xcflushd 1.1.0 → 1.2.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 8ce36d38201d9c3738a277cddbbae9b1f7a79a05
-  data.tar.gz: bddd1d1f27f34ded85d5d8cebeeced9b292ac7f0
+  metadata.gz: 19c512d589477a74d1ade15d47a120f089f8955d
+  data.tar.gz: 0d3b16a8a1127980a9e36f126855686fd2f3958c
 SHA512:
-  metadata.gz: d4f02d26ef2fb8cdf559b5741f6c514df6a63b5a071618cc7048138ee43003d5717de46cc57c60a93d0337b46066038a58d0c3521328a890470d219609b50a3c
-  data.tar.gz: 8f01cfd539c1e763288f9149efa16755b05edaeb22c5d29bdae7baac6df13e1a0310e20b11cc99ce831ad3fa4b81c44da5680ea398fcb2a54b028c2090765f09
+  metadata.gz: 9a06128d9b86a58539faf979fa6456ad39f7be4e1fc85b2191983c534e417a7ab5d9af625ca4ac068bc6d0293c145c4030dd12eb8f3c5bbb5b5273db9bb73d53
+  data.tar.gz: c3fbc3c768d11fd0a00c6c7853d564541e7821015d9922588f93faf6d0125e671d53bed208ebdabd0d97fa1e430af61beb7bb08fa1e75d7c52bfcd4d913c587e

data/CHANGELOG.md

@@ -1,3 +1,15 @@
+## [1.2.0] - 2017-06-21
+
+Note: this version requires Apicast-XC >= v1.3.0.
+
+- The priority auth renewer now only publishes each response in the redis
+  pubsub channel once, unless there is an error while publishing.
+  We were publishing each response several times, but that was because of a
+  race condition caused by Apicast-XC that has been fixed. This change improves
+  performance a bit because it lowers the number of commands issued to Redis.
+- Introduced minor changes in the Dockerfile that decrease the image size.
+
+
 ## [1.1.0] - 2017-05-02
 - Switched from MRI to JRuby. our tests show that JRuby performs better than
   MRI when there is a high number of calls to be made to 3scale's backend in a

data/Dockerfile

@@ -33,7 +33,7 @@ RUN echo "Acquire::http {No-Cache=True;};" > /etc/apt/apt.conf.d/no-cache \
  && chown -R ${USER_NAME}: ${USER_HOME} \
  && apt-get -y -q clean
 
-RUN apt-get install -y -q openjdk-8-jre
+RUN apt-get install -y -q openjdk-8-jre && apt-get -y -q clean
 
 USER ${USER_NAME}
 
@@ -67,7 +67,7 @@ ARG BUILD_DEPS="libyaml-dev libreadline-dev libncurses-dev libffi-dev libgdbm3 l
 USER root
 RUN test -z "${BUILD_DEPS}" \
  || ( \
-      apt-get update && apt-get install -y -q ${BUILD_DEPS} \
+      apt-get update && apt-get install -y -q ${BUILD_DEPS} && apt-get -y -q clean \
     )
 
 WORKDIR ${APP_HOME}
@@ -81,7 +81,8 @@ RUN rbenv install -s \
  && gem update --system  \
  && ( bundler --version || gem install bundler ) \
  && bundle config --global jobs `grep -c processor /proc/cpuinfo` \
- && bundle config --global cache_all true
+ && bundle config --global cache_all true \
+ && gem cleanup all
 
 COPY Gemfile Gemfile.lock xcflushd.gemspec ${APP_HOME}/
 COPY lib/xcflushd/version.rb ${APP_HOME}/lib/xcflushd/

data/Gemfile.lock

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    xcflushd (1.1.0)
+    xcflushd (1.2.0)
       3scale_client (~> 2.11)
       concurrent-ruby (~> 1.0.5)
       daemons (~> 1.2.4)

data/lib/xcflushd/priority_auth_renewer.rb

@@ -149,7 +149,7 @@ module Xcflushd
         # in the auths that failed. Also, as we do not publish anything when
         # there is an error, the subscriber waits until it timeouts.
         # This is good enough for now, but there is room for improvement.
-        publish_auth_repeatedly(combination, metric_auth) if success
+        publish_auth(combination, metric_auth) if success
       end
     end
 
@@ -173,51 +173,35 @@ module Xcflushd
                                             combination[:metric])
     end
 
-    def publish_auth_repeatedly(combination, authorization)
-      # There is a race condition here. A renew and publish task is only run
-      # when there is not another one renewing the same combination. When there
-      # is another, the incoming request does not trigger a new task, but waits
-      # for the publish below. The request could miss the published message
-      # if events happened in this order:
-      #   1) The request publishes the combination it needs in the requests
-      #      channel.
-      #   2) A new task is not executed, because there is another renewing
-      #      the same combination.
-      #   3) That task publishes the result.
-      #   4) The request subscribes to receive the result, but now it is
-      #      too late.
-      # I cannot think of an easy way to solve this. There is some time
-      # between the moment the requests performs the publish and the
-      # subscribe actions. To mitigate the problem we can publish several
-      # times during some ms. We will see if this is good enough.
-      # Trade-off: Waiting long times between publishing attempts reduces the
-      # probability of triggering the problem described. However, it also makes
-      # incoming requests slow because tasks accumulate in the thread pool
-      # waiting.
-      publish_failures = 0
-      PUBLISH_WAIT_TIMES.each do |wait_time|
-        begin
-          publish_auth(combination, authorization)
-        rescue
-          publish_failures += 1
-        end
-        sleep(wait_time)
+    def authorization_message(authorization)
+      if authorization.authorized?
+        '1'.freeze
+      else
+         authorization.reason ? "0:#{authorization.reason}" : '0'.freeze
       end
+    end
 
-      if publish_failures > 0
-        logger.warn('There was an error while publishing a response in the '\
-                    "priority channel. Combination: #{combination}".freeze)
+    def publish_message(channel, msg)
+      wait = PUBLISH_WAIT_TIMES.each
+
+      begin
+        redis_pub.publish(channel, msg)
+      rescue => e
+        begin
+          sleep wait.next
+        rescue StopIteration
+          raise e
+        end
+        retry
       end
     end
 
     def publish_auth(combination, authorization)
-      msg = if authorization.authorized?
-              '1'.freeze
-            else
-               authorization.reason ? "0:#{authorization.reason}" : '0'.freeze
-            end
-
-      redis_pub.publish(channel_for_combination(combination), msg)
+      publish_message channel_for_combination(combination),
+                      authorization_message(authorization)
+    rescue => e
+      logger.warn "cannot publish in priority channel " \
+                  "for combination #{combination}: #{e}"
     end
 
     def currently_authorizing?(channel_msg)

data/lib/xcflushd/runner.rb

@@ -33,12 +33,18 @@ module Xcflushd
         redis = Redis.new(host: redis_host, port: redis_port, driver: redis_driver)
         storage = Storage.new(redis, @logger, StorageKeys)
 
+        # The 3scale client shows a warning when using provider keys, because
+        # they are deprecated in favor of service tokens. However, we need to
+        # continue using provider keys, so we set warn_deprecated to false to
+        # avoid generating unnecessary warnings.
         threescale = ThreeScale::Client.new(provider_key: opts[:provider_key],
                                             host: opts[:backend].host,
                                             port: opts[:backend].port ||
                                               (opts[:secure] ? 443 : 80),
                                             secure: opts[:secure],
-                                            persistent: true)
+                                            persistent: true,
+                                            warn_deprecated: false)
+
         reporter = Reporter.new(threescale)
         authorizer = Authorizer.new(threescale)
 

data/lib/xcflushd/storage.rb

@@ -155,8 +155,11 @@ module Xcflushd
           logger.error(SOME_REPORTS_MISSING_ERROR)
         else
           keys.each_with_index do |key, i|
-            # The usage could be empty if we failed to rename the key in the
-            # previous step. hgetall returns {} for keys that do not exist.
+            # hgetall returns {} for keys that do not exist. That can happen
+            # for 2 reasons:
+            # 1) Apicast-xc does not guarantee that a key in the set of cached
+            # reports will always exist.
+            # 2) We failed to rename the key in the previous step.
             unless usages[i].empty?
               service_id, creds = storage_keys.service_and_creds(key, suffix)
               result << { service_id: service_id,

data/lib/xcflushd/version.rb

@@ -1,3 +1,3 @@
 module Xcflushd
-  VERSION = "1.1.0"
+  VERSION = "1.2.0"
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: xcflushd
 version: !ruby/object:Gem::Version
-  version: 1.1.0
+  version: 1.2.0
 platform: ruby
 authors:
 - Alejandro Martinez Ruiz
@@ -9,7 +9,7 @@ authors:
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2017-05-02 00:00:00.000000000 Z
+date: 2017-06-21 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   requirement: !ruby/object:Gem::Requirement
@@ -265,7 +265,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project:
-rubygems_version: 2.6.12
+rubygems_version: 2.6.8
 signing_key:
 specification_version: 4
 summary: Daemon for flushing XC reports to 3scale.