ecds: rationalize ownership #19630
ecds: rationalize ownership #19630
Conversation
|
Several high level questions
From the perspective of lifetime, this is the right move. It's a interface change to the component which may use context. I guess if the compile succeeds it should be ok? There is some stats scope change along with the context. Perhaps it should be reflected in the release log.
isShutdown seems right in this case. However, there is another corner case that is unrelated to shutdown: |
Would it be fair to add that ECDS stats now bind to server scope so are not cleared when listeners are removed?
|
I don't have the answer. |
Scopes are derived from server factory context in this PR, so it's not tied to listener one. However, we still carry on stats_prefix from the listener even when listeners for the subscription change. I suppose we can change that so that the stat prefix for ECDS is completely decoupled from listeners. |
kyessenov
changed the title
Signed-off-by: Kuat Yessenov <kuat@google.com>
|
/assign-from @envoyproxy/first-pass-reviewers |
|
@envoyproxy/first-pass-reviewers assignee is @adisuissa |
You are right. The on-main-thread callback is not associated with the slot. Sorry for the churn |
|
@adisuissa can you review this one please? |
|
Thanks for working on this @kyessenov! BTW: I think that this PR also fixes #19628. |
|
Gentle ping for a review. This is destabilizing Wasm APIs in Istio. |
| @@ -160,8 +151,7 @@ void FilterConfigSubscription::onConfigUpdate( | |||
| last_config_hash_ = 0; | |||
| last_config_ = nullptr; | |||
| last_type_url_ = ""; | |||
| last_filter_is_terminal_ = false; | |||
| last_filter_name_ = ""; | |||
| last_factory_name_ = ""; | |||
There was a problem hiding this comment.
nit: add last_version_info_ = "";
| ASSERT_TRUE(response->complete()); | ||
| EXPECT_EQ("200", response->headers().getStatusValue()); | ||
| } | ||
| } |
There was a problem hiding this comment.
nit: codec_client_->close();
|
|
||
| const std::string stat_prefix_; | ||
| Server::Configuration::FactoryContext& factory_context_; | ||
| std::shared_ptr<MainConfig> main_config_; |
There was a problem hiding this comment.
I'm not certain that shared_ptr makes a difference in this case.
IIUC the only update is on the pointed object (current_config_), which would be overrun whether this is a shared pointer or not.
There was a problem hiding this comment.
During destruction, main_config is shared with the runOnAllThreads callbacks which guarantees that the last reference is deleted on the main thread. That ensures that the inner config is always deleted on the main thread, which is necessary if the inner config has its own TLS.
There was a problem hiding this comment.
I see, thanks for clarification.
| @@ -731,5 +731,59 @@ TEST_P(ExtensionDiscoveryIntegrationTest, BasicFailTerminalFilterNotAtEndOfFilte | |||
| EXPECT_EQ("500", response->headers().getStatusValue()); | |||
| } | |||
|
|
|||
| // Validate that deleting listeners does not break active ECDS subscription. | |||
| TEST_P(ExtensionDiscoveryIntegrationTest, ReloadBoth) { | |||
There was a problem hiding this comment.
I understand that this is not part of this PR, but I think that the current integration test doesn't exercise the onConfigRemoved path because the test doesn't use delta-xDS.
There was a problem hiding this comment.
Ack, let's do this separately since this looks like some existing debt.
Signed-off-by: Kuat Yessenov <kuat@google.com>
|
|
||
| const std::string stat_prefix_; | ||
| Server::Configuration::FactoryContext& factory_context_; | ||
| std::shared_ptr<MainConfig> main_config_; |
There was a problem hiding this comment.
I see, thanks for clarification.
|
@envoyproxy/senior-maintainers assignee is @snowp |
|
/retest |
|
Retrying Azure Pipelines: |
|
Another gentle ping for a crash fix. |
- Update `ENVOY_COMMIT` to the latest Envoy's commit envoyproxy/envoy#19630 - Sync the `.bazelrc` to the current Envoy's version. - Update pool stream interface according to envoyproxy/envoy#19388 using reasonable defaults. H3 early send feature maybe adopted in the future, but is not in the scope of this PR. - Added a hack to prevent integration tests from failing due to a non-empty error log. logging introduced in envoyproxy/envoy@027d6ca appears to be purely informational and should be fixed upstream envoyproxy/envoy#19964 Signed-off-by: tomjzzhang <4367421+tomjzzhang@users.noreply.github.com>
Signed-off-by: Kuat Yessenov kuat@google.com
Commit Message: Rationalize ownership of config providers and subscriptions.
Additional Description: This should fix issue #14930.
The root cause is unclear ownership of config between listeners and subscriptions (which are shared and operate separately).
The bug is triggered when multiple churning listeners reference the same ECDS resource, while at the same time ECDS pushes updates to it.
This PR fixes most issues discovered:
onConfigUpdatecall on a worker does not reference the dynamic config provider as it is owned by a listener and may go away afteronConfigUpdatebut before all workers process the event. The solution is to create a shared pointer intermediary that can outlast the dynamic config provider.isShutdownaccessor to avoid an assertion failure during process shutdown.Risk Level: medium
Testing: black box integration test over long time with racey xDS, unit, added integration test
Docs Changes: none
Release Notes: none