Thanks to visit codestin.com
Credit goes to github.com

Skip to content

fix: move pubsub publishing out of database transactions to avoid conn exhaustion#17648

Merged
dannykopping merged 7 commits into
mainfrom
dk/notify-outside-tx
May 5, 2025
Merged

fix: move pubsub publishing out of database transactions to avoid conn exhaustion#17648
dannykopping merged 7 commits into
mainfrom
dk/notify-outside-tx

Conversation

@dannykopping
Copy link
Copy Markdown
Contributor

@dannykopping dannykopping commented May 1, 2025
edited
Loading

Database transactions hold onto connections, and pubsub.Publish tries to acquire a connection of its own. If the latter is called within a transaction, this can lead to connection exhaustion.

I plan two follow-ups to this PR:

  1. Make connection counts tuneable

https://github.com/coder/coder/blob/main/cli/server.go#L2360-L2376

We will then be able to write tests showing how connection exhaustion occurs.

  1. Write a linter/ruleguard to prevent pubsub.Publish from being called within a transaction.

@dannykopping dannykopping force-pushed the dk/notify-outside-tx branch from 6efe39f to ba2f90a Compare May 1, 2025 18:49
@dannykopping
chore: commentary
74f5dd7 
Signed-off-by: Danny Kopping <[email protected]>
@dannykopping
chore: polish
f6909ff 
Signed-off-by: Danny Kopping <[email protected]>
@dannykopping dannykopping marked this pull request as ready for review May 2, 2025 09:56
dannykopping
dannykopping commented May 2, 2025
View reviewed changes
Comment thread enterprise/coderd/prebuilds/reconcile.go
clock: clock,
registerer: registerer,
done: make(chan struct{}, 1),
provisionNotifyCh: make(chan database.ProvisionerJob, 10),
Copy link
Copy Markdown
Contributor Author

@dannykopping dannykopping May 2, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thumb-suck; I want to protect against temporary network/database blips but also don't want to accumulate too many messages.

johnstcn
johnstcn reviewed May 2, 2025
View reviewed changes
Comment thread enterprise/coderd/prebuilds/reconcile.go
johnstcn
johnstcn reviewed May 2, 2025
View reviewed changes
Comment thread enterprise/coderd/prebuilds/reconcile_test.go Outdated
func (*brokenPublisher) Publish(event string, _ []byte) error {
// I'm explicitly _not_ checking for EventJobPosted (coderd/database/provisionerjobs/provisionerjobs.go) since that
// requires too much knowledge of the underlying implementation.
return xerrors.Errorf("refusing to publish %q", event)
Copy link
Copy Markdown
Member

@johnstcn johnstcn May 2, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should we fail slowly instead?

e.g. <-time.After(testutil.IntervalFast)

Copy link
Copy Markdown
Contributor Author

@dannykopping dannykopping May 5, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Addressed in 9ddad0b

@evgeniy-scherbina
Copy link
Copy Markdown
Contributor

evgeniy-scherbina commented May 2, 2025
edited
Loading

@dannykopping is it possible to use another approach, and allow calling Publish from within existing transaction?
For ex.: add smth like this:

func (p *PGPubsub) PublishWithinTx(event string, message []byte, tx database.Store) error {
   tx.ExecContext(context.Background(), `select pg_notify(`+pq.QuoteLiteral(event)+`, $1)`, message)
}

Implementations which doesn't support txs may implement it:

func (p *InMemPubSub) PublishWithinTx(event string, message []byte, tx database.Store) error {
    _ = tx // ignored
   return p.PublishTx(event, message)
}

But it will require some changes in database.Store and PGPubSub

Because we impose restrictions on ourselves, every time we need to use Publish within tx - we have to come up with workaround like in this PR.

spikecurtis
spikecurtis reviewed May 5, 2025
View reviewed changes
Comment thread coderd/database/dbgen/dbgen.go Outdated
spikecurtis
spikecurtis approved these changes May 5, 2025
View reviewed changes
Copy link
Copy Markdown
Contributor

@spikecurtis spikecurtis left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@dannykopping dannykopping merged commit a646478 into main May 5, 2025
29 checks passed
@dannykopping dannykopping deleted the dk/notify-outside-tx branch May 5, 2025 09:54
@github-actions github-actions Bot locked and limited conversation to collaborators May 5, 2025
@dannykopping
Copy link
Copy Markdown
Contributor Author

dannykopping commented May 5, 2025

@dannykopping is it possible to use another approach, and allow calling Publish from within existing transaction? For ex.: add smth like this:

func (p *PGPubsub) PublishWithinTx(event string, message []byte, tx database.Store) error {
   tx.ExecContext(context.Background(), `select pg_notify(`+pq.QuoteLiteral(event)+`, $1)`, message)
}

Implementations which doesn't support txs may implement it:

func (p *InMemPubSub) PublishWithinTx(event string, message []byte, tx database.Store) error {
    _ = tx // ignored
   return p.PublishTx(event, message)
}

But it will require some changes in database.Store and PGPubSub

Because we impose restrictions on ourselves, every time we need to use Publish within tx - we have to come up with workaround like in this PR.

@evgeniy-scherbina I'll defer to @spikecurtis about your above question. However, I would imagine that we wouldn't want to overwhelm the API with knowledge of in- or out-of-transaction considerations. NOTIFYs within transactions (docs) have some semantics which may not always be desireable.

There are also some problems around 2PC ("A transaction that has executed NOTIFY cannot be prepared for two-phase commit."), and in general it just makes pubsub a bit less deterministic.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

@johnstcn johnstcn johnstcn left review comments

@spikecurtis spikecurtis spikecurtis approved these changes

@SasSwart SasSwart Awaiting requested review from SasSwart

Assignees

@dannykopping dannykopping

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@dannykopping @evgeniy-scherbina @johnstcn @spikecurtis