LDLM

LDLM is a Lightweight Distributed Lock Manager implemented over gRPC and REST.

Installation

Download and install the latest release from github for your platform. Packages for linux distributions are also available there.

For containerized environments, the docker image ian76/ldlm:latest is available from dockerhub.

user@host ~$ docker run -p 3144:3144 ian76/ldlm:latest
{"time":"2024-04-27T03:33:03.434075592Z","level":"INFO","msg":"loadState() loaded 0 client locks from state file"}
{"time":"2024-04-27T03:33:03.434286717Z","level":"INFO","msg":"IPC server started","socket":"/tmp/ldlm-ipc.sock"}
{"time":"2024-04-27T03:33:03.434402133Z","level":"WARN","msg":"gRPC server started. Listening on 0.0.0.0:3144"}

Server Usage

ldlm-server -help

---

Short	Long	Default	Description
-c	--config_file		Path to configuration file.
-d	--default_lock_timeout	10m	The lock timeout applied to all locks loaded from the state file (if configured) at startup
-k	--keepalive_interval	1m	The frequency at which to send gRCP keepalive requests to connected clients.
-t	--keepalive_timeout	10s	The time to wait for a client to respond to the gRPC keepalive request before considering it dead. This will clear all locks held by the client unless no_clear_on_disconnect is also set.
-l	--listen_address	localhost:3144	Host and port on which to listen.
	--shards	16	(advanced) Number of lock map shards to use. More may increase performance if there is a lot of mutex contention.
-g	--lock_gc_interval	30m	How often to perform garbage collection (deletion) of idle locks.
-m	--lock_gc_min_idle	5m	Minimum time a lock has to be idle (no unlocks or locks) before being considered for garbage collection. Only unlocked locks can be garbage collected.
-v	--log_level	info	Log level of the server. debug, info, warn, or error
	--ipc_socket_file	<platform dependent path>	Path to the IPC socket file used for communication with the ldlm-lock command. Set to an empty string to disable IPC.
-s	--state_file		The file in which in which to store lock state each time a locking or unlocking operation is performed. If you want ldlm to maintain locks across restarts, point this at a persistent file.
-n	--no_clear_on_disconnect		Disable the default behavior of clearing locks held by clients when a client disconnect is detected.
	--client_cert_verify		Require and verify TLS certificates of clients
	--client_ca		Path to a file containing client CA's certificate. Setting this will automatically set --client_cert_verify.
	--password		Require clients to specify this password. Clients do this by setting the metadata authorization key.
	--tls_cert		Path to TLS certificate file to enable TLS
	--tls_key		Path to TLS key file
-r	--rest_listen_address		The host:port on which the REST server should listen. Leave empty to disable the REST server. Default is empty.
	--rest_session_timeout	10m	The idle timeout of a REST session.

Environment Variables

Configuration from environment variables consists of setting LDLM_<upper case cli flag>. For example

LDLM_LISTEN_ADDRESS=0.0.0.0:3144
LDLM_PASSWORD=mysecret
LDLM_LOG_LEVEL=info

Configuration File Format

Yaml and JSON file formats are supported. The configuration file specified must end in .json, .yaml, or .yml.

Configuration options are the same as the CLI flag names and function in exactly the same way. For example

yaml

# ldlm_config.yaml
listen_address: "0.0.0.0:2000"
lock_gc_interval: "20m"
lock_gc_min_idle: "10m"
log_level: info

json

{
   "listen_address": "0.0.0.0:6000",
   "lock_gc_interval":"20m"
}

API Usage

Basic client usage consists of locking and unlocking locks named by the API client. When a lock is obtained, the response contains a key that must be used to unlock the lock - it can not be unlocked using any other key.

The API functions are Lock, TryLock, Unlock, and RefreshLock. Here are some examples in a language I've completely invented for the purpose of this demonstration.

resp = client.Lock({
    Name: "work-item1",
})

if (resp.Error) {
    // handle error
    print(resp.Error.Message)
    return
}

if (!resp.Locked) {
    print("Could not obtain lock")
    return
}

//
// Do work...
//
RunJob(workItem)

resp = client.Unlock({
    Name: resp.Name,
    Key: resp.Key,
})

if (resp.Error) {
    // handle error
    print(resp.Error.Message)
    return
}

If you do not want the client to wait to acquire a lock, use TryLock() which will return immediately.

Lock Options

WaitTimeoutSeconds

Only available on Lock() since TryLock() does not wait to acquire a lock. The number of seconds to wait to acquire a lock.

resp = client.Lock({
    Name: "work-item1",
    WaitTimeoutSeconds: 30,
})

if (resp.Error) {
    // handle error. If wait timed out, resp.Error.Code will be LockWaitTimeout
    print(resp.Error.Message)
    return
}

if (!resp.Locked) {
    print("Could not obtain lock")
    return
}

LockTimeoutSeconds

The number of seconds before a lock will be automatically unlocked if not refreshed.

resp = client.Lock({
    Name: "work-item1",
    LockTimeoutSeconds: 300,
})

if (!resp.Locked) {
    return
}

refresher = spawn(function() {
    while (true) {
        sleep(240)
        client.RefreshLock({
            Name: resp.Name,
            Key: resp.Key,
            LockTimeoutSeconds: 300,
        })
    }
})

//
// Do work...
//
RunLongJob(workItem)

refresher.stop()

resp = client.Unlock({
        Name: resp.Name,
        Key: resp.Key,
})

Size

The size of the lock. If specified, the lock will alow Size locks to be held at once. This can be useful for resource locking of a particular type. E.g.

// LargeCapacityResource can handle 10 concurrent things
resp = client1.Lock({
    Name: "LargeCapacityResource",
    Size: 10,
})

// ...

resp = client2.Lock({
    Name: "LargeCapacityResource",
    Size: 10,
})

// ...etc...

The first client that obtains the lock within the uptime of the LDLM server will dictate the lock Size (if specified). Subsequent calls to lock the same resource must use the same Size.

Lock Keys

Lock keys are meant to detect when LDLM and a client are out of sync. They are not cryptographic. They are not secret. They are not meant to deter malicious users from releasing locks.

ldlm-lock commands

The ldlm-lock command is used to manipulate locks in a running LDLM server on the CLI. See also ldlm-lock -help.

List Locks

This prints a list of locks and their keys

ldlm-lock list

Force Unlocking

If a lock ever becomes deadlocked (this should not happen), you can unlock it by running the following on the same machine as a running LDLM server:

ldlm-lock unlock <lock name>

Use Cases

Primary / Secondary Failover

Using a lock, it is relatively simple to implement primary / secondary (or secondaries) failover by running something similar to the following in each server application:

resp = client.Lock({
    Name: "application-primary",
})

if (!resp.Locked) {
    raise Exception("error: lock returned but not locked")
}

print("Became primary. Performing work...")

// Do work. Lock will be unlocked if this process dies.

Task Locking

In some queue / worker patterns it may be necessary to lock tasks while they are being performed to avoid duplicate work. This can be done using try lock:

while (true) {
    workItem = queue.Get()
    
    resp = client.TryLock({
        Name: workItem.Name,
    })
    if (!resp.Locked) {
        print("Work already in progress")
        continue
    }

    // do work

    resp = client.Unlock({
        Name: resp.Name,
        Key: resp.Key,
    })
}

Resource Utilization Limiting

In some applications it may be necessary to limit the number of concurrent operations on a resource. This can be done using lock size:

resp = client.Lock({
    Name: "ElasticSearchSlot",
    Size: 10,
})

if (!resp.Locked) {
    raise Exception("error: lock returned but not locked")
}

// Do work

resp = client.Unlock({
    Name: resp.Name,
    Key: resp.Key,
})

Password

To require a password of connecting clients, use the --password option to ldlm. Optionally set it as an environment variable LDLM_PASSWORD or in a config file before running the server instead of having it visible in the process list.

The password must be specified an authorization key in the metadata of client requests.

Go client

// Add authorization metadata to context
ctx = metadata.AppendToOutgoingContext(
    context.Background(), "authorization", "secret",
)

resp, err := client.Lock(ctx, &pb.LockRequest{
    Name: lockName,
})

if err != nil {
    panic(err)
}

python client

import grpc
from protos import ldlm_pb2 as pb2
from protos import ldlm_pb2_grpc as pb2grpc

chan = grpc.insecure_channel("localhost:3144")
stub = pb2grpc.LDLMStub(chan)

resp = stub.TryLock(
    pb2.TryLockRequest(name="work-item1"),
    # authorization metadata
    metadata=(("authorization", "secret"),),
)

Server TLS

Enable server TLS by specifying --tls_cert and --tls_key. E.g.

ldlm-server --tls_cert <cert_file_location> --tls_key <key_file_location>

The server startup logs should indicate that TLS is enabled

{"time":"2024-04-03T18:15:04.723958-04:00","level":"INFO","msg":"Loaded TLS configuration"}
{"time":"2024-04-03T18:15:04.724002-04:00","level":"INFO","msg":"gRPC server started. Listening on localhost:3144"}

Mutual TLS

To enable client TLS certificate verification, use --client_cert_verify. If the CA that issued the client certs is not in a path searched by GO, you may also specify the path to the CA cert with --client_ca. These options should be combined with Server TLS options.

ldlm-server --tls_cert <cert_file_location> --tls_key <key_file_location> --client_ca <client ca cert file location>

Specifying the client CA (--client_ca) will automatically enable client cert verification, so specifying --client_cert_verify is not needed in those cases.

Go client

import (
    "crypto/tls"
    "os"
    "crypto/x509"

    "google.golang.org/grpc"
    "google.golang.org/grpc/credentials"

    pb "github.com/imoore76/go-ldlm/protos"
)

tlsc := &tls.Config{}
if cc, err := tls.LoadX509KeyPair("/certs/cert.pem", "/certs/key.pem"); err != nil {
    panic(err)
} else {
    tlsc.Certificates = []tls.Certificate{cc}
}

if cacert, err := os.ReadFile("/certs/ca_cert.pem"); err != nil {
    panic("Failed to read CA certificate: " + err.Error())
} else {
    certPool := x509.NewCertPool()
    if !certPool.AppendCertsFromPEM(cacert) {
        panic("failed to add CA certificate")
    }
    tlsc.RootCAs = certPool
}

creds := credentials.NewTLS(tlsc)

conn, err := grpc.Dial(
    "localhost:3144",
    grpc.WithTransportCredentials(creds),
)
if err != nil {
    panic(err)
}

client := pb.NewLDLMClient(conn)

python client

import grpc
from protos import ldlm_pb2 as pb2
from protos import ldlm_pb2_grpc as pb2grpc

CLIENT_CERT = "/certs/client_cert.pem"
CLIENT_KEY = "/certs/client_key.pem"
CA_CERT= "/certs/ca_cert.pem"


def readfile(fl):
   with open(fl, 'rb') as f:
      return f.read()


creds = grpc.ssl_channel_credentials(
   readfile(CA_CERT),
   private_key=readfile(CLIENT_KEY),
   certificate_chain=readfile(CLIENT_CERT),
)

chan = grpc.secure_channel("localhost:3144", creds)
stub = pb2grpc.LDLMStub(chan)

resp = stub.TryLock(
    pb2.TryLockRequest(name="work-item1"),
)

print(resp)

REST Client

When the REST server is enabled, its endpoints are

Path	Method	Description
/session	POST	This creates a session in the LDLM REST server and sets a cookie that must be included in subsequent requests.
/session	DELETE	Closes your session in the LDLM REST server and releases any resources and locks associated with it. REST sessions idle for more than 10 minutes (default) will be automatically removed, so calling this endpoint is not absolutely necessary.
/v1/lock	POST	Behaves like, and accepts the same parameters as TryLock.
/v1/unlock	POST	Behaves like, and accepts the same parameters as Unlock.
/v1/refreshlock	POST	Behaves like, and accepts the same parameters as RefreshLock.

Example REST Client Usage

The following examples use curl and its cookie jar feature to maintain the session cookie across requests. If your REST session has been idle for more than 10m (configurable), your session will expire and all locks you have obtained will be unlocked.

Create a session

Though the session id is included in the output, it is also set in the response using Set-Cookie. The cookie's name is ldlm-session.

user@host ~$ curl -X POST -c cookies.txt http://localhost:8080/session

{"session_id": "e45946cc3a474efc8ab6073918d059a6"}

Obtain a lock

user@host ~$ curl -c cookies.txt -b cookies.txt http://localhost:8080/v1/lock -d '{"name": "My lock", "lock_timeout_seconds": 120}'

{"locked":true, "name":"My lock", "key":"180d6028-7bf6-4a0b-a844-4776762c61e0"}

Refresh a lock

user@host ~$ curl -c cookies.txt -b cookies.txt http://localhost:8080/v1/refreshlock -d '{"name": "My lock", "lock_timeout_seconds": 120, "key":"180d6028-7bf6-4a0b-a844-4776762c61e0"}'

{"locked":true, "name":"My lock", "key":"180d6028-7bf6-4a0b-a844-4776762c61e0"}

Unlock a lock

user@host ~$ curl -c cookies.txt -b cookies.txt http://localhost:8080/v1/unlock -d '{"name": "My lock", "key":"180d6028-7bf6-4a0b-a844-4776762c61e0"}'

{"unlocked":true, "name":"My lock"}

Delete session

user@host ~$ curl -X DELETE -b cookies.txt -c cookies.txt http://localhost:8080/session

{"session_id": ""}

Authentication

If you have set --password on the ldlm server, it will also apply to the rest server. The password should be supplied using HTTP Basic Auth.

user@host ~$ LDLM_AUTH=$(echo -n ':mypassword' | base64) curl -X POST -c cookies.txt -H "Authorization: Basic $LDLM_AUTH" http://localhost:8080/session
{"session_id": "e45946cc3a474efc8ab6073918d059a6"}

Example Clients

See example code for ldlm clients in the examples folder.

Contributing

See CONTRIBUTING.md for details.

License

Apache 2.0; see LICENSE for details.

Disclaimer

This project is not an official Google project. It is not supported by Google and Google specifically disclaims all warranties as to its quality, merchantability, or fitness for a particular purpose.