fix: Add resiliency to daemon connections

kylecarbs · kylecarbs · commit bc9e96eb2f52 · 2022-04-24T23:08:36.000Z
Connections could fail when massive payloads were transmitted.
This fixes an upstream bug in dRPC where the connection would
end with a context canceled if a message was too large.

This adds retransmission of completion and failures too. If
Coder somehow loses connection with a provisioner daemon,
upon the next connection the state will be properly reported.
diff --git a/coderd/provisionerdaemons.go b/coderd/provisionerdaemons.go
@@ -17,6 +17,7 @@ import (
 	"github.com/moby/moby/pkg/namesgenerator"
 	"github.com/tabbed/pqtype"
 	"golang.org/x/xerrors"
+	protobuf "google.golang.org/protobuf/proto"
 	"nhooyr.io/websocket"
 	"storj.io/drpc/drpcmux"
 	"storj.io/drpc/drpcserver"
@@ -27,6 +28,7 @@ import (
 	"github.com/coder/coder/coderd/httpapi"
 	"github.com/coder/coder/coderd/parameter"
 	"github.com/coder/coder/provisionerd/proto"
+	"github.com/coder/coder/provisionersdk"
 	sdkproto "github.com/coder/coder/provisionersdk/proto"
 )
 
@@ -47,6 +49,8 @@ func (api *api) provisionerDaemonsListen(rw http.ResponseWriter, r *http.Request
 		})
 		return
 	}
+	// Align with the frame size of yamux.
+	conn.SetReadLimit(256 * 1024)
 
 	daemon, err := api.Database.InsertProvisionerDaemon(r.Context(), database.InsertProvisionerDaemonParams{
 		ID:           uuid.New(),
@@ -82,9 +86,17 @@ func (api *api) provisionerDaemonsListen(rw http.ResponseWriter, r *http.Request
 		_ = conn.Close(websocket.StatusInternalError, httpapi.WebsocketCloseSprintf("drpc register provisioner daemon: %s", err))
 		return
 	}
-	server := drpcserver.New(mux)
+	server := drpcserver.NewWithOptions(mux, drpcserver.Options{
+		Log: func(err error) {
+			if xerrors.Is(err, io.EOF) {
+				return
+			}
+			api.Logger.Debug(r.Context(), "drpc server error", slog.Error(err))
+		},
+	})
 	err = server.Serve(r.Context(), session)
 	if err != nil {
+		api.Logger.Debug(r.Context(), "provisioner daemon disconnected", slog.Error(err))
 		_ = conn.Close(websocket.StatusInternalError, httpapi.WebsocketCloseSprintf("serve: %s", err))
 		return
 	}
@@ -253,6 +265,9 @@ func (server *provisionerdServer) AcquireJob(ctx context.Context, _ *proto.Empty
 	default:
 		return nil, failJob(fmt.Sprintf("unsupported storage method: %s", job.StorageMethod))
 	}
+	if protobuf.Size(protoJob) > provisionersdk.MaxMessageSize {
+		return nil, failJob(fmt.Sprintf("payload was too big: %d > %d", protobuf.Size(protoJob), provisionersdk.MaxMessageSize))
+	}
 
 	return protoJob, err
 }
diff --git a/coderd/provisionerdaemons_test.go b/coderd/provisionerdaemons_test.go
@@ -0,0 +1,48 @@
+package coderd_test
+
+import (
+	"context"
+	"crypto/rand"
+	"runtime"
+	"testing"
+	"time"
+
+	"github.com/stretchr/testify/require"
+
+	"github.com/coder/coder/coderd/coderdtest"
+	"github.com/coder/coder/coderd/database"
+	"github.com/coder/coder/codersdk"
+	"github.com/coder/coder/provisionersdk"
+)
+
+func TestProvisionerDaemons(t *testing.T) {
+	t.Parallel()
+	t.Run("PayloadTooBig", func(t *testing.T) {
+		t.Parallel()
+		if runtime.GOOS == "windows" {
+			// Takes too long to allocate memory on Windows!
+			t.Skip()
+		}
+		client := coderdtest.New(t, nil)
+		user := coderdtest.CreateFirstUser(t, client)
+		coderdtest.NewProvisionerDaemon(t, client)
+		data := make([]byte, provisionersdk.MaxMessageSize)
+		rand.Read(data)
+		resp, err := client.Upload(context.Background(), codersdk.ContentTypeTar, data)
+		require.NoError(t, err)
+		t.Log(resp.Hash)
+
+		version, err := client.CreateTemplateVersion(context.Background(), user.OrganizationID, codersdk.CreateTemplateVersionRequest{
+			StorageMethod: database.ProvisionerStorageMethodFile,
+			StorageSource: resp.Hash,
+			Provisioner:   database.ProvisionerTypeEcho,
+		})
+		require.NoError(t, err)
+		require.Eventually(t, func() bool {
+			var err error
+			version, err = client.TemplateVersion(context.Background(), version.ID)
+			require.NoError(t, err)
+			return version.Job.Error != ""
+		}, 5*time.Second, 25*time.Millisecond)
+	})
+}
diff --git a/codersdk/provisionerdaemons.go b/codersdk/provisionerdaemons.go
@@ -70,8 +70,8 @@ func (c *Client) ListenProvisionerDaemon(ctx context.Context) (proto.DRPCProvisi
 		}
 		return nil, readBodyAsError(res)
 	}
-	// Allow _somewhat_ large payloads.
-	conn.SetReadLimit((1 << 20) * 2)
+	// Align with the frame size of yamux.
+	conn.SetReadLimit(256 * 1024)
 
 	config := yamux.DefaultConfig()
 	config.LogOutput = io.Discard
diff --git a/go.mod b/go.mod
@@ -17,6 +17,9 @@ replace github.com/chzyer/readline => github.com/kylecarbs/readline v0.0.0-20220
 // Required until https://github.com/briandowns/spinner/pull/136 is merged.
 replace github.com/briandowns/spinner => github.com/kylecarbs/spinner v1.18.2-0.20220329160715-20702b5af89e
 
+// Required until https://github.com/storj/drpc/pull/31 is merged.
+replace storj.io/drpc => github.com/kylecarbs/drpc v0.0.31-0.20220424193521-8ebbaf48bdff
+
 // opencensus-go leaks a goroutine by default.
 replace go.opencensus.io => github.com/kylecarbs/opencensus-go v0.23.1-0.20220307014935-4d0325a68f8b
 
diff --git a/go.sum b/go.sum
@@ -1107,6 +1107,8 @@ github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
 github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
 github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
 github.com/ktrysmt/go-bitbucket v0.6.4/go.mod h1:9u0v3hsd2rqCHRIpbir1oP7F58uo5dq19sBYvuMoyQ4=
+github.com/kylecarbs/drpc v0.0.31-0.20220424193521-8ebbaf48bdff h1:7qg425aXdULnZWCCQNPOzHO7c+M6BpbTfOUJLrk5+3w=
+github.com/kylecarbs/drpc v0.0.31-0.20220424193521-8ebbaf48bdff/go.mod h1:6rcOyR/QQkSTX/9L5ZGtlZaE2PtXTTZl8d+ulSeeYEg=
 github.com/kylecarbs/opencensus-go v0.23.1-0.20220307014935-4d0325a68f8b h1:1Y1X6aR78kMEQE1iCjQodB3lA7VO4jB88Wf8ZrzXSsA=
 github.com/kylecarbs/opencensus-go v0.23.1-0.20220307014935-4d0325a68f8b/go.mod h1:XItmlyltB5F7CS4xOC1DcqMoFqwtC6OG2xF7mCv7P7E=
 github.com/kylecarbs/readline v0.0.0-20220211054233-0d62993714c8/go.mod h1:n/KX1BZoN1m9EwoXkn/xAV4fd3k8c++gGBsgLONaPOY=
@@ -2544,5 +2546,3 @@ sigs.k8s.io/structured-merge-diff/v4 v4.0.3/go.mod h1:bJZC9H9iH24zzfZ/41RGcq60oK
 sigs.k8s.io/structured-merge-diff/v4 v4.1.0/go.mod h1:bJZC9H9iH24zzfZ/41RGcq60oK1F7G282QMXDPYydCw=
 sigs.k8s.io/yaml v1.1.0/go.mod h1:UJmg0vDUVViEyp3mgSv9WPwZCDxu4rQW1olrI1uml+o=
 sigs.k8s.io/yaml v1.2.0/go.mod h1:yfXDCHCao9+ENCvLSE62v9VSji2MKu5jeNfTrofGhJc=
-storj.io/drpc v0.0.30 h1:jqPe4T9KEu3CDBI05A2hCMgMSHLtd/E0N0yTF9QreIE=
-storj.io/drpc v0.0.30/go.mod h1:6rcOyR/QQkSTX/9L5ZGtlZaE2PtXTTZl8d+ulSeeYEg=
diff --git a/provisionerd/provisionerd.go b/provisionerd/provisionerd.go
@@ -68,8 +68,9 @@ func New(clientDialer Dialer, opts *Options) *Server {
 		clientDialer: clientDialer,
 		opts:         opts,
 
-		closeCancel: ctxCancel,
-		closed:      make(chan struct{}),
+		closeContext: ctx,
+		closeCancel:  ctxCancel,
+		closed:       make(chan struct{}),
 
 		shutdown: make(chan struct{}),
 
@@ -90,10 +91,11 @@ type Server struct {
 	client       proto.DRPCProvisionerDaemonClient
 
 	// Locked when closing the daemon.
-	closeMutex  sync.Mutex
-	closeCancel context.CancelFunc
-	closed      chan struct{}
-	closeError  error
+	closeMutex   sync.Mutex
+	closeContext context.Context
+	closeCancel  context.CancelFunc
+	closed       chan struct{}
+	closeError   error
 
 	shutdownMutex sync.Mutex
 	shutdown      chan struct{}
@@ -244,6 +246,9 @@ func (p *Server) runJob(ctx context.Context, job *proto.AcquiredJob) {
 			resp, err := p.client.UpdateJob(ctx, &proto.UpdateJobRequest{
 				JobId: job.JobId,
 			})
+			if errors.Is(err, yamux.ErrSessionShutdown) {
+				continue
+			}
 			if err != nil {
 				p.failActiveJobf("send periodic update: %s", err)
 				return
@@ -493,7 +498,7 @@ func (p *Server) runTemplateImport(ctx, shutdown context.Context, provisioner sd
 		return
 	}
 
-	_, err = p.client.CompleteJob(ctx, &proto.CompletedJob{
+	p.completeJob(&proto.CompletedJob{
 		JobId: job.JobId,
 		Type: &proto.CompletedJob_TemplateImport_{
 			TemplateImport: &proto.CompletedJob_TemplateImport{
@@ -502,10 +507,6 @@ func (p *Server) runTemplateImport(ctx, shutdown context.Context, provisioner sd
 			},
 		},
 	})
-	if err != nil {
-		p.failActiveJobf("complete job: %s", err)
-		return
-	}
 }
 
 // Parses parameter schemas from source.
@@ -729,15 +730,7 @@ func (p *Server) runWorkspaceBuild(ctx, shutdown context.Context, provisioner sd
 				return
 			}
 
-			p.opts.Logger.Info(context.Background(), "provision successful; marking job as complete",
-				slog.F("resource_count", len(msgType.Complete.Resources)),
-				slog.F("resources", msgType.Complete.Resources),
-				slog.F("state_length", len(msgType.Complete.State)),
-			)
-
-			// Complete job may need to be async if we disconnected...
-			// When we reconnect we can flush any of these cached values.
-			_, err = p.client.CompleteJob(ctx, &proto.CompletedJob{
+			p.completeJob(&proto.CompletedJob{
 				JobId: job.JobId,
 				Type: &proto.CompletedJob_WorkspaceBuild_{
 					WorkspaceBuild: &proto.CompletedJob_WorkspaceBuild{
@@ -746,11 +739,12 @@ func (p *Server) runWorkspaceBuild(ctx, shutdown context.Context, provisioner sd
 					},
 				},
 			})
-			if err != nil {
-				p.failActiveJobf("complete job: %s", err)
-				return
-			}
-			// Return so we stop looping!
+			p.opts.Logger.Info(context.Background(), "provision successful; marked job as complete",
+				slog.F("resource_count", len(msgType.Complete.Resources)),
+				slog.F("resources", msgType.Complete.Resources),
+				slog.F("state_length", len(msgType.Complete.State)),
+			)
+			// Stop looping!
 			return
 		default:
 			p.failActiveJobf("invalid message type %T received from provisioner", msg.Type)
@@ -759,6 +753,19 @@ func (p *Server) runWorkspaceBuild(ctx, shutdown context.Context, provisioner sd
 	}
 }
 
+func (p *Server) completeJob(job *proto.CompletedJob) {
+	for retrier := retry.New(25*time.Millisecond, 5*time.Second); retrier.Wait(p.closeContext); {
+		// Complete job may need to be async if we disconnected...
+		// When we reconnect we can flush any of these cached values.
+		_, err := p.client.CompleteJob(p.closeContext, job)
+		if err != nil {
+			p.opts.Logger.Warn(p.closeContext, "failed to complete job", slog.Error(err))
+			continue
+		}
+		break
+	}
+}
+
 func (p *Server) failActiveJobf(format string, args ...interface{}) {
 	p.failActiveJob(&proto.FailedJob{
 		Error: fmt.Sprintf(format, args...),
@@ -786,12 +793,18 @@ func (p *Server) failActiveJob(failedJob *proto.FailedJob) {
 		slog.F("job_id", p.jobID),
 	)
 	failedJob.JobId = p.jobID
-	_, err := p.client.FailJob(context.Background(), failedJob)
-	if err != nil {
-		p.opts.Logger.Warn(context.Background(), "failed to notify of error; job is no longer running", slog.Error(err))
+	for retrier := retry.New(25*time.Millisecond, 5*time.Second); retrier.Wait(p.closeContext); {
+		_, err := p.client.FailJob(p.closeContext, failedJob)
+		if err != nil {
+			if p.isClosed() {
+				return
+			}
+			p.opts.Logger.Warn(context.Background(), "failed to notify of error; job is no longer running", slog.Error(err))
+			continue
+		}
+		p.opts.Logger.Debug(context.Background(), "marked running job as failed")
 		return
 	}
-	p.opts.Logger.Debug(context.Background(), "marked running job as failed")
 }
 
 // isClosed returns whether the API is closed or not.
diff --git a/provisionerd/provisionerd_test.go b/provisionerd/provisionerd_test.go
diff --git a/provisionersdk/transport.go b/provisionersdk/transport.go

Original file line number	Diff line number	Diff line change
`@@ -70,8 +70,8 @@ func (c *Client) ListenProvisionerDaemon(ctx context.Context) (proto.DRPCProvisi`
`70`	`70`	`}`
`71`	`71`	`return nil, readBodyAsError(res)`
`72`	`72`	`}`
`73`		`- // Allow _somewhat_ large payloads.`
`74`		`- conn.SetReadLimit((1 << 20) * 2)`
	`73`	`+ // Align with the frame size of yamux.`
	`74`	`+ conn.SetReadLimit(256 * 1024)`
`75`	`75`
`76`	`76`	`config := yamux.DefaultConfig()`
`77`	`77`	`config.LogOutput = io.Discard`