Add graph-based pod stop #25169
Add graph-based pod stop #25169
Conversation
openshift-ci
bot
added
release-note
approved
|
Tagging no new tests as the existing pod stop/remove tests should exercise this. Would be nice to test the ordering aspect but I'm not sure if that's doable without being very racy. |
|
For tests one thing that we could do is check the |
libpod/container_api.go
Outdated
| exists, err := c.runtime.state.HasContainer(c.ID()) | ||
| if err != nil { | ||
| return err | ||
| } | ||
| if !exists { | ||
| return fmt.Errorf("container %s does not exist in database: %w", c.ID(), define.ErrNoSuchCtr) | ||
| } |
There was a problem hiding this comment.
That adds a extra db queries overhead, I am not sure we need this at all.
Technically if the pod doesn't exists you could just ignore the error, i.e. only take locks in an if err == nil {} block.
Then the other code would return its normal error anyway.
There was a problem hiding this comment.
Oh, I like that. Will fix.
libpod/container_api.go
Outdated
| // Have to lock the pod the container is a part of. | ||
| // This prevents running `podman start` at the same time a | ||
| // `podman pod stop` is running, which could lead to wierd races. | ||
| // Pod locks come before container locks, so do this first. | ||
| if c.config.Pod != "" { |
There was a problem hiding this comment.
We should do the same thing around stop for consistency
mheon
force-pushed
the
graph_stop
branch
2 times, most recently
from
9c9d10f to
bee225e
Compare
|
Oops. Forgot to wait for the parallel executors to stop creating horrible races. Fixed now. |
mheon
force-pushed
the
graph_stop
branch
11 times, most recently
from
ed5adc4 to
3aa18df
Compare
|
Ephemeral COPR build failed. @containers/packit-build please check. |
|
Cockpit tests failed for commit 3aa18df. @martinpitt, @jelly, @mvollmer please check. |
mheon
force-pushed
the
graph_stop
branch
3 times, most recently
from
2fb56ab to
8f21503
Compare
|
The cockpit test failure from above is essentially this:
This feels related to this change? The latest push passed, but in commit 3aa18df it also passed in F41 and only failed once in Rawhide -- so this feels like a race condition, or possibly file system order etc., i.e. something not reliably reproducible? Does that ring a bell? |
|
@martinpitt Most of our tests fail as well so yes this patch is broken and cannot be merged like that. |
|
Ephemeral COPR build failed. @containers/packit-build please check. |
The intention behind this is to stop races between `pod stop|start` and `container stop|start` being run at the same time. This could result in containers with no working network (they join the still-running infra container's netns, which is then torn down as the infra container is stopped, leaving the container in an otherwise unused, nonfunctional, orphan netns. Locking the pod (if present) in the public container start and stop APIs should be sufficient to stop this. Signed-off-by: Matt Heon <[email protected]>
mheon
force-pushed
the
graph_stop
branch
2 times, most recently
from
a080ae2 to
041c6a3
Compare
|
@Luap99 This is ready for review now |
|
LGTM |
There was a problem hiding this comment.
A few comments, I have a hard time following the graph logic.
For start I understand that it makes sense to not continue starting when the dep failed. But for stop I am not sure. Even if we fail to stop one I feel like we should still stop all the other deps regardless.
The other thing is the locking in traverseNodeInwards(), the amount of special cases an locking /unlocking of node.lock and nodeDetails.lock makes me uneasy but I cannot offer anything better and test pass so I guess I just have to live with it.
test/e2e/pod_stop_test.go
Outdated
| infraStopTime, err := time.Parse(timeFormat, infraStop.OutputToString()) | ||
| Expect(err).ShouldNot(HaveOccurred()) | ||
|
|
||
| Expect(ctrStopTime.Before(infraStopTime)).To(BeTrue()) |
There was a problem hiding this comment.
please use Expect(infraStopTime).To(BeTemporally(">", ctrStopTime)) to provide useful errors when this fails.
https://onsi.github.io/gomega/#betemporallycomparator-string-compareto-timetime-threshold-timeduration
with you code you just get the "expect false to be true error"
test/e2e/pod_stop_test.go
Outdated
| podInspect := podmanTest.PodmanExitCleanly("pod", "inspect", "--format", "{{ .InfraContainerID }}", podName) | ||
| infraCtrID := podInspect.OutputToString() |
There was a problem hiding this comment.
you can skip the inspect call when you give a name on create instead with --infra-name
libpod/pod_api.go
Outdated
| } | ||
| } | ||
|
|
||
| if len(ctrErrors) > 0 { | ||
| if len(ctrErrors) > 1 { |
There was a problem hiding this comment.
Why this change, it seems like we skip reporting errors when one ctr failed?
libpod/container_graph.go
Outdated
| ctr.lock.Unlock() | ||
|
|
||
| if cleanup { | ||
| return ctr.Cleanup(ctx, false) | ||
| } |
There was a problem hiding this comment.
this seems fragile locking, i.e. if new early returns are added without unlocking.
And it unnecessarily unlocks to just to immediately lock again. Would it not be better to have an internal version of Cleanup() that does not take the lock.
Luap99
removed
the
No New Tests
First, refactor our existing graph traversal code to improve code sharing. There still isn't much sharing between inward traversal (stop, remove) and outward traversal (start) but stop and remove are sharing most of their code, which seems a positive. Second, add a new graph-traversal function to stop containers. We already had start and remove; stop uses the newly-refactored inward-traversal code which it shares with removal. Third, rework the shared stop/removal inward-traversal code to add locking. This allows parallel execution of stop and removal, which should improve the performance of `podman pod rm` and retain the performance of `podman pod stop` at about what it is right now. Fourth and finally, use the new graph-based stop when possible to solve unordered stop problems with pods - specifically, the infra container stopping before application containers, leaving those containers without a working network. Fixes https://issues.redhat.com/browse/RHEL-76827 Signed-off-by: Matt Heon <[email protected]>
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: Luap99, mheon The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
|
@containers/podman-maintainers PTAL and merge |
Implement a graph-based pod stop and use it by default, ensuring that containers stop in a dependency-based order. This prevents race conditions where application containers stopped after the infra container, meaning they did not have functional networking for the last seconds before they stopped, potentially causing unexpected application errors.
As a pleasant side-effect, make removing containers within a pod parallel, which should improve performance.
Full details in commit descriptions.
Does this PR introduce a user-facing change?