Make helper queue size configurable, with consistent defaults and bet…

…ter overflow handling. This patch adds a queue-size=N option to helpers configuration. This option allows users to configure the maximum number of queued requests to busy helpers. We also adjusted the default queue size limits to be more consistent across all helpers and made Squid more robust on some queue overflows: - external_acl helpers Make the maximum queue size configurable via queue-size. Default to 2*maximum-number-of-children. If the queue overflows, then the ACL returns ACCESS_DUNNO. Unpatched code uses the number of running children as the maximum queue size. If the queue is overloaded, then the ACL returns ACCESS_DUNNO. -redirector/storeID helpers Make the maximum queue size configurable via queue-size. Default to 2*maximum-number-of-children. If the queue overflows and redirector_bypass configuration option is set, then redirector is bypassed. Otherwise, if overloading persists for more than 3 minutes squid quits with a FATAL message. If the redirector_bypass/storeID_bypass is set then the default queue_size is set to 0 for backward compatibility. Unpatched code uses 2*number-of-running-children as the maximum queue size. If the redirector_bypass/storeID_bypass is set then helper bypassed if all of the children are busy. If the queue is overloaded and redirector_bypass/storeID_bypass is not set then squid quits with a FATAL message. - ssl_crtd/ssl_crtd_validator helpers. Make the maximum queue size configurable via queue-size. Default to 2*maximum-number-of-children. If the queue overflows, then helpers are bypassed. If overloading persists for more than 3 minutes squid quits with a FATAL message. The default size limit and overflow behavior has not changed. - Authentication helpers Make the maximum queue size configurable via queue-size. Default to 2*maximum-number-of-children. If the queue overflows and overloading persists for more than 3 minutes, then squid quits with a FATAL message. The default size limit and overflow behavior has not changed. This is a Measurement Factory project
squid-cache · Nov 9, 2014 · 6825b10 · 6825b10
1 parent a6950c2
commit 6825b10
Show file tree

Hide file tree

Showing 10 changed files with 255 additions and 66 deletions.
diff --git a/doc/release-notes/release-3.6.html b/doc/release-notes/release-3.6.html
@@ -24,7 +24,7 @@ <H2><A NAME="toc1">1.</A> <A HREF="#s1">Notice</A></H2>
 <H2><A NAME="toc2">2.</A> <A HREF="#s2">Major new features since Squid-3.5</A></H2>
 
 <UL>
-<LI><A NAME="toc2.1">2.1</A> <A HREF="#ss2.1">BLAH</A>
+<LI><A NAME="toc2.1">2.1</A> <A HREF="#ss2.1">Configurable helper queue size</A>
 </UL>
 <P>
 <H2><A NAME="toc3">3.</A> <A HREF="#s3">Changes to squid.conf since Squid-3.5</A></H2>
@@ -91,12 +91,11 @@ <H2><A NAME="s2">2.</A> <A HREF="#toc2">Major new features since Squid-3.5</A></
 <P>Most user-facing changes are reflected in squid.conf (see below).</P>
 
 
-<H2><A NAME="ss2.1">2.1</A> <A HREF="#toc2.1">BLAH</A>
+<H2><A NAME="ss2.1">2.1</A> <A HREF="#toc2.1">Configurable helper queue size</A>
 </H2>
 
-<P>Details at 
-<A HREF="http://wiki.squid-cache.org/Features/BLAH">http://wiki.squid-cache.org/Features/BLAH</A>.</P>
-
+<P>The new queue-size=N option to helpers configuration, allows users 
+to configure the maximum number of queued requests to busy helpers.</P>
 
 <H2><A NAME="s3">3.</A> <A HREF="#toc3">Changes to squid.conf since Squid-3.5</A></H2>
 
@@ -128,7 +127,29 @@ <H2><A NAME="modifiedtags"></A> <A NAME="ss3.2">3.2</A> <A HREF="#toc3.2">Change
 
 <P>
 <DL>
+<DT><B> auth_param </B><DD>
+<P> New parameter <EM>queue-size=</EM> to set the maximum number
+of queued requests.</P>
+
+<DT><B>external_acl_type</B><DD>
+
+<DT><B></B><DD>
+<P> New parameter <EM>queue-size=</EM> to set the maximum number
+of queued requests.</P>
+
+<DT><B>url_rewrite_children</B><DD>
+
+<DT><B></B><DD>
+<P> New parameter <EM>queue-size=</EM> to set the maximum number
+of queued requests.</P>
+
+<DT><B>sslcrtd_children</B><DD>
+<P> New parameter <EM>queue-size=</EM> to set the maximum number
+of queued requests.</P>
 
+<DT><B>sslcrtvalidator_children</B><DD>
+<P> New parameter <EM>queue-size=</EM> to set the maximum number
+of queued requests.</P>
 </DL>
 </P>
 

diff --git a/doc/release-notes/release-3.6.sgml b/doc/release-notes/release-3.6.sgml
@@ -44,9 +44,9 @@ The 3.6 change history can be <url url="http://www.squid-cache.org/Versions/v3/3
 Most user-facing changes are reflected in squid.conf (see below).
 
 
-<sect1>BLAH
-<p>Details at <url url="http://wiki.squid-cache.org/Features/BLAH">.
-
+<sect1>Configurable helper queue size
+<p>The new queue-size=N option to helpers configuration, allows users 
+to configure the maximum number of queued requests to busy helpers.
 
 <sect>Changes to squid.conf since Squid-3.5
 <p>
@@ -70,7 +70,25 @@ This section gives a thorough account of those changes in three categories:
 <sect1>Changes to existing tags<label id="modifiedtags">
 <p>
 <descrip>
+         <tag> auth_param </tag>
+         <p> New parameter <em>queue-size=</em> to set the maximum number
+             of queued requests.
+
+         <tag>external_acl_type<tag>
+         <p> New parameter <em>queue-size=</em> to set the maximum number
+             of queued requests.
+
+         <tag>url_rewrite_children<tag>
+         <p> New parameter <em>queue-size=</em> to set the maximum number
+             of queued requests.
+
+         <tag>sslcrtd_children</tag>
+         <p> New parameter <em>queue-size=</em> to set the maximum number
+             of queued requests.
 
+         <tag>sslcrtvalidator_children</tag>
+         <p> New parameter <em>queue-size=</em> to set the maximum number
+             of queued requests.
 </descrip>
 
 <sect1>Removed tags<label id="removedtags">

diff --git a/src/cf.data.pre b/src/cf.data.pre
@@ -428,7 +428,7 @@ DOC_START
 		For Digest there is no default, this parameter is mandatory.
 		For NTLM and Negotiate this parameter is ignored.
 
-	"children" numberofchildren [startup=N] [idle=N] [concurrency=N]
+	"children" numberofchildren [startup=N] [idle=N] [concurrency=N] [queue-size=N]
 
 		The maximum number of authenticator processes to spawn. If
 		you start too few Squid will have to wait for them to process
@@ -453,6 +453,11 @@ DOC_START
 		Concurrency must not be set unless it's known the helper
 		supports the input format with channel-ID fields.
 
+		The queue-size= option sets the maximum number of queued
+		requests. If the queued requests exceed queue size for more
+		than 3 minutes then squid aborts its operation.
+		The default value is set to 2*numberofchildren/
+
 		NOTE: NTLM and Negotiate schemes do not support concurrency
 			in the Squid code module even though some helpers can.
 
@@ -646,6 +651,10 @@ DOC_START
 			Up to the value of children-max. (default 1)
 	  concurrency=n	concurrency level per process. Only used with helpers
 			capable of processing more than one query at a time.
+	  queue-size=N  The queue-size= option sets the maximum number of queued
+			requests. If the queued requests exceed queue size 
+			the acl ignored.
+			The default value is set to 2*children-max.
 	  cache=n	limit the result cache size, default is 262144.
 	  grace=n	Percentage remaining of TTL where a refresh of a
 			cached entry should be initiated without needing to
@@ -2805,6 +2814,13 @@ DOC_START
 	at all times. When traffic begins to rise above what the existing
 	processes can handle this many more will be spawned up to the maximum
 	configured. A minimum setting of 1 is required.
+
+		queue-size=N
+
+	Sets the maximum number of queued requests.
+	If the queued requests exceed queue size for more than 3 minutes
+	squid aborts its operation.
+	The default value is set to 2*numberofchildren.
 
 	You must have at least one ssl_crtd process.
 DOC_END
@@ -2864,6 +2880,13 @@ DOC_START
 	a request ID in front of the request/response. The request
 	ID from the request must be echoed back with the response
 	to that request.
+
+		queue-size=N
+
+	Sets the maximum number of queued requests.
+	If the queued requests exceed queue size for more than 3 minutes
+	squid aborts its operation.
+	The default value is set to 2*numberofchildren.
 
 	You must have at least one ssl_crt_validator process.
 DOC_END
@@ -4869,6 +4892,14 @@ DOC_START
 	used to communicate with the helper is modified to include
 	an ID in front of the request/response. The ID from the request
 	must be echoed back with the response to that request.
+
+		queue-size=N
+
+	Sets the maximum number of queued requests.
+	If the queued requests exceed queue size and redirector_bypass
+	configuration option is set, then redirector is bypassed. Otherwise, if
+	overloading persists squid may abort its operation.
+	The default value is set to 2*numberofchildren.
 DOC_END
 
 NAME: url_rewrite_host_header redirect_rewrites_host_header
@@ -4919,6 +4950,8 @@ DOC_START
 	redirectors for access control, and you enable this option,
 	users may have access to pages they should not
 	be allowed to request.
+	This options sets default queue-size option of the url_rewrite_children
+	to 0.
 DOC_END
 
 NAME: url_rewrite_extras
@@ -5043,6 +5076,14 @@ DOC_START
 	used to communicate with the helper is modified to include
 	an ID in front of the request/response. The ID from the request
 	must be echoed back with the response to that request.
+
+		queue-size=N
+
+	Sets the maximum number of queued requests.
+	If the queued requests exceed queue size and store_id_bypass
+	configuration option is set, then storeID helper is bypassed. Otherwise,
+	if overloading persists squid may abort its operation.
+	The default value is set to 2*numberofchildren.
 DOC_END
 
 NAME: store_id_access storeurl_rewrite_access
@@ -5072,6 +5113,8 @@ DOC_START
 	are not critical to your caching system.  If you use
 	helpers for critical caching components, and you enable this 
 	option,	users may not get objects from cache.
+	This options sets default queue-size option of the store_id_children
+	to 0.
 DOC_END
 
 COMMENT_START

diff --git a/src/external_acl.cc b/src/external_acl.cc
@@ -268,6 +268,9 @@ parse_externalAclHelper(external_acl ** list)
             a->children.n_idle = atoi(token + 14);
         } else if (strncmp(token, "concurrency=", 12) == 0) {
             a->children.concurrency = atoi(token + 12);
+        } else if (strncmp(token, "queue-size=", 11) == 0) {
+            a->children.queue_size = atoi(token + 11);
+            a->children.defaultQueueSize = false;
         } else if (strncmp(token, "cache=", 6) == 0) {
             a->cache_size = atoi(token + 6);
         } else if (strncmp(token, "grace=", 6) == 0) {
@@ -315,6 +318,9 @@ parse_externalAclHelper(external_acl ** list)
     if (a->negative_ttl == -1)
         a->negative_ttl = a->ttl;
 
+    if (a->children.queue_size < 0)
+        a->children.queue_size = 2 * a->children.n_max;
+
     /* Parse format */
     external_acl_format::Pointer *p = &a->format;
 
@@ -776,7 +782,7 @@ aclMatchExternal(external_acl_data *acl, ACLFilledChecklist *ch)
         if (!entry) {
             debugs(82, 2, HERE << acl->def->name << "(\"" << key << "\") = lookup needed");
 
-            if (acl->def->theHelper->stats.queue_size < (int)acl->def->theHelper->childs.n_active) {
+            if (!acl->def->theHelper->queueFull()) {
                 debugs(82, 2, HERE << "\"" << key << "\": queueing a call.");
                 if (!ch->goAsync(ExternalACLLookup::Instance()))
                     debugs(82, 2, "\"" << key << "\": no async support!");
@@ -1415,24 +1421,19 @@ ExternalACLLookup::Start(ACLChecklist *checklist, external_acl_data *acl, bool i
     } else {
         /* No pending lookup found. Sumbit to helper */
 
-        /* Check for queue overload */
-
-        if (def->theHelper->stats.queue_size >= (int)def->theHelper->childs.n_running) {
-            debugs(82, 7, HERE << "'" << def->name << "' queue is too long");
-            assert(inBackground); // or the caller should have checked
-            cbdataFree(state);
-            return;
-        }
-
-        /* Send it off to the helper */
         MemBuf buf;
         buf.init();
 
         buf.Printf("%s\n", key);
 
         debugs(82, 4, "externalAclLookup: looking up for '" << key << "' in '" << def->name << "'.");
 
-        helperSubmit(def->theHelper, buf.buf, externalAclHandleReply, state);
+        if (!def->theHelper->trySubmit(buf.buf, externalAclHandleReply, state)) {
+            debugs(82, 7, HERE << "'" << def->name << "' submit to helper failed");
+            assert(inBackground); // or the caller should have checked
+            cbdataFree(state);
+            return;
+        }
 
         dlinkAdd(state, &state->list, &def->queue);