Restart dispatcher on connection loss

[sbezverk]

Signed-off-by: Serguei Bezverkhi sbezverk@cisco.com

xref #781

NATSS channels now recover from connection loss.

[sbezverk]

/assign @Harwayne

[Harwayne]

Add a TODO that states we should reconnect rather than restarting, but for now restarting is better than staying in a broken state forever.

[sbezverk]

Sounds good. Will do.

[Harwayne]

Looks good to me. It's not in anyway ideal, because requests from upstream will get rejected as the Pod restarts, but is distinctly better than now, where once the connection closes, the dispatcher will not work again.

I would say that this shouldn't close the bug, but should reference it. Then we still have the bug if anyone wants to tackle it.

/assign @radufa
As he did the initial NATSS work.

[sbezverk]

@Harwayne I refactored it for a dynamic reconnect. Appreciate your review and feedback.

[ghost]

Perhaps i better to use:

defer s.subscriptionsMux.Unlock()

right after Lock()

[sbezverk]

done

[Harwayne]

Is this now intended to lock s.natssConn as well?

[sbezverk]

Right, adding a separate mutex just for natssConn does not seem to be efficient.

[Harwayne]

My preference would be to have a second mux, natssConnMux for natssConn and natssConnInProgress.

[Harwayne]

NATS -> NATSS

[sbezverk]

done

[Harwayne]

NATS -> NATSS

Here and all the other comments and log lines.

[sbezverk]

done

[Harwayne]

NATS -> NATSS

And a trailing period.

[sbezverk]

done

[Harwayne]

What sets s.natssConn to nil? It looks like it will be nil when the struct is initialized, but after that, what sets it to nil?

[Harwayne]

We should probably kick off s.Connect() here and pass in the stopCh.

[sbezverk]

ok, I will give it a try.

[sbezverk]

done

[Harwayne]

My preference is to put this inside the dispatcher's Start(stopCh).

[sbezverk]

ok, I will give it a try.

[Harwayne]

I don't see this change in, did it not work?

[sbezverk]

done

[sbezverk]

@radufa I have extensively tested the latest revision, the connection get reestablished everytime. Appreciate if you try it in your test bed.

[Harwayne]

When is the lock required to be held to access or mutate s.natssConn?

[sbezverk]

The reason I did not put lock here is because the code which is setting this value is in the same goroutine. I tested this code with go tests --race it is all clean.

[Harwayne]

I don't think I follow your explanation. The only place I see s.natssConn set is connectWithRetry, is that running in this goroutine?

Based on the comment above, we only need to hold the lock while writing s.natssConn, is that why we don't grab the lock here?

[Harwayne]

This will be held for potentially a long time, is that safe? Does it need to be held when we are not actually manipulating s.natssConn?

[sbezverk]

I will move it close to the place where the value gets set.

[Harwayne]

Add a comment saying when this has to be held.

[sbezverk]

done

[sbezverk]

/test pull-knative-eventing-integration-tests

[chaodaiG]

/test pull-knative-eventing-integration-tests

[chaodaiG]

/test pull-knative-eventing-integration-tests

[Harwayne]

I don't see this change in, did it not work?

[Harwayne]

These log lines don't look like they should make it in as-is (I'm guessing is so you can find them quickly with grep).

[Harwayne]

I think this is a blocking Channel, should it be non-blocking?

If so, then the various writes to it below can be made into non-blocking writes, because as long as there is at least one item in the channel, a reconnection attempt will occur, so multiple items in the channel aren't needed.

[Harwayne]

I don't think I follow your explanation. The only place I see s.natssConn set is connectWithRetry, is that running in this goroutine?

Based on the comment above, we only need to hold the lock while writing s.natssConn, is that why we don't grab the lock here?

[Harwayne]

Save s.natssConn to a local variable so that all the checks are done against the same value (i.e. we check for nil and then use the checked object).

[Harwayne]

My preference would be to have a second mux, natssConnMux for natssConn and natssConnInProgress.

[Harwayne]

This should probably have a stop channel, even if only for the unit tests.

[sbezverk]

done

[Harwayne]

I'm not familiar with Go reflection, how does this differ from if currentNatssConn == nil three lines above?

[sbezverk]

this check helps to prevent panic when we do (*currentNattsConn).NatssCon().IsConnected(), as during debugging I cold see currentNattsConn is not nil but it point to nil interface when the connection gets lost. reflect.ValueOf allows us safely evaluate that the interface is not nil. Let me know if it makes sense.

[Harwayne]

We can be fancy and make this a non-blocking insertion. Something like replace this with s.signalReconnect() (not a good name). And then have:

func (s *SubscriptionsSupervisor) signalReconnect() {
    select {
    case s.connect <- struct{}{}:
      // Sent.
    default:
        // The Channel is already full, so a reconnection attempt will occur.
    }
}

If we do this, then all writing to the channel should be via the s.signalReconnect() function.

[sbezverk]

ok, sounds good thanks for suggestion.

[Harwayne]

s.natssConn is protected by the lock, acquire the lock before reading it.

[sbezverk]

will do

[Harwayne]

If s.natssConn is nil and s.natssConnInProgress is true, will this panic (because it tries to dereference s.natssConn)?

[sbezverk]

provided a protection against this corner case.

[sbezverk]

@Harwayne Addressed your comments.

[ghost]

I've tested the last changes, using the same scenario as discussed yesterday and it panics too, see please my last comments in #781

/hold

[ghost]

Please delete the commented line

[sbezverk]

done

[ghost]

Please change it to 1s, 60s is too big and it's the only place which creates a new connection.

[sbezverk]

done, but do you think 1 second is not too aggressive?

[ghost]

Please delete the commented line:

// currentNatssConn := s.natssConn

[sbezverk]

done

[ghost]

Please change the message too: "retrying in 1 second"

[sbezverk]

done

[ghost]

/lgtm

[ghost]

/lgtm

[Harwayne]

Let's make this non-blocking:

func (s *SubscriptionsSupervisor) signalReconnect() {
    select {
    case s.connect <- struct{}{}:
      // Sent.
    default:
        // The Channel is already full, so a reconnection attempt will occur.
    }
}

[sbezverk]

will do in the follow up PR

[Harwayne]

Add a trailing period.

[sbezverk]

done

[knative-metrics-robot]

The following is the coverage report on pkg/.
Say /test pull-knative-eventing-go-coverage to re-run this coverage report

File	Old Coverage	New Coverage	Delta
contrib/natss/pkg/dispatcher/dispatcher/dispatcher.go	56.5%	57.5%	1.0
contrib/natss/pkg/stanutil/stanutil.go	60.0%	58.6%	-1.4

[Harwayne]

/lgtm

[sbezverk]

@vaikas-google for approval

[vaikas]

/lgtm
/approve

[knative-prow-robot]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: sbezverk, vaikas-google

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS [vaikas-google]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment