the new Endpoint.skippedRegenerationLevel, if higher so that the pending regeneration can be performed at that level. - SetRegenerateStateIfAlive(): Call setRegenerateStateLocked() if endpoint is still alive - RegenerateIfAlive(): Call SetRegenerateStateIfAlive() and Regenerate() if possible. All other sites that were previously manipulating Endpoint.state for regeneration are refactored to use one of the above three functions as appropriate. This allows the regeneration level recording of a skipped regeneration to be managed in a single function (setRegenerateStateLocked()) instead of copying the logic all over the place. Endpoint.RegenerateAfterCreation() used to condition regeneration on 'e.getState() == StateReady' to avoid regeneting again if the endpoint has already been regenerated due to Endpoint's labels being received from the kv-store. However, Daemon.createEndpoint() expects endpoint regeneration only happen when it finally calls Endpoint.RegenerateAfterCreation(), after the call to UpdateLabels(). Fix this by refactoring Daemon.createEndpoint() so that endpoint regeneration is OK right after calling Endpoint.UpdateLabels() and skipping endpoint regeneration trigger later if it was already triggered, and possibly already completely performed, thus avoiding unnecessary duplicate regeneration. Make this more explicit by inlining Endpoint.RegenerateAfterCreation() into Daemon.createEndpoint() which was it's only caller anyway. Suggested-by: Dan Wendlandt <dan@covalent.io> Signed-off-by: Jarno Rajahalme <jarno@covalent.io>
jrajahalme
force-pushed
the
pr/jrajahalme/endpoint-regen-level-race
branch
from
9b7f024
to
a4dfaba
Compare
|
Successful CI runs, but force pushed to clean up a bit, testing again. |
|
test-me-please |
vadorovsky
approved these changes
Apr 15, 2020
maintainer-s-little-helper
bot
moved this from Needs backport from master
to Backport pending to v1.7
in 1.7.3
maintainer-s-little-helper
bot
moved this from Needs backport from master
to Backport pending to v1.7
in 1.7.3
maintainer-s-little-helper
bot
moved this from Backport pending to v1.7
to Backport done to v1.7
in 1.7.3
maintainer-s-little-helper
bot
moved this from Backport pending to v1.7
to Backport done to v1.7
in 1.7.3
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Store the highest skipped regeneration level when skipping a duplicate endpoint regeneration, so that the queued regeneration can be performed on the required level.