[2.5] Fix the problem of handler registration failure caused by inconsistent context #35172
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
JacieChao
changed the title
|
@niusmallnan good point- I'm reviewing and testing this so I'll also see if this change fixes #32045 |
ryansann
previously approved these changes
Oct 19, 2021
There was a problem hiding this comment.
I deployed HA validated that this is a problem and then upgraded to a custom image that contains the fix and saw the correct behavior. I also was not able to reproduce #32045 with the new changes, so this looks to have fixed that issue as well. Approving, but we'll need one more review on this.
rmweir
requested changes
Nov 9, 2021
There was a problem hiding this comment.
The logic looks fine, however this looks like it was done intentionally. This also is basically "framework related", so my approval is contingent on approval from @ibuildthecloud.
… by inconsistent context
JacieChao
force-pushed
the
2.5-accesscontrol
branch
from
eb63fa6
to
643d392
Compare
ibuildthecloud
approved these changes
Nov 9, 2021
ryansann
approved these changes
Nov 9, 2021
This was referenced Nov 10, 2021
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
In Rancher HA mode, each replica will create an access control cache for each downstream cluster no matter it's the clusterOwner or not. In access control cache, we start a handler here to handle role revisions change when clusterrole/role changed at the downstream cluster.
For further investigation, I found some inconsistent context to start the access control cache.
Sometimes it using context.Background() to new AccessControl, but sometimes it using ctx which inherited from wrangler context(This context is a HandlerTransaction context). When it using context.Background() to create an access control cache, the handler could start correctly, so that some replicas got the correct result. If it using ctx which inherited from wrangler context(ReigsterHandler type), the handler in access control cache will never start.
Then I found the HandlerTransaction context for steve controller.
So if it using ctx which inherited from wrangler context and has already called Commit function when rancher started, all handlers register after that will never start.
We create a new HandlerTransaction here to start cluster controllers but not using this transaction to create access control. I think it's better to use the same context to register handlers to make sure all handlers can be started consistently.
#31982