Fix timeouts from very large raft messages #3122
Conversation
|
Fixes #3113 |
dperny
force-pushed
the
fix-large-snapshot-timeout
branch
from
0c75844
to
0f2c605
Compare
|
Fixed a spelling issue. |
|
PTAL @thaJeztah |
|
Let me close/reopen to kick CI; GHA UI for some reason doesn't show "re-run" options 🤔 |
|
CI failing again, but I think it's a different test now. Let me post that failure in case it was not (yet) known as a flaky |
|
|
|
Can we kick CI again on this one? |
|
Yeah, I can try it again; it kept failing 😔 Let me give it another go |
dperny
force-pushed
the
fix-large-snapshot-timeout
branch
from
0f2c605
to
ba3004f
Compare
|
This is still failing CI, but I believe the issue with this specific PR has been fixed by adding this watchdog timer thing. I need to spend some more time on the other issue, which I believe applies to all PRs right now. |
|
@dperny looks like CI is happy now, except for a typo; |
manager/state/raft/transport/peer.go
Outdated
| // We cannot just do a naked send to the bump channel. If we try to | ||
| // send, for example, and the timer has elapsed, then the context | ||
| // will have been canceled, the watchdog loop will have exited, and | ||
| // there would be no reciever. We'd block here forever. |
Rationale is in a comment explaining the two removed lines. Signed-off-by: Drew Erny <derny@mirantis.com>
dperny
force-pushed
the
fix-large-snapshot-timeout
branch
from
ba3004f
to
c963e16
Compare
Codecov Report
@@ Coverage Diff @@
## master #3122 +/- ##
===========================================
+ Coverage 0 61.71% +61.71%
===========================================
Files 0 154 +154
Lines 0 31120 +31120
===========================================
+ Hits 0 19207 +19207
- Misses 0 10369 +10369
- Partials 0 1544 +1544 |
| for { | ||
| select { | ||
| case <-bump: | ||
| case <-time.After(p.tr.config.SendTimeout): |
There was a problem hiding this comment.
A new timer will be created on each turn of the loop, which won't be cleaned up until after the timer fires. Memory consumption would increase proportionally to the number of messages the snapshot data is split into, and won't be fully garbage-collectable until a nontrivial amount of time after the snapshot is fully transmitted. The memory usage could potentially become significant when there's a thundering herd of a hundred nodes joining a cluster.
Active timers created with timer.AfterFunc are allowed to be reset, and context.CancelFunc closures are idempotent, so a resettable watchdog timer which cancels a context on expiry and consumes O(1) memory can be implemented quite simply:
t := timer.AfterFunc(p.tr.config.SendTimeout, cancel)
defer t.Stop()
bump := func() { t.Reset(p.tr.config.SendTimeout) }There was a problem hiding this comment.
🙈 good catch (I always forget the caveats with these); @dperny can have a look?
Address moby#3122 (comment) by taking the recommendation to reduce resource churn. Signed-off-by: Bjorn Neergaard <bneergaard@mirantis.com>
Rationale is in a comment in the diff explaining the two removed lines.
fixes #3113