Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

construct a single PanDomainAuthSettingsRefresher per app instance #27108

Merged
merged 1 commit into from
May 3, 2024
Merged

construct a single PanDomainAuthSettingsRefresher per app instance #27108

merged 1 commit into from
May 3, 2024

Conversation

andrew-nowak
Copy link
Member

What is the value of this and can you measure success?

Fewer (hopefully no) unhealthy preview instance replacements.

What does this change?

We're seeing frequent healthcheck failures and unhealthy instances from preview since #27012
There haven't been conclusive error logs, but since that was merged there has been a substantial increase of "request timeout" and "connection refused" logs, which indicate some sort of resource exhaustion. Going through that PR I noticed that the construction of a PanDomainAuthSettingsRefresher is declared as a def (ie. function) rather than a val - which means every time the settings is referenced a new instance is constructed. Each instance on construction schedules updates to itself on a new thread pool, which means this quickly mounts up and we'll have lots of schedulers attempting to update their own instance of the refresher, clogging up memory, threads and sockets.

Instead declare as val to ensure the refresher is only constructed once per EC2 instance.

Checklist

@andrew-nowak andrew-nowak requested a review from a team as a code owner May 3, 2024 14:45
bryophyta
bryophyta approved these changes May 3, 2024
View reviewed changes
Copy link
Contributor

@bryophyta bryophyta left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

great spot! I note that there are a couple of other uses of def for pandomainSettings in other projects (though not many) so assuming this fixes the issue here we should possibly look at those uses, too?

@andrew-nowak andrew-nowak merged commit d2cb3df into main May 3, 2024
3 checks passed
@andrew-nowak andrew-nowak deleted the an/construct-fewer-panda-settings branch May 3, 2024 14:59
@prout-bot
Copy link
Collaborator

Seen on FRONTS-PROD (merged by @andrew-nowak 12 minutes and 18 seconds ago)

@prout-bot
Copy link
Collaborator

Overdue on ADMIN-PROD (merged by @andrew-nowak 30 minutes and 7 seconds ago) What's gone wrong?

@andrew-nowak andrew-nowak mentioned this pull request May 3, 2024
Merged
7 tasks
@prout-bot
Copy link
Collaborator

Seen on ADMIN-PROD (merged by @andrew-nowak 100 hours, 37 minutes and 56 seconds ago)

@rtyley
Copy link
Member

rtyley commented Sep 19, 2024
edited
Loading

I note that there are a couple of other uses of def for pandomainSettings in other projects (though not many) so assuming this fixes the issue here we should possibly look at those uses, too?

Panda v6 goes a bit further by including this PR:

...which forces any code overriding the panDomainSettings field in the AuthActions trait to use val rather than def, so they no longer have the option to do wrong thing 😄

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@alinaboghiu alinaboghiu alinaboghiu approved these changes

@bryophyta bryophyta bryophyta approved these changes

Assignees
No one assigned
Labels
Seen-on-ADMIN-PROD Seen-on-FRONTS-PROD
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@andrew-nowak @prout-bot @rtyley @alinaboghiu @bryophyta