[BUG] Substantial performance degradation on TCP transport after transport refactor #61656
Comments
|
I'm willing to write PR to address these changes, as discussed on Slack with @waynew but I would definitely need some directions from Salt engineering team (FYI @dwoz ) as any of the options I can think of are not ideal. The easiest option would be to change the Second option would be to pass the Third option would be to wrap around the present callback and essentially maintain copy of the present dict in TCP transport. Whle this is independent on other transports, it brings additional memory load to the master process. What do you think? |
|
@lukasraska Here is a lightly tested patch. It should get you pointed in the right direction. |
Description
The big transport refactor (#61450) that was meant to decouple some general logic from transport and easy the implementation of new transport methods brought an unwanted performance degradation to TCP transport.
In particular the performance degradation can be seen when new job is published to specific minion (
target_lst) instead of broadcast. The previous logic for publishing job was pretty straightforward (https://github.com/saltstack/salt/blob/v3004/salt/transport/tcp.py#L1517 ):topic_lstwas passed (this contains list of all minions the job is meant for)While after the refactor the logic is mostly the opposite (https://github.com/saltstack/salt/blob/master/salt/transport/tcp.py#L910):
topic_lstwas passedIn practice this means that if there is 10k connected minions and new job should be published to just one single minion, it's immediate (one iteration through
topic_lstloop and lookup in dict), while after the refactor the worst case scenario is 10k iterations of the clients loop. If we publish job to multiple minions, this just gets worse. For 5k minions in a job in 10k minion setup, the previous complexity would be mostly equal to number of minions in a job, while now it's number of minions in a job times number of connected clients.The source of the issue stems from how the clients are looked up and how authentication mechanism works in Salt:
self.clientsset (https://github.com/saltstack/salt/blob/master/salt/transport/tcp.py#L905, https://github.com/saltstack/salt/blob/v3004/salt/transport/tcp.py#L1512)presentdict => while in the previous version this dict was present directly in the transport internals, now it's decoupled and part of server channelpresence_callback(https://github.com/saltstack/salt/blob/master/salt/channel/server.py#L701)presencedictionary, performing dict lookup, while now it's not available to the TCP transport classesThis also brings additional DDOS-type of issue when one can write simple TCP client that just connects to the master without any extra steps (just hanging the connection) -> the TCP client would be accounted for in the publish loop, instead of relying on the presence dictionary.
Setup
(Please provide relevant configs and/or SLS files (be sure to remove sensitive info. There is no general set-up of Salt.)
Any new Salt Master using TCP transport.
Please be as specific as possible and give set-up details.
Steps to Reproduce the behavior
See above
Expected behavior
Publish of single job on master with 10k minions doesn't take dozens of seconds.
Screenshots
n/a
Versions Report
n/a, latest master branch
Additional context
n/a
The text was updated successfully, but these errors were encountered: