Client RPCs are sticky to server #3738
Conversation
dadgar
force-pushed
the
f-sticky-clients
branch
from
0f7a941
to
f27a7da
Compare
client/client.go
Outdated
|
|
||
| // We can wait a bit and retry! | ||
| if time.Since(firstCheck) < c.config.RPCHoldTimeout { | ||
| jitter := lib.RandomStagger(5 * time.Second / nomad.JitterFraction) |
There was a problem hiding this comment.
Why do we use JitterFraction instead of just saying 300ms (~5s / 16)? I don't understand the point of JitterFraction.
We may want to jitter on NumNodes as a server outage could cause a stampede to the other servers. The more clients, the more we need to spread out the herd.
There was a problem hiding this comment.
its meant to be a percentage (16 corresponds to 6.25%) that we want to apply as a wait time before retrying, with a random stagger added. So it will wait ~6.25% of the given overall holdout time before retrying.
also I think. this line should be lib.RandomStagger(c.config.RPCHoldTimeout/jitterFraction)
Not sure I follow the argument of using the number of clients as the fraction. That makes the percentage non deterministic, could be anywhere from 100% to a very small number.
There was a problem hiding this comment.
@schmichael to add a bit more color to Preetha's response. The jitter allows you to get some retrying within an overall allowed window. So if you have 5 seconds for something to occur this jitter lets you try a few times within that window.
@preetapan Yep good catch. Both those were hardcoded to 5s before I plumbed the config and missed one. Not sure what you mean about the # of clients btw.
client/client.go
Outdated
| if err != nil { | ||
| merr.Errors = append(merr.Errors, fmt.Errorf("Server at address %s failed ping: %v", addr, err)) | ||
| continue | ||
| } else if !ok { |
There was a problem hiding this comment.
This will never be hit as ok is only false if err is non-nil.
I'd prefer only returning an error from Ping since a nil error implies ok=true and a non-file error ok=false
client/client.go
Outdated
| } | ||
| if len(servers) == 0 { | ||
| if len(nomadServers) == 0 { | ||
| return fmt.Errorf("server returned no valid servers") |
There was a problem hiding this comment.
I never realized it before but this is a rrrreally weird error.
client/servers/manager.go
Outdated
| // | ||
| // NOTE(sean@): We are explicitly relying on the fact that serverList will | ||
| // be copied onto the stack. Please keep this structure light. | ||
| type serverList struct { |
There was a problem hiding this comment.
The comments are confusing and possibly incorrect. I don't believe it matters whether a serverList or *serverList is stored in atomic.Value. Even though every caller to getServerList will receive a unique copy of serverList and the slice header, the slice's backing array containing the Server pointers will be shared among all callers until a cycleServer is called which creates a new slice/backing-array or SetServers is called.
If cycleServer modified the backing area in place (which would be an equally valid looking implementation and avoid a heap allocation), it would create race conditions!
client/servers/manager.go
Outdated
| type Manager struct { | ||
| // listValue manages the atomic load/store of a Manager's serverList | ||
| listValue atomic.Value | ||
| listLock sync.Mutex |
There was a problem hiding this comment.
It is very difficult to figure out the proper way to use these. There are no tests that exercise concurrent access to this struct, so I couldn't use -race to detect races. However, I think it all checks out? (Note I ignored AddServer and RemoverServer in my analysis/review because they're not used.)
client/servers/manager.go
Outdated
| m.connPoolPinger = connPoolPinger // can't pass *Nomad.ConnPool: import cycle | ||
| m.rebalanceTimer = time.NewTimer(clientRPCMinReuseDuration) | ||
| m.shutdownCh = shutdownCh | ||
| atomic.StoreInt32(&m.offline, 1) |
There was a problem hiding this comment.
No need to use an atomic store in a New func since nothing can be accessing this concurrently (but as mentioned later I think this field can be removed outright).
client/servers/manager.go
Outdated
| m.refreshServerRebalanceTimer() | ||
|
|
||
| case <-m.shutdownCh: | ||
| m.logger.Printf("[INFO] manager: shutting down") |
There was a problem hiding this comment.
DEBUG maybe? Seems like this won't mean anything to end users as "managers" is awfully generic.
client/servers/manager.go
Outdated
|
|
||
| func (m *Manager) SetServers(servers []*Server) { | ||
| // Hot Path | ||
| if len(servers) == 0 { |
There was a problem hiding this comment.
The above comment is incorrect and this code is unreachable in the current implementation as we always check for len(servers) == 0 and return an error before calling SetServers.
Enforcing an invariant that the server list can never be cleared seems ok, but we should probably mention that in a comment on the method itself in case someone changes code at the callsites without realizing this internal behavior.
client/servers/manager.go
Outdated
| } | ||
|
|
||
| // saveServerList is a convenience method which hides the locking semantics | ||
| // of atomic.Value from the caller. |
There was a problem hiding this comment.
"hides the locking semantics of atomic.Value" is a weird phrase, but whatever. getServerList hides the type assertion nicely, and saveServerList makes a good companion api.
client/servers/manager.go
Outdated
| } | ||
|
|
||
| // NumServers takes out an internal "read lock" and returns the number of | ||
| // servers. numServers includes both healthy and unhealthy servers. |
There was a problem hiding this comment.
NumServers returns the total number of known servers whether healthy or not.
client/servers/manager.go
Outdated
| } | ||
|
|
||
| // GetServers returns a copy of the current list of servers. | ||
| func (m *Manager) GetServers() []*Server { |
There was a problem hiding this comment.
Remove or move to tests where it's used? (See NotifyFailedServer comment)
client/servers/manager.go
Outdated
|
|
||
| func (s *Server) String() string { | ||
| if s.addr == "" { | ||
| s.addr = s.Addr.String() |
There was a problem hiding this comment.
Racy. Either remove memoization or add a lock.
client/servers/manager.go
Outdated
| // the receiver's serverList. Returns false if the first server does not exist | ||
| // in the list. Newly added servers are appended to the list and other missing | ||
| // servers are removed from the list. | ||
| func (m *Manager) reconcileServerList(l *serverList) bool { |
There was a problem hiding this comment.
I do not understand this method at all. The server list we pass in is a potentially shuffled version of the one we're reconciling against here (except for a small window where SetServers could have overwritten one). I think maybe it was useful in Consul which also reconciles servers with Serf? That would make sense.
I'm fairly certain this entire method can be removed and replaced by a call directly to m.saveServerList(l) above.
dadgar
force-pushed
the
f-sticky-clients
branch
from
a231d3e
to
c55e030
Compare
| // Addr is the resolved address of the server | ||
| Addr net.Addr | ||
| addr string | ||
| sync.Mutex |
There was a problem hiding this comment.
What if we just used a NewServer func and always initialized the addr? I'm worried about what the Server copy in Manager.GetServers does to the Mutex. Alternatively GetServers could just manually copy Addr & DC into a new struct instead of copying the whole struct.
There was a problem hiding this comment.
@schmichael The two mutexes were put in place originally because Serf was handling the add/remove notifications and populating/replacing the server list independently of the server lists use via the RPC pool. Basically: producer == serf/consul discovery, consumer == rpc pool. This may be out of date, but that was the history.
client/servers/manager.go
Outdated
|
|
||
| if !foundHealthyServer { | ||
| m.logger.Printf("[DEBUG] manager: No healthy servers during rebalance, aborting") | ||
| return |
There was a problem hiding this comment.
Don't need this return and the word aborting in the log line is a bit misleading. We're not actually aborting anything here, we just couldn't find a healthy server while rebalancing.
|
I'm going to lock this pull request because it has been closed for 120 days ⏳. This helps our maintainers find and focus on the active contributions. |
No description provided.