[Bug]: Memory consumption has increased since v4.67.0 #31722
Comments
at-wat
added
bug
Community NoteVoting for Prioritization
Volunteering to Work on This Issue
|
|
Added setting for v5.1.0 to the reproduction repo. |
|
Pprof output right before
|
ewbankkit
added
the
provider
justinretzolk
removed
the
needs-triage
|
Thanks for the research @at-wat , we've had to double the size of our codebuild runners to avoid these kind of errors that are due to memory exhaustion: |
|
#31722 (comment) It may be related to the new quicksight resources: |
|
Like @n00borama, we've had to double the size of our runners to avoid these errors which of course has a negative cost impact 🙁 Also tried to play around with parallelism by lowering it from the default of 10 to 4 but no joy. |
|
Hi @at-wat 👋, thank you for the legwork in profiling this issue! Just to let you know we are actively investigating this with high priority in order to find a resolution. Will update this thread once we have a way forward. |
|
This has left us unable to run one of our tf pipelines at all, as we were already on the largest possible size in bitbucket cloud... having to look into other workarounds now. |
Reference: #31722 Rather than allocating memory for each shared tag schema, reference the same schema data. Each `schema.Schema` struct allocation is ~304 bytes, which adds up when multiplied times a few hundred resources using it. Not a big reduction by any means, but seems like a quick way to reduce some unnecessary memory usage. Updated the two code locations which were directly mutating the result of shared tag schemas.
Reference: #31722 Happened to notice this was generating a decent number of memory allocations while profiling and its a small change. Output from acceptance testing: ``` --- PASS: TestAccWAFV2RuleGroup_basic (30.05s) --- PASS: TestAccWAFV2RuleGroup_disappears (32.14s) --- PASS: TestAccWAFV2RuleGroup_Operators_maxNested (34.74s) --- PASS: TestAccWAFV2RuleGroup_changeMetricNameForceNew (58.55s) --- PASS: TestAccWAFV2RuleGroup_changeNameForceNew (60.83s) --- PASS: TestAccWAFV2RuleGroup_changeCapacityForceNew (65.89s) --- PASS: TestAccWAFV2RuleGroup_updateRule (68.22s) --- PASS: TestAccWAFV2RuleGroup_logicalRuleStatements (85.48s) --- PASS: TestAccWAFV2RuleGroup_LabelMatchStatement (58.55s) --- PASS: TestAccWAFV2RuleGroup_byteMatchStatement (60.96s) --- PASS: TestAccWAFV2RuleGroup_ipSetReferenceStatement (35.66s) --- PASS: TestAccWAFV2RuleGroup_RateBased_maxNested (35.63s) --- PASS: TestAccWAFV2RuleGroup_updateRuleProperties (105.28s) --- PASS: TestAccWAFV2RuleGroup_sizeConstraintStatement (59.81s) --- PASS: TestAccWAFV2RuleGroup_xssMatchStatement (59.43s) --- PASS: TestAccWAFV2RuleGroup_IPSetReferenceStatement_ipsetForwardedIP (112.62s) --- PASS: TestAccWAFV2RuleGroup_sqliMatchStatement (58.73s) --- PASS: TestAccWAFV2RuleGroup_geoMatchStatement (58.94s) --- PASS: TestAccWAFV2RuleGroup_GeoMatchStatement_forwardedIP (58.18s) --- PASS: TestAccWAFV2RuleGroup_RuleLabels (58.66s) --- PASS: TestAccWAFV2RuleGroup_tags (83.04s) --- PASS: TestAccWAFV2RuleGroup_rateBasedStatement (109.78s) --- PASS: TestAccWAFV2RuleGroup_regexMatchStatement (32.72s) --- PASS: TestAccWAFV2RuleGroup_minimal (25.63s) --- PASS: TestAccWAFV2RuleGroup_regexPatternSetReferenceStatement (32.67s) --- PASS: TestAccWAFV2RuleGroup_ruleAction (75.28s) --- PASS: TestAccWAFV2RuleGroup_RuleAction_customRequestHandling (50.20s) --- PASS: TestAccWAFV2RuleGroup_RuleAction_customResponse (65.41s) --- PASS: TestAccWAFV2RuleGroup_ByteMatchStatement_fieldToMatch (264.78s) ```
|
Hi all! 👋 Wanted to give an update with our current status. The Terraform AWS Provider, Terraform DevEx and Terraform Core teams are all engaged in working towards a solution. The main problem is peak memory usage and this peak occurs when Terraform makes calls to configured providers to load their resource/data source schemas. The Terraform protocol contains a single RPC which asks for all schemas regardless of the specific resources configured. This means that as the AWS provider grows, the memory requirements for using it also grow. Some specific resources such as QuickSight and WAFv2 have extremely large nested schemas which can have an outsized effect on memory as we have seen. Changing Terraform to load only the schemas for configured resources is likely feasible, but it is a very large undertaking requiring changes to the protocol (and thus changes to Terraform, terraform-plugin-framework, terraform-plugin-sdk and the provider). This change should decrease the memory footprint significantly for most users, and memory requirements would vary based on the particular resource configured. At this point we are investigating the feasibility of this change, but can make no indication of timings. Short term however, there are a number of smaller optimizations we can do which we hope will alleviate some of the pressure while we research more longer term improvements. Some of these modifications will ship in the next version of the AWS provider. We will also be more intentional about accepting PR submissions for resources/data sources with particularly massive schema at least until their memory requirements are more closely understood. In some cases we may need to leave these out until we can resolve the root issue. More updates to come when we have details we can share. |
|
To jump on board: We're now hitting memory limitations as well. To make it more interesting: We're using TF Cloud and their runners are fixed (and limited) to 2Gb of memory. So that means TF is now "stuck" on certain workspaces... Going to play with Parallelism and/or reverting the version back to prior 5.1.0 But the solution mentioned by @breathingdust (to only load the used resources) seems/feels like it should be, looking forward to the result of that refactoring |
|
Hi @breathingdust, hope all is well. Are there any updates on this you could share out of curiosity? Have there been any developments? |
|
Happy Friday everyone! I do have an update for you. Terraform 1.6 (currently in alpha) will include new functionality that will allow a cached provider schema to be used which should significantly reduce memory consumption for configurations including multiple instances of the same provider. In the near future terraform-plugin-go / terraform-plugin-sdk and terraform-plugin-framework will all be updated to take advantage of this, and provider authors (including the AWS Provider maintainers) will need to update these dependencies for this to take effect. I can’t give timings for when these changes will all be available, but this should be a significant step forward for those experiencing memory issues with multiple AWS providers configured. Additionally, we have introduced a regex cache to the provider (released in v5.14.0) which in testing seems to have a significant impact on memory consumption. We are continuing to work with the Terraform Core and DevEx teams on further improvements, and will update this issue with new information as I have it. |
|
|
|
@azarudeena Terraform provider processes are spawned for each |
|
@at-wat this is only for one aws account and one provider block. I am doing validate in a our staging region. with some 20 ECS services custom modules which dependencies like RDS, sqs, dynamodb, KMS etc. addition to that even our CI time in our self hosted runners have doubled after this upgrade. |
|
Updated the reproduction repo: https://github.com/at-wat/terraform-provider-aws-v4.67-memory-usage/
and confirmed that the memory usage is significantly reduced on terraform-provider 5.20.0 and terraform 1.6.0 |
|
Looking really good @at-wat ! Question, is this related to the new "Global Schema Cache"? (hashicorp/terraform#33482) |
Terraform Core Version
1.4.5
AWS Provider Version
4.67.0, 5.0.1, 5.1.0
Affected Resource(s)
Seems not related to specific resources.
For example, memory usage increases even when only declaring provider without resources.
Expected Behavior
Memory usage is kept the same by updating the provider.
Actual Behavior
In our actual environment setting up GuardDuty and EventBus on all available regions (17) on 5 AWS accounts, max RSS during refresh was measured as:
Relevant Error/Panic Output Snippet
No response
Terraform Configuration Files
https://github.com/at-wat/terraform-provider-aws-v4.67-memory-usage/
Steps to Reproduce
See https://github.com/at-wat/terraform-provider-aws-v4.67-memory-usage/blob/main/README.md
This measures max RSS when refreshing
aws_iam_policy_documentdata resources on 17 regions.It results in a similar increase rate to our actual infrastructure code.
Debug Output
No response
Panic Output
No response
Important Factoids
No response
References
No response
Would you like to implement a fix?
None
The text was updated successfully, but these errors were encountered: