External Worker affinity on ATCs

[jama22]

We've observed situations where external workers will be unusually attached to web node (ATC/TSA) when an additional web node is added. The re-balancing of workers doesn't seem to happen as it should

cc @topherbullock

[topherbullock]

When registering externally the worker component will proxy over the Garden and Baggageclaim connections via the TSA. This allows operators to only worry about ingress from Worker -> TSA when they're configuring external workers.

When when registering externally in "forward mode", the Worker registers with its addresses for BaggageClaim and Garden as the proxied addresses for the TSA. The ATC needs the worker to keep that connection alive, because if the TCP connection closes in the middle of the ATC using it, panic will ensue! CHAOS! ... basically the ATC won't be able to talk to workers if they're in the middle of a rebalance that closes off the connection to the TSA..

For reference:

[keithkroeger]

Just a few related questions:
• When do we need to consider using 4 ATCs?
• Is there a downside to having more ATCs? For example, more contention?
Would it be better to size up to 3 atcs only when doing a deployment and then ramp down, for example?
• We see an ‘expired’ column in the workers table. What is this for?
We believe this means that the worker will have to re-register with the ATC by that time or be listed as stalled, but is this the case?
• Can we force rebalancing without recreating the worker? (Restarting the worker doesn’t work unless we prune, perhaps.)

[topherbullock]

Considerations here:

• we need a way to "drain" when there are active connections (OR DO WE?!?!?.. could the current scheduler just be resilient to that)
• should this be a configurable timeout for the workers' connection with the TSA?
• what's the cost of doing this all the time regardless of there being many TSAs
• ideally this should be zero downtime (swap over to the new connection?)
• should the worker be in some new state when it is rebalancing?
• does the registration of the worker update the addresses if the state doesn't change?

[xtremerui]

hi @keithkroeger, when you were seeing all workers registered through one atc, what is the resource consumption on all atc nodes eg. CPU, memory and network throughput? Thx.

[xtreme-sameer-vohra]

Branch - atc-affinity#2312

Summarizing 10 Failures:

[Fail] [#129726011] Worker landing with one worker restarting the worker with an interruptible build in-flight [It] does not wait for the build
/Users/pivotal/go/src/github.com/concourse/concourse/src/github.com/concourse/topgun/worker_landing_test.go:133

[Fail] [#129726011] Worker landing with one worker restarting the worker with volumes and containers present [It] keeps volumes and containers after restart
/Users/pivotal/go/src/github.com/concourse/concourse/src/github.com/concourse/topgun/worker_landing_test.go:112

[Fail] [#129726011] Worker landing with a single team worker restarting the worker with an interruptible build in-flight [It] does not wait for the build
/Users/pivotal/go/src/github.com/concourse/concourse/src/github.com/concourse/topgun/worker_landing_test.go:133

[Fail] [#129726011] Worker landing with a single team worker restarting the worker with volumes and containers present [It] keeps volumes and containers after restart
/Users/pivotal/go/src/github.com/concourse/concourse/src/github.com/concourse/topgun/worker_landing_test.go:104

[Fail] [AfterEach] an ATC with default resource limits set respects the default resource limits, overridding when specified
/Users/pivotal/go/src/github.com/concourse/concourse/src/github.com/concourse/topgun/topgun_suite_test.go:430

[Fail] [AfterEach] :life Garbage collecting resource cache volumes A resource that was removed from pipeline has its resource cache, resource cache uses and resource cache volumes cleared out
/Users/pivotal/go/src/github.com/concourse/concourse/src/github.com/concourse/topgun/topgun_suite_test.go:430

[Fail] [AfterEach] :life Garbage collecting resource cache volumes A resource in paused pipeline has its resource cache, resource cache uses and resource cache volumes cleared out
/Users/pivotal/go/src/github.com/concourse/concourse/src/github.com/concourse/topgun/topgun_suite_test.go:430

[Fail] [AfterEach] :life [#136140165] Container scope when the container is scoped to a team is only hijackable by someone in that team
/Users/pivotal/go/src/github.com/concourse/concourse/src/github.com/concourse/topgun/topgun_suite_test.go:430

[Fail] [BeforeEach] Hijacked containers does not delete hijacked resource containers from the database, and sets a 5 minute TTL on the container in garden
/Users/pivotal/go/src/github.com/concourse/concourse/src/github.com/concourse/topgun/topgun_suite_test.go:430

[Fail] [AfterEach] A build using an image_resource one-off builds does not garbage-collect the image immediately
/Users/pivotal/go/src/github.com/concourse/concourse/src/github.com/concourse/topgun/topgun_suite_test.go:430

Ran 60 of 76 Specs in 17828.034 seconds
FAIL! -- 50 Passed | 10 Failed | 0 Pending | 16 Skipped

Ginkgo ran 1 suite in 4h57m11.092423768s
Test Suite Failed

[keithkroeger]

Hello @xtremerui
We see cpu and memory (and go routines) spike on the one ATC before it craters while the other remains almost unused, strangely.

no information about network to mind, unfortunately.

[YoussB]

Changes that will be required on the ATC

• drop addr_when_running constraint on workers table.
• heartbeat should NOT update the garden and baggage claim addresses.
• stalled worker should not get garden and baggage claim addresses set to nil.

[xtreme-sameer-vohra]

• We're modifying the workers' table constraint: addr_when_running
  • from: ADD CONSTRAINT "addr_when_running" CHECK ((((state <> 'stalled'::worker_state) AND (state <> 'landed'::worker_state) AND ((addr IS NOT NULL) OR (baggageclaim_url IS NOT NULL))) OR (((state = 'stalled'::worker_state) OR (state = 'landed'::worker_state)) AND (addr IS NULL) AND (baggageclaim_url IS NULL))));
  • to: ADD CONSTRAINT "addr_when_running" CHECK ((state <> 'stalled'::worker_state) AND (state <> 'landed'::worker_state) AND ((addr IS NOT NULL) OR (baggageclaim_url IS NOT NULL)));
• In order to make a migration down for this change we'll be deleting all the records that don't satisfy this constraint, or truncating the whole workers table (which will result into truncating other tables as well). this shouldn't result into a huge problem since the workers will eventually re-register themselves again.

any thoughts on that ?
@vito @topherbullock

[xtreme-sameer-vohra]

As part of this feature, we will be introducing a few parameters to the Worker that are noteworthy.

Will be configurable by the user
- rebalanceTime : The interval on which a new connection will be created by the worker. A value of 0 would mean that the Worker will not create additional connections. 
	Default Value : 0	

- idleConnectionTimeout : The time after which a stale connection will timeout if no data is sent on the connection (Connection isnt being used for pulling build logs). The AWS LB default value for a idle timeout is 60s, while the maximum is 4000s. Also, a stale connection has heartbeating turned off.
	Default Value : 1 hr

Will NOT be configurable by the user
- maxConnections : The maximum # of connections that the worker will create to the TSA(s). We can use Alex's suggestion and set this value to Max(5, # of TSA addresses provided to the worker).

Let us know if you have any thoughts or concerns ?
@vito @topherbullock

[xtreme-sameer-vohra]

We updated the properties to simplify things as such;

Will be configurable by the user
- rebalanceTime : The interval on which a new connection will be created by the worker. A value of 0 would mean that the Worker will not create additional connections. This value will also be used to configure a idleConnectionTimeout for connections between the Worker and the TSA. 
	Default Value : 0	

The maxConnections is set to 5. It is unlikely that multiple TSA addresses will be provided to a worker in the `forwarded` case as generally these TSAs would be behind a LB.

[marco-m]

Hello @xtreme-sameer-vohra, are the various commits also containing some documentation for us poor users ? :-)

[xtreme-sameer-vohra]

Hey @marco-m
Yep, its available here

[vito]

Re-branding this as an enhancement - we never supported worker rebalancing, so this was a whole new feature, not a misbehavior.