core: enforce strict steps for clients reconnect #15808
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
lgfa29
force-pushed
the
b-node-status-fsm
branch
from
e1df7a0 to
2180a10
Compare
When a Nomad client that is running an allocation with `max_client_disconnect` set misses a heartbeat the Nomad server will update its status to `disconnected`. Upon reconnecting, the client will make three main RPC calls: - `Node.UpdateStatus` is used to set the client status to `ready`. - `Node.UpdateAlloc` is used to update the client-side information about allocations, such as their `ClientStatus`, task states etc. - `Node.Register` is used to upsert the entire node information, including its status. These calls are made concurrently and are also running in parallel with the scheduler. Depending on the order they run the scheduler may end up with incomplete data when reconciling allocations. For example, a client disconnects and its replacement allocation cannot be placed anywhere else, so there's a pending eval waiting for resources. When this client comes back the order of events may be: 1. Client calls `Node.UpdateStatus` and is now `ready`. 2. Scheduler reconciles allocations and places the replacement alloc to the client. The client is now assigned two allocations: the original alloc that is still `unknown` and the replacement that is `pending`. 3. Client calls `Node.UpdateAlloc` and updates the original alloc to `running`. 4. Scheduler notices too many allocs and stops the replacement. This creates unnecessary placements or, in a different order of events, may leave the job without any allocations running until the whole state is updated and reconciled. To avoid problems like this clients must update _all_ of its relevant information before they can be considered `ready` and available for scheduling. To achieve this goal the RPC endpoints mentioned above have been modified to enforce strict steps for nodes reconnecting: - `Node.Register` does not set the client status anymore. - `Node.UpdateStatus` sets the reconnecting client to the `initializing` status until it successfully calls `Node.UpdateAlloc`. These changes are done server-side to avoid the need of additional coordination between clients and servers. Clients are kept oblivious of these changes and will keep making these calls as they normally would. The verification of whether allocations have been updates is done by storing and comparing the Raft index of the last time the client missed a heartbeat and the last time it updated its allocations.
lgfa29
force-pushed
the
b-node-status-fsm
branch
from
2180a10 to
4331b7a
Compare
lgfa29
added
backport/1.3.x
lgfa29
commented
Jan 19, 2023
lgfa29
commented
Jan 19, 2023
nomad/node_endpoint_test.go
Outdated
Comment on lines
2584
to
2746
| require.ErrorContains(t, err, "not ready") | ||
| require.ErrorContains(t, err, "not allow to update allocs") |
There was a problem hiding this comment.
lgfa29
commented
Jan 19, 2023
nomad/structs/structs.go
Outdated
Comment on lines
2093
to
2095
| // LastMissedHeartbeatIndex stores the Raft index when the node | ||
| // last missed a heartbeat. | ||
| LastMissedHeartbeatIndex uint64 |
There was a problem hiding this comment.
I'm not sure how accurate this name is. It's more like the first time the node last transition to an unresponsive status, but I couldn't think of a good name for this 😅
There was a problem hiding this comment.
Yeah this name really implies to me that it's going to keep getting updated, whereas it's the index the node became unresponsive. It might be nice if we could clear the value once we're certain the node is live again, and that'd make things a little less confusing at the cost of a little extra logic to check for 0 in the UpdateStatus RPC.
There was a problem hiding this comment.
Ah good point. Resetting it zero may help to indicate that this field is sort edge triggered. I pushed a commit do just that. Thanks!
Co-authored-by: Tim Gross <[email protected]>
Update allocs and the LastAllocUpdateIndex in the same Raft transaction to avoid data inconsistency in case the UpdateAlloc request fails midway.
lgfa29
commented
Jan 21, 2023
tgross
reviewed
Jan 23, 2023
tgross
approved these changes
Jan 23, 2023
nomad/structs/structs.go
Outdated
Comment on lines
2093
to
2095
| // LastMissedHeartbeatIndex stores the Raft index when the node | ||
| // last missed a heartbeat. | ||
| LastMissedHeartbeatIndex uint64 |
There was a problem hiding this comment.
Yeah this name really implies to me that it's going to keep getting updated, whereas it's the index the node became unresponsive. It might be nice if we could clear the value once we're certain the node is live again, and that'd make things a little less confusing at the cost of a little extra logic to check for 0 in the UpdateStatus RPC.
shoenig
reviewed
Jan 24, 2023
This was referenced Jan 25, 2023
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
When a Nomad client that is running an allocation with
max_client_disconnectset misses a heartbeat the Nomad server will update its status todisconnected.Upon reconnecting, the client will make three main RPC calls:
Node.UpdateStatusis used to set the client status toready.Node.UpdateAllocis used to update the client-side information aboutallocations, such as their
ClientStatus, task states etc.Node.Registeris used to upsert the entire node information,including its status.
These calls are made concurrently and are also running in parallel with the scheduler. Depending on the order they run the scheduler may end up with incomplete data when reconciling allocations.
#15068 already enforced clients to heartbeat before updating their allocation data, but there are still scenarios that can generate wrong results.
For example, a client disconnects and its replacement allocation cannot be placed anywhere else, so there's a pending eval waiting for resources.
When this client comes back the order of events may be:
Node.UpdateStatusand is nowready.the client. The client is now assigned two allocations: the original
alloc that is still
unknownand the replacement that ispending.Node.UpdateAllocand updates the original alloc torunning.This creates unnecessary placements or, in a different order of events, may leave the job without any allocations running until the whole state is updated and reconciled.
To avoid problems like this clients must update all of its relevant information before they can be considered
readyand available for scheduling.To achieve this goal the RPC endpoints mentioned above have been modified to enforce strict steps for nodes reconnecting:
Node.Registerdoes not set the client status anymore.Node.UpdateStatussets the reconnecting client to theinitializingstatus until it successfully calls
Node.UpdateAlloc.These changes are done server-side to avoid the need of additional coordination between clients and servers. Clients are kept oblivious of these changes and will keep making these calls as they normally would.
The verification of whether allocations have been updates is done by storing and comparing the Raft index of the last time the client missed a heartbeat and the last time it updated its allocations.
Closes #15483