[Jobs] Fix race condition in supervisor actor creation and add timeout for pending jobs #34223
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Signed-off-by: Archit Kulkarni <architkulkarni@users.noreply.github.com>
Signed-off-by: Archit Kulkarni <architkulkarni@users.noreply.github.com>
Signed-off-by: Archit Kulkarni <architkulkarni@users.noreply.github.com>
Signed-off-by: Archit Kulkarni <architkulkarni@users.noreply.github.com>
Signed-off-by: Archit Kulkarni <architkulkarni@users.noreply.github.com>
sihanwang41
reviewed
Apr 10, 2023
dashboard/modules/job/job_manager.py
Outdated
| # If the job is still pending, we will set the status | ||
| # to FAILED. | ||
| job_info = await self._job_info_client.get_info(job_id) | ||
| timeout = float( |
There was a problem hiding this comment.
nit: timeout extract out of the while loop.
dashboard/modules/job/job_manager.py
Outdated
| DEFAULT_JOB_START_TIMEOUT_SECONDS, | ||
| ) | ||
| ) | ||
| if job_info.start_time in [None, 0]: |
There was a problem hiding this comment.
what case is for job_info.start_time in [None, 0]?
There was a problem hiding this comment.
It's overly defensive, to avoid losing the user's job if we have some edge case or bug where start_time is unset or the default value. Not confident about whether it makes sense to include it, let me know if you think it should be removed
There was a problem hiding this comment.
if it is not expected to have start_time not set, I think it makes sense to make that attribute as required and always positive in JobInfo.
There was a problem hiding this comment.
Removed it as discussed offline (the added complexity and maintainability burden is not worth it, later we should enforce required and positive)
| logger.error(err_msg) | ||
| continue | ||
|
|
||
| if job_supervisor is None: |
There was a problem hiding this comment.
We don't need to check JobStatus.PENDING (checked above)
else:
if job_supervisor is None:
job_supervisor = self._get_actor_for_job(job_id)
if job_supervisor is None:
logger.error(f"Failed to get job supervisor for job {job_id}")
<put status job failed>
await job_supervisor.ping.remote()
rkooo567
requested changes
Apr 11, 2023
| ) | ||
| if time.time() - job_info.start_time / 1000 > timeout: | ||
| err_msg = ( | ||
| "Job supervisor actor failed to start within " |
There was a problem hiding this comment.
Can you also write the action items here? Most likely this happens because the job submission requires the resources? Can you write action items regarding this? Is there any other case this can happen?
There was a problem hiding this comment.
I don't think there's any other case where it can happen. Added a message
| f"Job {job_id} start time not found. " | ||
| f"Skipping job start timeout check." | ||
| ) | ||
| if time.time() - job_info.start_time / 1000 > timeout: |
There was a problem hiding this comment.
it will break if start_time is None
|
|
||
| while is_alive: | ||
| try: | ||
| await job_supervisor.ping.remote() | ||
| job_status = await self._job_info_client.get_status(job_id) | ||
| if job_status == JobStatus.PENDING: |
There was a problem hiding this comment.
Is it a bit hard to follow the flow. Can we just rewrite this way?
I think we can assume status != PEDNGIN once the job supervisor is created
if PENDING
check timeout
else
actor = get supervisor actor
if not actor:
fail
ping
|
Btw, @sihanwang41 I remember you mentioned a different solution last time (getting job info before running recovery monitor). What's the reason why we decided to change the approach? |
rkooo567
added
the
@author-action-required
Archit mentioned getting job info is not very effecient, if there are thousands of jobs, it might have long time hang to the end user. We can improve it later. |
Signed-off-by: Archit Kulkarni <architkulkarni@users.noreply.github.com>
Signed-off-by: Archit Kulkarni <architkulkarni@users.noreply.github.com>
Signed-off-by: Archit Kulkarni <architkulkarni@users.noreply.github.com>
architkulkarni
removed
the
@author-action-required
|
@rkooo567 Comments addressed, please take another look. Also, let me know if you think the other approach (make get all jobs sync) is still better. I made a guess about the tradeoffs, but you might have more experience with gRPC latency and issues arising from the agent hanging. |
This reverts commit e12e95e.
architkulkarni
added
the
@author-action-required
Signed-off-by: Archit Kulkarni <architkulkarni@users.noreply.github.com>
|
I had to revert the if-else refactor you both suggested, because in the case where |
architkulkarni
removed
the
@author-action-required
|
Doc build broken on master, unrelated |
architkulkarni
added
the
tests-ok
rkooo567
approved these changes
Apr 12, 2023
|
cc @architkulkarni please make sure to chrery pick |
architkulkarni
added a commit
to architkulkarni/ray
that referenced
this pull request
Apr 12, 2023
…t for pending jobs (ray-project#34223) @rkooo567 and @sihanwang41 found a race condition when submitting a job causing the job to fail. The failure happens when this sequence of events happens: A job is submitted. Its job_info is put to the internal KV. This happens here, before the JobSupervisor is actually created. In the constructor of JobManager, we call await self._recover_running_jobs(), which finds the job_info in the internal KV and starts to monitor that job. Because the JobSupervisor actor doesn't exist yet, the JobManager job monitoring loop fails to ping it, and puts the status of this job as FAILED in the internal KV. The JobSupervisor is created. JobSupervisor.run() checks that the status is PENDING, but it's not, so it raises the error "run should only be called once" which is not helpful to the user. If step 2 happens before step 1, there's no issue. But these are both async, so the order isn't guaranteed. The solution in this PR is to allow the JobManager monitoring loop to handle the case PENDING. It handles it by skipping the ping to the JobSupervisor actor for that iteration of the loop. This PR adds a unit test that fails with ray-project#34190 (which forces the race condition). This PR also adds a timeout to fail jobs that have been pending for 15 minutes, configurable via environment variable. Some questions are still open: Why did this only start to fail recently? The only recent change is [Jobs] Fix race condition on submitting multiple jobs with the same id ray-project#33259, but it's not clear how this would matter in the case of a single job. What is a reasonable default timeout for pending jobs, and should we even have one? It should be larger than the existing runtime_env setup timeout (10 minutes) in order to distinguish runtime env setup timeouts from other timeouts. Not sure if there are other existing timeouts that we should consider.
8 tasks
clarng
pushed a commit
that referenced
this pull request
Apr 12, 2023
…t for pending jobs (#34223) (#34318) @rkooo567 and @sihanwang41 found a race condition when submitting a job causing the job to fail. The failure happens when this sequence of events happens: A job is submitted. Its job_info is put to the internal KV. This happens here, before the JobSupervisor is actually created. In the constructor of JobManager, we call await self._recover_running_jobs(), which finds the job_info in the internal KV and starts to monitor that job. Because the JobSupervisor actor doesn't exist yet, the JobManager job monitoring loop fails to ping it, and puts the status of this job as FAILED in the internal KV. The JobSupervisor is created. JobSupervisor.run() checks that the status is PENDING, but it's not, so it raises the error "run should only be called once" which is not helpful to the user. If step 2 happens before step 1, there's no issue. But these are both async, so the order isn't guaranteed. The solution in this PR is to allow the JobManager monitoring loop to handle the case PENDING. It handles it by skipping the ping to the JobSupervisor actor for that iteration of the loop. This PR adds a unit test that fails with #34190 (which forces the race condition). This PR also adds a timeout to fail jobs that have been pending for 15 minutes, configurable via environment variable. Some questions are still open: Why did this only start to fail recently? The only recent change is [Jobs] Fix race condition on submitting multiple jobs with the same id #33259, but it's not clear how this would matter in the case of a single job. What is a reasonable default timeout for pending jobs, and should we even have one? It should be larger than the existing runtime_env setup timeout (10 minutes) in order to distinguish runtime env setup timeouts from other timeouts. Not sure if there are other existing timeouts that we should consider.
elliottower
pushed a commit
to elliottower/ray
that referenced
this pull request
Apr 22, 2023
…t for pending jobs (ray-project#34223) @rkooo567 and @sihanwang41 found a race condition when submitting a job causing the job to fail. The failure happens when this sequence of events happens: A job is submitted. Its job_info is put to the internal KV. This happens here, before the JobSupervisor is actually created. In the constructor of JobManager, we call await self._recover_running_jobs(), which finds the job_info in the internal KV and starts to monitor that job. Because the JobSupervisor actor doesn't exist yet, the JobManager job monitoring loop fails to ping it, and puts the status of this job as FAILED in the internal KV. The JobSupervisor is created. JobSupervisor.run() checks that the status is PENDING, but it's not, so it raises the error "run should only be called once" which is not helpful to the user. If step 2 happens before step 1, there's no issue. But these are both async, so the order isn't guaranteed. The solution in this PR is to allow the JobManager monitoring loop to handle the case PENDING. It handles it by skipping the ping to the JobSupervisor actor for that iteration of the loop. This PR adds a unit test that fails with ray-project#34190 (which forces the race condition). This PR also adds a timeout to fail jobs that have been pending for 15 minutes, configurable via environment variable. Some questions are still open: Why did this only start to fail recently? The only recent change is [Jobs] Fix race condition on submitting multiple jobs with the same id ray-project#33259, but it's not clear how this would matter in the case of a single job. What is a reasonable default timeout for pending jobs, and should we even have one? It should be larger than the existing runtime_env setup timeout (10 minutes) in order to distinguish runtime env setup timeouts from other timeouts. Not sure if there are other existing timeouts that we should consider. Signed-off-by: elliottower <elliot@elliottower.com>
4 tasks
ProjectsByJackHe
pushed a commit
to ProjectsByJackHe/ray
that referenced
this pull request
May 4, 2023
…t for pending jobs (ray-project#34223) @rkooo567 and @sihanwang41 found a race condition when submitting a job causing the job to fail. The failure happens when this sequence of events happens: A job is submitted. Its job_info is put to the internal KV. This happens here, before the JobSupervisor is actually created. In the constructor of JobManager, we call await self._recover_running_jobs(), which finds the job_info in the internal KV and starts to monitor that job. Because the JobSupervisor actor doesn't exist yet, the JobManager job monitoring loop fails to ping it, and puts the status of this job as FAILED in the internal KV. The JobSupervisor is created. JobSupervisor.run() checks that the status is PENDING, but it's not, so it raises the error "run should only be called once" which is not helpful to the user. If step 2 happens before step 1, there's no issue. But these are both async, so the order isn't guaranteed. The solution in this PR is to allow the JobManager monitoring loop to handle the case PENDING. It handles it by skipping the ping to the JobSupervisor actor for that iteration of the loop. This PR adds a unit test that fails with ray-project#34190 (which forces the race condition). This PR also adds a timeout to fail jobs that have been pending for 15 minutes, configurable via environment variable. Some questions are still open: Why did this only start to fail recently? The only recent change is [Jobs] Fix race condition on submitting multiple jobs with the same id ray-project#33259, but it's not clear how this would matter in the case of a single job. What is a reasonable default timeout for pending jobs, and should we even have one? It should be larger than the existing runtime_env setup timeout (10 minutes) in order to distinguish runtime env setup timeouts from other timeouts. Not sure if there are other existing timeouts that we should consider. Signed-off-by: Jack He <jackhe2345@gmail.com>
8 tasks
edoakes
added a commit
that referenced
this pull request
Oct 17, 2023
There are multiple race conditions between `JobManager.submit_job` and `JobManager._recover_running_jobs` because the latter runs as an async task on the event loop. This can cause a duplicate monitoring task to be started for a job before the actor is event spawned. This has caused multiple issues: - #34223 - #40062 This PR adds synchronization so `submit_job` will only run after `_recover_running_jobs` finishes (note that `_recover_running_jobs` is async and will exit after a single GCS read RPC, so this should have no practical impact).
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Why are these changes needed?
@rkooo567 and @sihanwang41 found a race condition when submitting a job causing the job to fail. The failure happens when this sequence of events happens:
JobManager, we callawait self._recover_running_jobs(), which finds the job_info in the internal KV and starts to monitor that job. Because the JobSupervisor actor doesn't exist yet, the JobManager job monitoring loop fails to ping it, and puts the status of this job as FAILED in the internal KV.If step 2 happens before step 1, there's no issue. But these are both async, so the order isn't guaranteed.
The solution in this PR is to allow the JobManager monitoring loop to handle the case PENDING. It handles it by skipping the ping to the JobSupervisor actor for that iteration of the loop.
This PR adds a unit test that fails with #34190 (which forces the race condition).
This PR also adds a timeout to fail jobs that have been pending for 15 minutes, configurable via environment variable.
Some questions are still open:
Related issue number
Closes #34172
Closes
Checks
git commit -s) in this PR.scripts/format.shto lint the changes in this PR.method in Tune, I've added it in
doc/source/tune/api/under thecorresponding
.rstfile.