-
Notifications
You must be signed in to change notification settings - Fork 453
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
balancerd: Handle canceling connections #24081
Comments
The code bears this out! materialize/src/balancerd/src/lib.rs Lines 555 to 558 in dbff751
|
Two ideas that I talked about with @mjibson way back when:
|
Talked about this in the TL sync today. @def- suggested that we could have our PostgreSQL sessions cycle the cancellation keys every few minutes. This would introduce more randomness, to make guessing the cancellation key for a session harder. I pointed out that the protocol didn't support this, but @def- pointed out on Slack that libpq nonetheless handles changes to the cancellation key mid session. Weird! I'd still be nervous about relying on this, though, because other pgwire protocol implementations are likely not so kind. Here's an idea I proposed. We have 64 bits to play with here: 32 bits of connection ID and 32 bits of secret key. We don't need 2^32 connection IDs! At the moment We can also randomly assign connection IDs. Today we sequentially assign connection IDs. But that leaves a fair bit of randomness on the table. If both connection IDs and secret keys are randomly generated, that gives us 52 bits of randomness (4 quadrillion possibilities) instead of 32 bits of randomness (4 billion possibilities). On the Kubernetes side, we could still leverage DNS here. Have the environment controller create a service named after the first 12 bits of each environment's organization ID by using the first three hex digits of the UUID. An environment for org ID 2b826f1e-4691-40b5-b627-8f7e4fc6369f would use service name 2b8. A given service will map to multiple environments in the case of collision, and that's fine. tl;dr
|
As @mjibson has pointed out to me before, bits 6, 7, and 12 of a UUIDv4 are constant. What do you think about using the last 12 bits of the environment ID for more randomness? |
Oh, wow, good to know. That's too bad, because it's much harder to sort the environments by their last 12 bits than their first, but agreed that we should do it, because losing 3 of the 12 bits of UUID randomness would be a big hit. |
What should be responsible for maintaining the services? We could probably do this in the environment-controller, but we currently don't have anything there that operates on all environments, only on one environment at a time. I guess on environment reconciliation we could query any existing service, but it's a bit clunky. We'd probably want to serialize interactions with these services, so that we don't race. |
I think it should be fine to handle the creation of the service during the normal environment reconciliation. It will need to do two things:
It's true that environments that are reconciled in parallel will race on (2). But that should be fine, because they're both going to try to create identical services. IIUC, the service membership doesn't need to be managed, since that's handled by Kubernetes automatically, and so I think it all works out pretty smoothly. |
Ah, that's a nice way to handle it for creation. I'm not sure how to handle delete that way, though. |
It's plausibly fine just to leave them around? There's only going to be 4096 of them at most. |
If the issue is the mechanics of the reconciler, It's not too uncommon to have a Kube controller that considers all CRs for reconciliation if any one of them changes. |
This will decrease their predictability, which is desirable for the balancer. See MaterializeInc#24081 (comment)
This will decrease their predictability, which is desirable for the balancer. See MaterializeInc#24081 (comment) Bump connection id space to 20 bits as part of balancer cancellation.
This will decrease their predictability, which is desirable for the balancer. See MaterializeInc#24081 (comment) Bump connection id space to 20 bits as part of balancer cancellation.
This will decrease their predictability, which is desirable for the balancer. See #24081 (comment) ### Motivation * This PR adds a known-desirable feature. ### Checklist - [x] This PR has adequate test coverage / QA involvement has been duly considered. - [ ] This PR has an associated up-to-date [design doc](https://github.com/MaterializeInc/materialize/blob/main/doc/developer/design/README.md), is a design doc ([template](https://github.com/MaterializeInc/materialize/blob/main/doc/developer/design/00000000_template.md)), or is sufficiently small to not require a design. <!-- Reference the design in the description. --> - [ ] If this PR evolves [an existing `$T ⇔ Proto$T` mapping](https://github.com/MaterializeInc/materialize/blob/main/doc/developer/command-and-response-binary-encoding.md) (possibly in a backwards-incompatible way), then it is tagged with a `T-proto` label. - [ ] If this PR will require changes to cloud orchestration or tests, there is a companion cloud PR to account for those changes that is tagged with the release-blocker label ([example](MaterializeInc/cloud#5021)). <!-- Ask in #team-cloud on Slack if you need help preparing the cloud PR. --> - [ ] This PR includes the following [user-facing behavior changes](https://github.com/MaterializeInc/materialize/blob/main/doc/developer/guide-changes.md#what-changes-require-a-release-note): - n/a
This will decrease their predictability, which is desirable for the balancer. See MaterializeInc#24081 (comment) ### Motivation * This PR adds a known-desirable feature. ### Checklist - [x] This PR has adequate test coverage / QA involvement has been duly considered. - [ ] This PR has an associated up-to-date [design doc](https://github.com/MaterializeInc/materialize/blob/main/doc/developer/design/README.md), is a design doc ([template](https://github.com/MaterializeInc/materialize/blob/main/doc/developer/design/00000000_template.md)), or is sufficiently small to not require a design. <!-- Reference the design in the description. --> - [ ] If this PR evolves [an existing `$T ⇔ Proto$T` mapping](https://github.com/MaterializeInc/materialize/blob/main/doc/developer/command-and-response-binary-encoding.md) (possibly in a backwards-incompatible way), then it is tagged with a `T-proto` label. - [ ] If this PR will require changes to cloud orchestration or tests, there is a companion cloud PR to account for those changes that is tagged with the release-blocker label ([example](https://github.com/MaterializeInc/cloud/pull/5021)). <!-- Ask in #team-cloud on Slack if you need help preparing the cloud PR. --> - [ ] This PR includes the following [user-facing behavior changes](https://github.com/MaterializeInc/materialize/blob/main/doc/developer/guide-changes.md#what-changes-require-a-release-note): - n/a
Use the lower 12 bits of the environment id as the upper 12 bits of the connection id. See #24081 (comment) ### Motivation * This PR adds a known-desirable feature. ### Checklist - [ ] This PR has adequate test coverage / QA involvement has been duly considered. - [ ] This PR has an associated up-to-date [design doc](https://github.com/MaterializeInc/materialize/blob/main/doc/developer/design/README.md), is a design doc ([template](https://github.com/MaterializeInc/materialize/blob/main/doc/developer/design/00000000_template.md)), or is sufficiently small to not require a design. <!-- Reference the design in the description. --> - [ ] If this PR evolves [an existing `$T ⇔ Proto$T` mapping](https://github.com/MaterializeInc/materialize/blob/main/doc/developer/command-and-response-binary-encoding.md) (possibly in a backwards-incompatible way), then it is tagged with a `T-proto` label. - [ ] If this PR will require changes to cloud orchestration or tests, there is a companion cloud PR to account for those changes that is tagged with the release-blocker label ([example](MaterializeInc/cloud#5021)). <!-- Ask in #team-cloud on Slack if you need help preparing the cloud PR. --> - [ ] This PR includes the following [user-facing behavior changes](https://github.com/MaterializeInc/materialize/blob/main/doc/developer/guide-changes.md#what-changes-require-a-release-note): - n/a
When balancer receives a cancel request, broadcast it to all envds with matching ids. See #24081 (comment) ### Motivation * This PR adds a known-desirable feature. ### Checklist - [ ] This PR has adequate test coverage / QA involvement has been duly considered. - [ ] This PR has an associated up-to-date [design doc](https://github.com/MaterializeInc/materialize/blob/main/doc/developer/design/README.md), is a design doc ([template](https://github.com/MaterializeInc/materialize/blob/main/doc/developer/design/00000000_template.md)), or is sufficiently small to not require a design. <!-- Reference the design in the description. --> - [ ] If this PR evolves [an existing `$T ⇔ Proto$T` mapping](https://github.com/MaterializeInc/materialize/blob/main/doc/developer/command-and-response-binary-encoding.md) (possibly in a backwards-incompatible way), then it is tagged with a `T-proto` label. - [ ] If this PR will require changes to cloud orchestration or tests, there is a companion cloud PR to account for those changes that is tagged with the release-blocker label ([example](MaterializeInc/cloud#5021)). <!-- Ask in #team-cloud on Slack if you need help preparing the cloud PR. --> - [ ] This PR includes the following [user-facing behavior changes](https://github.com/MaterializeInc/materialize/blob/main/doc/developer/guide-changes.md#what-changes-require-a-release-note): - n/a
Adapter parts of this are complete. There's a new arg to balancerd (see #24503) for a cancel broadcast DNS lookup address. |
@alex-hunt-materialize pointed out today on Slack that our plan to have cancellation I think we can still make this work by manually managing the endpoint slices with the "FQDN" address type: Service:
EndpointSlice:
|
What version of Materialize are you using?
v0.81.0-dev
What is the issue?
It appears as though
balancerd
isn't properly canceling requests. If you start running a subscribe inpsql
and then try canceling it with CTRL+C, the subscribe will not stop. Also it seems like when you close the terminal window that's runningpsql
, the session does not get cleaned up. See this Slack thread for more detailsThe text was updated successfully, but these errors were encountered: