diff --git a/.github/actionlint.yml b/.github/actionlint.yml
index 25b2fc702a..8a4bcaf811 100644
--- a/.github/actionlint.yml
+++ b/.github/actionlint.yml
@@ -31,7 +31,7 @@ config-variables:
- NEON_PROD_AWS_ACCOUNT_ID
- PGREGRESS_PG16_PROJECT_ID
- PGREGRESS_PG17_PROJECT_ID
- - PREWARM_PGBENCH_SIZE
+ - PREWARM_PROJECT_ID
- REMOTE_STORAGE_AZURE_CONTAINER
- REMOTE_STORAGE_AZURE_REGION
- SLACK_CICD_CHANNEL_ID
diff --git a/.github/workflows/benchbase_tpcc.yml b/.github/workflows/benchbase_tpcc.yml
new file mode 100644
index 0000000000..3a36a97bb1
--- /dev/null
+++ b/.github/workflows/benchbase_tpcc.yml
@@ -0,0 +1,384 @@
+name: TPC-C like benchmark using benchbase
+
+on:
+ schedule:
+ # * is a special character in YAML so you have to quote this string
+ # ┌───────────── minute (0 - 59)
+ # │ ┌───────────── hour (0 - 23)
+ # │ │ ┌───────────── day of the month (1 - 31)
+ # │ │ │ ┌───────────── month (1 - 12 or JAN-DEC)
+ # │ │ │ │ ┌───────────── day of the week (0 - 6 or SUN-SAT)
+ - cron: '0 6 * * *' # run once a day at 6 AM UTC
+ workflow_dispatch: # adds ability to run this manually
+
+defaults:
+ run:
+ shell: bash -euxo pipefail {0}
+
+concurrency:
+ # Allow only one workflow globally because we do not want to be too noisy in production environment
+ group: benchbase-tpcc-workflow
+ cancel-in-progress: false
+
+permissions:
+ contents: read
+
+jobs:
+ benchbase-tpcc:
+ strategy:
+ fail-fast: false # allow other variants to continue even if one fails
+ matrix:
+ include:
+ - warehouses: 50 # defines number of warehouses and is used to compute number of terminals
+ max_rate: 800 # measured max TPS at scale factor based on experiments. Adjust if performance is better/worse
+ min_cu: 0.25 # simulate free tier plan (0.25 -2 CU)
+ max_cu: 2
+ - warehouses: 500 # serverless plan (2-8 CU)
+ max_rate: 2000
+ min_cu: 2
+ max_cu: 8
+ - warehouses: 1000 # business plan (2-16 CU)
+ max_rate: 2900
+ min_cu: 2
+ max_cu: 16
+ max-parallel: 1 # we want to run each workload size sequentially to avoid noisy neighbors
+ permissions:
+ contents: write
+ statuses: write
+ id-token: write # aws-actions/configure-aws-credentials
+ env:
+ PG_CONFIG: /tmp/neon/pg_install/v17/bin/pg_config
+ PSQL: /tmp/neon/pg_install/v17/bin/psql
+ PG_17_LIB_PATH: /tmp/neon/pg_install/v17/lib
+ POSTGRES_VERSION: 17
+ runs-on: [ self-hosted, us-east-2, x64 ]
+ timeout-minutes: 1440
+
+ steps:
+ - name: Harden the runner (Audit all outbound calls)
+ uses: step-security/harden-runner@4d991eb9b905ef189e4c376166672c3f2f230481 # v2.11.0
+ with:
+ egress-policy: audit
+
+ - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+
+ - name: Configure AWS credentials # necessary to download artefacts
+ uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2
+ with:
+ aws-region: eu-central-1
+ role-to-assume: ${{ vars.DEV_AWS_OIDC_ROLE_ARN }}
+ role-duration-seconds: 18000 # 5 hours is currently max associated with IAM role
+
+ - name: Download Neon artifact
+ uses: ./.github/actions/download
+ with:
+ name: neon-${{ runner.os }}-${{ runner.arch }}-release-artifact
+ path: /tmp/neon/
+ prefix: latest
+ aws-oidc-role-arn: ${{ vars.DEV_AWS_OIDC_ROLE_ARN }}
+
+ - name: Create Neon Project
+ id: create-neon-project-tpcc
+ uses: ./.github/actions/neon-project-create
+ with:
+ region_id: aws-us-east-2
+ postgres_version: ${{ env.POSTGRES_VERSION }}
+ compute_units: '[${{ matrix.min_cu }}, ${{ matrix.max_cu }}]'
+ api_key: ${{ secrets.NEON_PRODUCTION_API_KEY_4_BENCHMARKS }}
+ api_host: console.neon.tech # production (!)
+
+ - name: Initialize Neon project
+ env:
+ BENCHMARK_TPCC_CONNSTR: ${{ steps.create-neon-project-tpcc.outputs.dsn }}
+ PROJECT_ID: ${{ steps.create-neon-project-tpcc.outputs.project_id }}
+ run: |
+ echo "Initializing Neon project with project_id: ${PROJECT_ID}"
+ export LD_LIBRARY_PATH=${PG_17_LIB_PATH}
+
+ # Retry logic for psql connection with 1 minute sleep between attempts
+ for attempt in {1..3}; do
+ echo "Attempt ${attempt}/3: Creating extensions in Neon project"
+ if ${PSQL} "${BENCHMARK_TPCC_CONNSTR}" -c "CREATE EXTENSION IF NOT EXISTS neon; CREATE EXTENSION IF NOT EXISTS neon_utils;"; then
+ echo "Successfully created extensions"
+ break
+ else
+ echo "Failed to create extensions on attempt ${attempt}"
+ if [ ${attempt} -lt 3 ]; then
+ echo "Waiting 60 seconds before retry..."
+ sleep 60
+ else
+ echo "All attempts failed, exiting"
+ exit 1
+ fi
+ fi
+ done
+
+ echo "BENCHMARK_TPCC_CONNSTR=${BENCHMARK_TPCC_CONNSTR}" >> $GITHUB_ENV
+
+ - name: Generate BenchBase workload configuration
+ env:
+ WAREHOUSES: ${{ matrix.warehouses }}
+ MAX_RATE: ${{ matrix.max_rate }}
+ run: |
+ echo "Generating BenchBase configs for warehouses: ${WAREHOUSES}, max_rate: ${MAX_RATE}"
+
+ # Extract hostname and password from connection string
+ # Format: postgresql://username:password@hostname/database?params (no port for Neon)
+ HOSTNAME=$(echo "${BENCHMARK_TPCC_CONNSTR}" | sed -n 's|.*://[^:]*:[^@]*@\([^/]*\)/.*|\1|p')
+ PASSWORD=$(echo "${BENCHMARK_TPCC_CONNSTR}" | sed -n 's|.*://[^:]*:\([^@]*\)@.*|\1|p')
+
+ echo "Extracted hostname: ${HOSTNAME}"
+
+ # Use runner temp (NVMe) as working directory
+ cd "${RUNNER_TEMP}"
+
+ # Copy the generator script
+ cp "${GITHUB_WORKSPACE}/test_runner/performance/benchbase_tpc_c_helpers/generate_workload_size.py" .
+
+ # Generate configs and scripts
+ python3 generate_workload_size.py \
+ --warehouses ${WAREHOUSES} \
+ --max-rate ${MAX_RATE} \
+ --hostname ${HOSTNAME} \
+ --password ${PASSWORD} \
+ --runner-arch ${{ runner.arch }}
+
+ # Fix path mismatch: move generated configs and scripts to expected locations
+ mv ../configs ./configs
+ mv ../scripts ./scripts
+
+ - name: Prepare database (load data)
+ env:
+ WAREHOUSES: ${{ matrix.warehouses }}
+ run: |
+ cd "${RUNNER_TEMP}"
+
+ echo "Loading ${WAREHOUSES} warehouses into database..."
+
+ # Run the loader script and capture output to log file while preserving stdout/stderr
+ ./scripts/load_${WAREHOUSES}_warehouses.sh 2>&1 | tee "load_${WAREHOUSES}_warehouses.log"
+
+ echo "Database loading completed"
+
+ - name: Run TPC-C benchmark (warmup phase, then benchmark at 70% of configuredmax TPS)
+ env:
+ WAREHOUSES: ${{ matrix.warehouses }}
+ run: |
+ cd "${RUNNER_TEMP}"
+
+ echo "Running TPC-C benchmark with ${WAREHOUSES} warehouses..."
+
+ # Run the optimal rate benchmark
+ ./scripts/execute_${WAREHOUSES}_warehouses_opt_rate.sh
+
+ echo "Benchmark execution completed"
+
+ - name: Run TPC-C benchmark (warmup phase, then ramp down TPS and up again in 5 minute intervals)
+
+ env:
+ WAREHOUSES: ${{ matrix.warehouses }}
+ run: |
+ cd "${RUNNER_TEMP}"
+
+ echo "Running TPC-C ramp-down-up with ${WAREHOUSES} warehouses..."
+
+ # Run the optimal rate benchmark
+ ./scripts/execute_${WAREHOUSES}_warehouses_ramp_up.sh
+
+ echo "Benchmark execution completed"
+
+ - name: Process results (upload to test results database and generate diagrams)
+ env:
+ WAREHOUSES: ${{ matrix.warehouses }}
+ MIN_CU: ${{ matrix.min_cu }}
+ MAX_CU: ${{ matrix.max_cu }}
+ PROJECT_ID: ${{ steps.create-neon-project-tpcc.outputs.project_id }}
+ REVISION: ${{ github.sha }}
+ PERF_DB_CONNSTR: ${{ secrets.PERF_TEST_RESULT_CONNSTR }}
+ run: |
+ cd "${RUNNER_TEMP}"
+
+ echo "Creating temporary Python environment for results processing..."
+
+ # Create temporary virtual environment
+ python3 -m venv temp_results_env
+ source temp_results_env/bin/activate
+
+ # Install required packages in virtual environment
+ pip install matplotlib pandas psycopg2-binary
+
+ echo "Copying results processing scripts..."
+
+ # Copy both processing scripts
+ cp "${GITHUB_WORKSPACE}/test_runner/performance/benchbase_tpc_c_helpers/generate_diagrams.py" .
+ cp "${GITHUB_WORKSPACE}/test_runner/performance/benchbase_tpc_c_helpers/upload_results_to_perf_test_results.py" .
+
+ echo "Processing load phase metrics..."
+
+ # Find and process load log
+ LOAD_LOG=$(find . -name "load_${WAREHOUSES}_warehouses.log" -type f | head -1)
+ if [ -n "$LOAD_LOG" ]; then
+ echo "Processing load metrics from: $LOAD_LOG"
+ python upload_results_to_perf_test_results.py \
+ --load-log "$LOAD_LOG" \
+ --run-type "load" \
+ --warehouses "${WAREHOUSES}" \
+ --min-cu "${MIN_CU}" \
+ --max-cu "${MAX_CU}" \
+ --project-id "${PROJECT_ID}" \
+ --revision "${REVISION}" \
+ --connection-string "${PERF_DB_CONNSTR}"
+ else
+ echo "Warning: Load log file not found: load_${WAREHOUSES}_warehouses.log"
+ fi
+
+ echo "Processing warmup results for optimal rate..."
+
+ # Find and process warmup results
+ WARMUP_CSV=$(find results_warmup -name "*.results.csv" -type f | head -1)
+ WARMUP_JSON=$(find results_warmup -name "*.summary.json" -type f | head -1)
+
+ if [ -n "$WARMUP_CSV" ] && [ -n "$WARMUP_JSON" ]; then
+ echo "Generating warmup diagram from: $WARMUP_CSV"
+ python generate_diagrams.py \
+ --input-csv "$WARMUP_CSV" \
+ --output-svg "warmup_${WAREHOUSES}_warehouses_performance.svg" \
+ --title-suffix "Warmup at max TPS"
+
+ echo "Uploading warmup metrics from: $WARMUP_JSON"
+ python upload_results_to_perf_test_results.py \
+ --summary-json "$WARMUP_JSON" \
+ --results-csv "$WARMUP_CSV" \
+ --run-type "warmup" \
+ --min-cu "${MIN_CU}" \
+ --max-cu "${MAX_CU}" \
+ --project-id "${PROJECT_ID}" \
+ --revision "${REVISION}" \
+ --connection-string "${PERF_DB_CONNSTR}"
+ else
+ echo "Warning: Missing warmup results files (CSV: $WARMUP_CSV, JSON: $WARMUP_JSON)"
+ fi
+
+ echo "Processing optimal rate results..."
+
+ # Find and process optimal rate results
+ OPTRATE_CSV=$(find results_opt_rate -name "*.results.csv" -type f | head -1)
+ OPTRATE_JSON=$(find results_opt_rate -name "*.summary.json" -type f | head -1)
+
+ if [ -n "$OPTRATE_CSV" ] && [ -n "$OPTRATE_JSON" ]; then
+ echo "Generating optimal rate diagram from: $OPTRATE_CSV"
+ python generate_diagrams.py \
+ --input-csv "$OPTRATE_CSV" \
+ --output-svg "benchmark_${WAREHOUSES}_warehouses_performance.svg" \
+ --title-suffix "70% of max TPS"
+
+ echo "Uploading optimal rate metrics from: $OPTRATE_JSON"
+ python upload_results_to_perf_test_results.py \
+ --summary-json "$OPTRATE_JSON" \
+ --results-csv "$OPTRATE_CSV" \
+ --run-type "opt-rate" \
+ --min-cu "${MIN_CU}" \
+ --max-cu "${MAX_CU}" \
+ --project-id "${PROJECT_ID}" \
+ --revision "${REVISION}" \
+ --connection-string "${PERF_DB_CONNSTR}"
+ else
+ echo "Warning: Missing optimal rate results files (CSV: $OPTRATE_CSV, JSON: $OPTRATE_JSON)"
+ fi
+
+ echo "Processing warmup 2 results for ramp down/up phase..."
+
+ # Find and process warmup results
+ WARMUP_CSV=$(find results_warmup -name "*.results.csv" -type f | tail -1)
+ WARMUP_JSON=$(find results_warmup -name "*.summary.json" -type f | tail -1)
+
+ if [ -n "$WARMUP_CSV" ] && [ -n "$WARMUP_JSON" ]; then
+ echo "Generating warmup diagram from: $WARMUP_CSV"
+ python generate_diagrams.py \
+ --input-csv "$WARMUP_CSV" \
+ --output-svg "warmup_2_${WAREHOUSES}_warehouses_performance.svg" \
+ --title-suffix "Warmup at max TPS"
+
+ echo "Uploading warmup metrics from: $WARMUP_JSON"
+ python upload_results_to_perf_test_results.py \
+ --summary-json "$WARMUP_JSON" \
+ --results-csv "$WARMUP_CSV" \
+ --run-type "warmup" \
+ --min-cu "${MIN_CU}" \
+ --max-cu "${MAX_CU}" \
+ --project-id "${PROJECT_ID}" \
+ --revision "${REVISION}" \
+ --connection-string "${PERF_DB_CONNSTR}"
+ else
+ echo "Warning: Missing warmup results files (CSV: $WARMUP_CSV, JSON: $WARMUP_JSON)"
+ fi
+
+ echo "Processing ramp results..."
+
+ # Find and process ramp results
+ RAMPUP_CSV=$(find results_ramp_up -name "*.results.csv" -type f | head -1)
+ RAMPUP_JSON=$(find results_ramp_up -name "*.summary.json" -type f | head -1)
+
+ if [ -n "$RAMPUP_CSV" ] && [ -n "$RAMPUP_JSON" ]; then
+ echo "Generating ramp diagram from: $RAMPUP_CSV"
+ python generate_diagrams.py \
+ --input-csv "$RAMPUP_CSV" \
+ --output-svg "ramp_${WAREHOUSES}_warehouses_performance.svg" \
+ --title-suffix "ramp TPS down and up in 5 minute intervals"
+
+ echo "Uploading ramp metrics from: $RAMPUP_JSON"
+ python upload_results_to_perf_test_results.py \
+ --summary-json "$RAMPUP_JSON" \
+ --results-csv "$RAMPUP_CSV" \
+ --run-type "ramp-up" \
+ --min-cu "${MIN_CU}" \
+ --max-cu "${MAX_CU}" \
+ --project-id "${PROJECT_ID}" \
+ --revision "${REVISION}" \
+ --connection-string "${PERF_DB_CONNSTR}"
+ else
+ echo "Warning: Missing ramp results files (CSV: $RAMPUP_CSV, JSON: $RAMPUP_JSON)"
+ fi
+
+ # Deactivate and clean up virtual environment
+ deactivate
+ rm -rf temp_results_env
+ rm upload_results_to_perf_test_results.py
+
+ echo "Results processing completed and environment cleaned up"
+
+ - name: Set date for upload
+ id: set-date
+ run: echo "date=$(date +%Y-%m-%d)" >> $GITHUB_OUTPUT
+
+ - name: Configure AWS credentials # necessary to upload results
+ uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2
+ with:
+ aws-region: us-east-2
+ role-to-assume: ${{ vars.DEV_AWS_OIDC_ROLE_ARN }}
+ role-duration-seconds: 900 # 900 is minimum value
+
+ - name: Upload benchmark results to S3
+ env:
+ S3_BUCKET: neon-public-benchmark-results
+ S3_PREFIX: benchbase-tpc-c/${{ steps.set-date.outputs.date }}/${{ github.run_id }}/${{ matrix.warehouses }}-warehouses
+ run: |
+ echo "Redacting passwords from configuration files before upload..."
+
+ # Mask all passwords in XML config files
+ find "${RUNNER_TEMP}/configs" -name "*.xml" -type f -exec sed -i 's|[^<]*|redacted|g' {} \;
+
+ echo "Uploading benchmark results to s3://${S3_BUCKET}/${S3_PREFIX}/"
+
+ # Upload the entire benchmark directory recursively
+ aws s3 cp --only-show-errors --recursive "${RUNNER_TEMP}" s3://${S3_BUCKET}/${S3_PREFIX}/
+
+ echo "Upload completed"
+
+ - name: Delete Neon Project
+ if: ${{ always() }}
+ uses: ./.github/actions/neon-project-delete
+ with:
+ project_id: ${{ steps.create-neon-project-tpcc.outputs.project_id }}
+ api_key: ${{ secrets.NEON_PRODUCTION_API_KEY_4_BENCHMARKS }}
+ api_host: console.neon.tech # production (!)
\ No newline at end of file
diff --git a/.github/workflows/benchmarking.yml b/.github/workflows/benchmarking.yml
index df80bad579..c9a998bd4e 100644
--- a/.github/workflows/benchmarking.yml
+++ b/.github/workflows/benchmarking.yml
@@ -418,7 +418,7 @@ jobs:
statuses: write
id-token: write # aws-actions/configure-aws-credentials
env:
- PGBENCH_SIZE: ${{ vars.PREWARM_PGBENCH_SIZE }}
+ PROJECT_ID: ${{ vars.PREWARM_PROJECT_ID }}
POSTGRES_DISTRIB_DIR: /tmp/neon/pg_install
DEFAULT_PG_VERSION: 17
TEST_OUTPUT: /tmp/test_output
diff --git a/.github/workflows/pg-clients.yml b/.github/workflows/pg-clients.yml
index 6efe0b4c8c..b6b4eca2b8 100644
--- a/.github/workflows/pg-clients.yml
+++ b/.github/workflows/pg-clients.yml
@@ -48,8 +48,20 @@ jobs:
uses: ./.github/workflows/build-build-tools-image.yml
secrets: inherit
+ generate-ch-tmppw:
+ runs-on: ubuntu-22.04
+ outputs:
+ tmp_val: ${{ steps.pwgen.outputs.tmp_val }}
+ steps:
+ - name: Generate a random password
+ id: pwgen
+ run: |
+ set +x
+ p=$(dd if=/dev/random bs=14 count=1 2>/dev/null | base64)
+ echo tmp_val="${p//\//}" >> "${GITHUB_OUTPUT}"
+
test-logical-replication:
- needs: [ build-build-tools-image ]
+ needs: [ build-build-tools-image, generate-ch-tmppw ]
runs-on: ubuntu-22.04
container:
@@ -60,16 +72,20 @@ jobs:
options: --init --user root
services:
clickhouse:
- image: clickhouse/clickhouse-server:24.6.3.64
+ image: clickhouse/clickhouse-server:24.8
+ env:
+ CLICKHOUSE_PASSWORD: ${{ needs.generate-ch-tmppw.outputs.tmp_val }}
ports:
- 9000:9000
- 8123:8123
zookeeper:
- image: quay.io/debezium/zookeeper:2.7
+ image: quay.io/debezium/zookeeper:3.1.3.Final
ports:
- 2181:2181
+ - 2888:2888
+ - 3888:3888
kafka:
- image: quay.io/debezium/kafka:2.7
+ image: quay.io/debezium/kafka:3.1.3.Final
env:
ZOOKEEPER_CONNECT: "zookeeper:2181"
KAFKA_ADVERTISED_LISTENERS: PLAINTEXT://kafka:9092
@@ -79,7 +95,7 @@ jobs:
ports:
- 9092:9092
debezium:
- image: quay.io/debezium/connect:2.7
+ image: quay.io/debezium/connect:3.1.3.Final
env:
BOOTSTRAP_SERVERS: kafka:9092
GROUP_ID: 1
@@ -125,6 +141,7 @@ jobs:
aws-oidc-role-arn: ${{ vars.DEV_AWS_OIDC_ROLE_ARN }}
env:
BENCHMARK_CONNSTR: ${{ steps.create-neon-project.outputs.dsn }}
+ CLICKHOUSE_PASSWORD: ${{ needs.generate-ch-tmppw.outputs.tmp_val }}
- name: Delete Neon Project
if: always()
diff --git a/.github/workflows/proxy-benchmark.yml b/.github/workflows/proxy-benchmark.yml
index 0ae93ce295..e48fe41b45 100644
--- a/.github/workflows/proxy-benchmark.yml
+++ b/.github/workflows/proxy-benchmark.yml
@@ -3,7 +3,7 @@ name: Periodic proxy performance test on unit-perf-aws-arm runners
on:
push: # TODO: remove after testing
branches:
- - test-proxy-bench # Runs on pushes to branches starting with test-proxy-bench
+ - test-proxy-bench # Runs on pushes to test-proxy-bench branch
# schedule:
# * is a special character in YAML so you have to quote this string
# ┌───────────── minute (0 - 59)
@@ -32,7 +32,7 @@ jobs:
statuses: write
contents: write
pull-requests: write
- runs-on: [self-hosted, unit-perf-aws-arm]
+ runs-on: [ self-hosted, unit-perf-aws-arm ]
timeout-minutes: 60 # 1h timeout
container:
image: ghcr.io/neondatabase/build-tools:pinned-bookworm
@@ -55,30 +55,58 @@ jobs:
{
echo "PROXY_BENCH_PATH=$PROXY_BENCH_PATH"
echo "NEON_DIR=${RUNNER_TEMP}/neon"
+ echo "NEON_PROXY_PATH=${RUNNER_TEMP}/neon/bin/proxy"
echo "TEST_OUTPUT=${PROXY_BENCH_PATH}/test_output"
echo ""
} >> "$GITHUB_ENV"
- - name: Run proxy-bench
- run: ${PROXY_BENCH_PATH}/run.sh
+ - name: Cache poetry deps
+ uses: actions/cache@v4
+ with:
+ path: ~/.cache/pypoetry/virtualenvs
+ key: v2-${{ runner.os }}-${{ runner.arch }}-python-deps-bookworm-${{ hashFiles('poetry.lock') }}
- - name: Ingest Bench Results # neon repo script
+ - name: Install Python deps
+ shell: bash -euxo pipefail {0}
+ run: ./scripts/pysync
+
+ - name: show ulimits
+ shell: bash -euxo pipefail {0}
+ run: |
+ ulimit -a
+
+ - name: Run proxy-bench
+ working-directory: ${{ env.PROXY_BENCH_PATH }}
+ run: ./run.sh --with-grafana --bare-metal
+
+ - name: Ingest Bench Results
if: always()
+ working-directory: ${{ env.NEON_DIR }}
run: |
mkdir -p $TEST_OUTPUT
python $NEON_DIR/scripts/proxy_bench_results_ingest.py --out $TEST_OUTPUT
- name: Push Metrics to Proxy perf database
+ shell: bash -euxo pipefail {0}
if: always()
env:
PERF_TEST_RESULT_CONNSTR: "${{ secrets.PROXY_TEST_RESULT_CONNSTR }}"
REPORT_FROM: $TEST_OUTPUT
+ working-directory: ${{ env.NEON_DIR }}
run: $NEON_DIR/scripts/generate_and_push_perf_report.sh
- - name: Docker cleanup
- if: always()
- run: docker compose down
-
- name: Notify Failure
if: failure()
- run: echo "Proxy bench job failed" && exit 1
\ No newline at end of file
+ run: echo "Proxy bench job failed" && exit 1
+
+ - name: Cleanup Test Resources
+ if: always()
+ shell: bash -euxo pipefail {0}
+ run: |
+ # Cleanup the test resources
+ if [[ -d "${TEST_OUTPUT}" ]]; then
+ rm -rf ${TEST_OUTPUT}
+ fi
+ if [[ -d "${PROXY_BENCH_PATH}/test_output" ]]; then
+ rm -rf ${PROXY_BENCH_PATH}/test_output
+ fi
\ No newline at end of file
diff --git a/Cargo.lock b/Cargo.lock
index b35fd7d074..065e7c5bd8 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -250,11 +250,11 @@ dependencies = [
[[package]]
name = "async-lock"
-version = "3.2.0"
+version = "3.4.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "7125e42787d53db9dd54261812ef17e937c95a51e4d291373b670342fa44310c"
+checksum = "ff6e472cdea888a4bd64f342f09b3f50e1886d32afe8df3d663c01140b811b18"
dependencies = [
- "event-listener 4.0.0",
+ "event-listener 5.4.0",
"event-listener-strategy",
"pin-project-lite",
]
@@ -1483,6 +1483,7 @@ dependencies = [
"tower-http",
"tower-otel",
"tracing",
+ "tracing-appender",
"tracing-opentelemetry",
"tracing-subscriber",
"tracing-utils",
@@ -1498,9 +1499,9 @@ dependencies = [
[[package]]
name = "concurrent-queue"
-version = "2.3.0"
+version = "2.5.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "f057a694a54f12365049b0958a1685bb52d567f5593b355fbf685838e873d400"
+checksum = "4ca0197aee26d1ae37445ee532fefce43251d24cc7c166799f4d46817f1d3973"
dependencies = [
"crossbeam-utils",
]
@@ -2349,9 +2350,9 @@ checksum = "0206175f82b8d6bf6652ff7d71a1e27fd2e4efde587fd368662814d6ec1d9ce0"
[[package]]
name = "event-listener"
-version = "4.0.0"
+version = "5.4.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "770d968249b5d99410d61f5bf89057f3199a077a04d087092f58e7d10692baae"
+checksum = "3492acde4c3fc54c845eaab3eed8bd00c7a7d881f78bfc801e43a93dec1331ae"
dependencies = [
"concurrent-queue",
"parking",
@@ -2360,11 +2361,11 @@ dependencies = [
[[package]]
name = "event-listener-strategy"
-version = "0.4.0"
+version = "0.5.4"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "958e4d70b6d5e81971bebec42271ec641e7ff4e170a6fa605f2b8a8b65cb97d3"
+checksum = "8be9f3dfaaffdae2972880079a491a1a8bb7cbed0b8dd7a347f668b4150a3b93"
dependencies = [
- "event-listener 4.0.0",
+ "event-listener 5.4.0",
"pin-project-lite",
]
@@ -2639,6 +2640,20 @@ version = "0.4.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "304de19db7028420975a296ab0fcbbc8e69438c4ed254a1e41e2a7f37d5f0e0a"
+[[package]]
+name = "generator"
+version = "0.8.5"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "d18470a76cb7f8ff746cf1f7470914f900252ec36bbc40b569d74b1258446827"
+dependencies = [
+ "cc",
+ "cfg-if",
+ "libc",
+ "log",
+ "rustversion",
+ "windows 0.61.3",
+]
+
[[package]]
name = "generic-array"
version = "0.14.7"
@@ -2966,7 +2981,7 @@ checksum = "f9c7c7c8ac16c798734b8a24560c1362120597c40d5e1459f09498f8f6c8f2ba"
dependencies = [
"cfg-if",
"libc",
- "windows",
+ "windows 0.52.0",
]
[[package]]
@@ -3237,7 +3252,7 @@ dependencies = [
"iana-time-zone-haiku",
"js-sys",
"wasm-bindgen",
- "windows-core",
+ "windows-core 0.52.0",
]
[[package]]
@@ -3794,6 +3809,19 @@ version = "0.4.26"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "30bde2b3dc3671ae49d8e2e9f044c7c005836e7a023ee57cffa25ab82764bb9e"
+[[package]]
+name = "loom"
+version = "0.7.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "419e0dc8046cb947daa77eb95ae174acfbddb7673b4151f56d1eed8e93fbfaca"
+dependencies = [
+ "cfg-if",
+ "generator",
+ "scoped-tls",
+ "tracing",
+ "tracing-subscriber",
+]
+
[[package]]
name = "lru"
version = "0.12.3"
@@ -4010,6 +4038,25 @@ dependencies = [
"windows-sys 0.52.0",
]
+[[package]]
+name = "moka"
+version = "0.12.10"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "a9321642ca94a4282428e6ea4af8cc2ca4eac48ac7a6a4ea8f33f76d0ce70926"
+dependencies = [
+ "crossbeam-channel",
+ "crossbeam-epoch",
+ "crossbeam-utils",
+ "loom",
+ "parking_lot 0.12.1",
+ "portable-atomic",
+ "rustc_version",
+ "smallvec",
+ "tagptr",
+ "thiserror 1.0.69",
+ "uuid",
+]
+
[[package]]
name = "multimap"
version = "0.8.3"
@@ -5179,7 +5226,6 @@ dependencies = [
"criterion",
"env_logger",
"log",
- "memoffset 0.9.0",
"once_cell",
"postgres",
"postgres_ffi_types",
@@ -5532,7 +5578,6 @@ dependencies = [
"futures",
"gettid",
"hashbrown 0.14.5",
- "hashlink",
"hex",
"hmac",
"hostname",
@@ -5554,6 +5599,7 @@ dependencies = [
"lasso",
"measured",
"metrics",
+ "moka",
"once_cell",
"opentelemetry",
"ouroboros",
@@ -5620,6 +5666,7 @@ dependencies = [
"workspace_hack",
"x509-cert",
"zerocopy 0.8.24",
+ "zeroize",
]
[[package]]
@@ -6577,6 +6624,12 @@ dependencies = [
"pin-project-lite",
]
+[[package]]
+name = "scoped-tls"
+version = "1.0.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "e1cf6437eb19a8f4a6cc0f7dca544973b0b78843adbfeb3683d1a94a0024a294"
+
[[package]]
name = "scopeguard"
version = "1.1.0"
@@ -7427,6 +7480,12 @@ dependencies = [
"winapi",
]
+[[package]]
+name = "tagptr"
+version = "0.2.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "7b2093cf4c8eb1e67749a6762251bc9cd836b6fc171623bd0a9d324d37af2417"
+
[[package]]
name = "tar"
version = "0.4.40"
@@ -8093,11 +8152,12 @@ dependencies = [
[[package]]
name = "tracing-appender"
-version = "0.2.2"
+version = "0.2.3"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "09d48f71a791638519505cefafe162606f706c25592e4bde4d97600c0195312e"
+checksum = "3566e8ce28cc0a3fe42519fc80e6b4c943cc4c8cef275620eb8dac2d3d4e06cf"
dependencies = [
"crossbeam-channel",
+ "thiserror 1.0.69",
"time",
"tracing-subscriber",
]
@@ -8818,10 +8878,32 @@ version = "0.52.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "e48a53791691ab099e5e2ad123536d0fff50652600abaf43bbf952894110d0be"
dependencies = [
- "windows-core",
+ "windows-core 0.52.0",
"windows-targets 0.52.6",
]
+[[package]]
+name = "windows"
+version = "0.61.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "9babd3a767a4c1aef6900409f85f5d53ce2544ccdfaa86dad48c91782c6d6893"
+dependencies = [
+ "windows-collections",
+ "windows-core 0.61.2",
+ "windows-future",
+ "windows-link",
+ "windows-numerics",
+]
+
+[[package]]
+name = "windows-collections"
+version = "0.2.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "3beeceb5e5cfd9eb1d76b381630e82c4241ccd0d27f1a39ed41b2760b255c5e8"
+dependencies = [
+ "windows-core 0.61.2",
+]
+
[[package]]
name = "windows-core"
version = "0.52.0"
@@ -8831,6 +8913,86 @@ dependencies = [
"windows-targets 0.52.6",
]
+[[package]]
+name = "windows-core"
+version = "0.61.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "c0fdd3ddb90610c7638aa2b3a3ab2904fb9e5cdbecc643ddb3647212781c4ae3"
+dependencies = [
+ "windows-implement",
+ "windows-interface",
+ "windows-link",
+ "windows-result",
+ "windows-strings",
+]
+
+[[package]]
+name = "windows-future"
+version = "0.2.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "fc6a41e98427b19fe4b73c550f060b59fa592d7d686537eebf9385621bfbad8e"
+dependencies = [
+ "windows-core 0.61.2",
+ "windows-link",
+ "windows-threading",
+]
+
+[[package]]
+name = "windows-implement"
+version = "0.60.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "a47fddd13af08290e67f4acabf4b459f647552718f683a7b415d290ac744a836"
+dependencies = [
+ "proc-macro2",
+ "quote",
+ "syn 2.0.100",
+]
+
+[[package]]
+name = "windows-interface"
+version = "0.59.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "bd9211b69f8dcdfa817bfd14bf1c97c9188afa36f4750130fcdf3f400eca9fa8"
+dependencies = [
+ "proc-macro2",
+ "quote",
+ "syn 2.0.100",
+]
+
+[[package]]
+name = "windows-link"
+version = "0.1.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "5e6ad25900d524eaabdbbb96d20b4311e1e7ae1699af4fb28c17ae66c80d798a"
+
+[[package]]
+name = "windows-numerics"
+version = "0.2.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "9150af68066c4c5c07ddc0ce30421554771e528bde427614c61038bc2c92c2b1"
+dependencies = [
+ "windows-core 0.61.2",
+ "windows-link",
+]
+
+[[package]]
+name = "windows-result"
+version = "0.3.4"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "56f42bd332cc6c8eac5af113fc0c1fd6a8fd2aa08a0119358686e5160d0586c6"
+dependencies = [
+ "windows-link",
+]
+
+[[package]]
+name = "windows-strings"
+version = "0.4.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "56e6c93f3a0c3b36176cb1327a4958a0353d5d166c2a35cb268ace15e91d3b57"
+dependencies = [
+ "windows-link",
+]
+
[[package]]
name = "windows-sys"
version = "0.48.0"
@@ -8889,6 +9051,15 @@ dependencies = [
"windows_x86_64_msvc 0.52.6",
]
+[[package]]
+name = "windows-threading"
+version = "0.1.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "b66463ad2e0ea3bbf808b7f1d371311c80e115c0b71d60efc142cafbcfb057a6"
+dependencies = [
+ "windows-link",
+]
+
[[package]]
name = "windows_aarch64_gnullvm"
version = "0.48.0"
@@ -9025,6 +9196,8 @@ dependencies = [
"clap",
"clap_builder",
"const-oid",
+ "crossbeam-epoch",
+ "crossbeam-utils",
"crypto-bigint 0.5.5",
"der 0.7.8",
"deranged",
@@ -9071,6 +9244,7 @@ dependencies = [
"once_cell",
"p256 0.13.2",
"parquet",
+ "portable-atomic",
"prettyplease",
"proc-macro2",
"prost 0.13.5",
diff --git a/Cargo.toml b/Cargo.toml
index 1de261ed06..3744115ebf 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -46,10 +46,10 @@ members = [
"libs/proxy/json",
"libs/proxy/postgres-protocol2",
"libs/proxy/postgres-types2",
+ "libs/proxy/subzero_core",
"libs/proxy/tokio-postgres2",
"endpoint_storage",
"pgxn/neon/communicator",
- "proxy/subzero_core",
]
[workspace.package]
@@ -135,7 +135,7 @@ lock_api = "0.4.13"
md5 = "0.7.0"
measured = { version = "0.0.22", features=["lasso"] }
measured-process = { version = "0.0.22" }
-memoffset = "0.9"
+moka = { version = "0.12", features = ["sync"] }
nix = { version = "0.30.1", features = ["dir", "fs", "mman", "process", "socket", "signal", "poll"] }
# Do not update to >= 7.0.0, at least. The update will have a significant impact
# on compute startup metrics (start_postgres_ms), >= 25% degradation.
@@ -146,7 +146,7 @@ oid-registry = "0.7.1"
once_cell = "1.13"
opentelemetry = "0.30"
opentelemetry_sdk = "0.30"
-opentelemetry-otlp = { version = "0.30", default-features = false, features = ["http-proto", "trace", "http", "reqwest-client"] }
+opentelemetry-otlp = { version = "0.30", default-features = false, features = ["http-proto", "trace", "http", "reqwest-blocking-client"] }
opentelemetry-semantic-conventions = "0.30"
parking_lot = "0.12"
parquet = { version = "53", default-features = false, features = ["zstd"] }
@@ -224,6 +224,7 @@ tracing-log = "0.2"
tracing-opentelemetry = "0.31"
tracing-serde = "0.2.0"
tracing-subscriber = { version = "0.3", default-features = false, features = ["smallvec", "fmt", "tracing-log", "std", "env-filter", "json"] }
+tracing-appender = "0.2.3"
try-lock = "0.2.5"
test-log = { version = "0.2.17", default-features = false, features = ["log"] }
twox-hash = { version = "1.6.3", default-features = false }
@@ -234,10 +235,11 @@ uuid = { version = "1.6.1", features = ["v4", "v7", "serde"] }
walkdir = "2.3.2"
rustls-native-certs = "0.8"
whoami = "1.5.1"
-zerocopy = { version = "0.8", features = ["derive", "simd"] }
json-structural-diff = { version = "0.2.0" }
x509-cert = { version = "0.2.5" }
x509-parser = "0.16"
+zerocopy = { version = "0.8", features = ["derive", "simd"] }
+zeroize = "1.8"
## TODO replace this with tracing
env_logger = "0.11"
diff --git a/build-tools/Dockerfile b/build-tools/Dockerfile
index b5fe642e6f..87966591c1 100644
--- a/build-tools/Dockerfile
+++ b/build-tools/Dockerfile
@@ -39,13 +39,13 @@ COPY build-tools/patches/pgcopydbv017.patch /pgcopydbv017.patch
RUN if [ "${DEBIAN_VERSION}" = "bookworm" ]; then \
set -e && \
- apt update && \
- apt install -y --no-install-recommends \
+ apt-get update && \
+ apt-get install -y --no-install-recommends \
ca-certificates wget gpg && \
wget -qO - https://www.postgresql.org/media/keys/ACCC4CF8.asc | gpg --dearmor -o /usr/share/keyrings/postgresql-keyring.gpg && \
echo "deb [signed-by=/usr/share/keyrings/postgresql-keyring.gpg] http://apt.postgresql.org/pub/repos/apt bookworm-pgdg main" > /etc/apt/sources.list.d/pgdg.list && \
apt-get update && \
- apt install -y --no-install-recommends \
+ apt-get install -y --no-install-recommends \
build-essential \
autotools-dev \
libedit-dev \
@@ -89,8 +89,7 @@ RUN useradd -ms /bin/bash nonroot -b /home
# Use strict mode for bash to catch errors early
SHELL ["/bin/bash", "-euo", "pipefail", "-c"]
-RUN mkdir -p /pgcopydb/bin && \
- mkdir -p /pgcopydb/lib && \
+RUN mkdir -p /pgcopydb/{bin,lib} && \
chmod -R 755 /pgcopydb && \
chown -R nonroot:nonroot /pgcopydb
@@ -106,8 +105,8 @@ RUN echo 'Acquire::Retries "5";' > /etc/apt/apt.conf.d/80-retries && \
# 'gdb' is included so that we get backtraces of core dumps produced in
# regression tests
RUN set -e \
- && apt update \
- && apt install -y \
+ && apt-get update \
+ && apt-get install -y --no-install-recommends \
autoconf \
automake \
bison \
@@ -183,22 +182,22 @@ RUN curl -sL "https://github.com/peak/s5cmd/releases/download/v${S5CMD_VERSION}/
ENV LLVM_VERSION=20
RUN curl -fsSL 'https://apt.llvm.org/llvm-snapshot.gpg.key' | apt-key add - \
&& echo "deb http://apt.llvm.org/${DEBIAN_VERSION}/ llvm-toolchain-${DEBIAN_VERSION}-${LLVM_VERSION} main" > /etc/apt/sources.list.d/llvm.stable.list \
- && apt update \
- && apt install -y clang-${LLVM_VERSION} llvm-${LLVM_VERSION} \
+ && apt-get update \
+ && apt-get install -y --no-install-recommends clang-${LLVM_VERSION} llvm-${LLVM_VERSION} \
&& bash -c 'for f in /usr/bin/clang*-${LLVM_VERSION} /usr/bin/llvm*-${LLVM_VERSION}; do ln -s "${f}" "${f%-${LLVM_VERSION}}"; done' \
&& rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
# Install node
ENV NODE_VERSION=24
RUN curl -fsSL https://deb.nodesource.com/setup_${NODE_VERSION}.x | bash - \
- && apt install -y nodejs \
+ && apt-get install -y --no-install-recommends nodejs \
&& rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
# Install docker
RUN curl -fsSL https://download.docker.com/linux/ubuntu/gpg | gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg \
&& echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/debian ${DEBIAN_VERSION} stable" > /etc/apt/sources.list.d/docker.list \
- && apt update \
- && apt install -y docker-ce docker-ce-cli \
+ && apt-get update \
+ && apt-get install -y --no-install-recommends docker-ce docker-ce-cli \
&& rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
# Configure sudo & docker
@@ -215,12 +214,11 @@ RUN curl "https://awscli.amazonaws.com/awscli-exe-linux-$(uname -m).zip" -o "aws
# Mold: A Modern Linker
ENV MOLD_VERSION=v2.37.1
RUN set -e \
- && git clone https://github.com/rui314/mold.git \
+ && git clone -b "${MOLD_VERSION}" --depth 1 https://github.com/rui314/mold.git \
&& mkdir mold/build \
- && cd mold/build \
- && git checkout ${MOLD_VERSION} \
+ && cd mold/build \
&& cmake -DCMAKE_BUILD_TYPE=Release -DCMAKE_CXX_COMPILER=clang++ .. \
- && cmake --build . -j $(nproc) \
+ && cmake --build . -j "$(nproc)" \
&& cmake --install . \
&& cd .. \
&& rm -rf mold
@@ -254,7 +252,7 @@ ENV ICU_VERSION=67.1
ENV ICU_PREFIX=/usr/local/icu
# Download and build static ICU
-RUN wget -O /tmp/libicu-${ICU_VERSION}.tgz https://github.com/unicode-org/icu/releases/download/release-${ICU_VERSION//./-}/icu4c-${ICU_VERSION//./_}-src.tgz && \
+RUN wget -O "/tmp/libicu-${ICU_VERSION}.tgz" https://github.com/unicode-org/icu/releases/download/release-${ICU_VERSION//./-}/icu4c-${ICU_VERSION//./_}-src.tgz && \
echo "94a80cd6f251a53bd2a997f6f1b5ac6653fe791dfab66e1eb0227740fb86d5dc /tmp/libicu-${ICU_VERSION}.tgz" | sha256sum --check && \
mkdir /tmp/icu && \
pushd /tmp/icu && \
@@ -265,8 +263,7 @@ RUN wget -O /tmp/libicu-${ICU_VERSION}.tgz https://github.com/unicode-org/icu/re
make install && \
popd && \
rm -rf icu && \
- rm -f /tmp/libicu-${ICU_VERSION}.tgz && \
- popd
+ rm -f /tmp/libicu-${ICU_VERSION}.tgz
# Switch to nonroot user
USER nonroot:nonroot
@@ -279,19 +276,19 @@ ENV PYTHON_VERSION=3.11.12 \
PYENV_ROOT=/home/nonroot/.pyenv \
PATH=/home/nonroot/.pyenv/shims:/home/nonroot/.pyenv/bin:/home/nonroot/.poetry/bin:$PATH
RUN set -e \
- && cd $HOME \
+ && cd "$HOME" \
&& curl -sSO https://raw.githubusercontent.com/pyenv/pyenv-installer/master/bin/pyenv-installer \
&& chmod +x pyenv-installer \
&& ./pyenv-installer \
&& export PYENV_ROOT=/home/nonroot/.pyenv \
&& export PATH="$PYENV_ROOT/bin:$PATH" \
&& export PATH="$PYENV_ROOT/shims:$PATH" \
- && pyenv install ${PYTHON_VERSION} \
- && pyenv global ${PYTHON_VERSION} \
+ && pyenv install "${PYTHON_VERSION}" \
+ && pyenv global "${PYTHON_VERSION}" \
&& python --version \
- && pip install --upgrade pip \
+ && pip install --no-cache-dir --upgrade pip \
&& pip --version \
- && pip install pipenv wheel poetry
+ && pip install --no-cache-dir pipenv wheel poetry
# Switch to nonroot user (again)
USER nonroot:nonroot
@@ -317,13 +314,13 @@ RUN curl -sSO https://static.rust-lang.org/rustup/dist/$(uname -m)-unknown-linux
. "$HOME/.cargo/env" && \
cargo --version && rustup --version && \
rustup component add llvm-tools rustfmt clippy && \
- cargo install rustfilt --locked --version ${RUSTFILT_VERSION} && \
- cargo install cargo-hakari --locked --version ${CARGO_HAKARI_VERSION} && \
- cargo install cargo-deny --locked --version ${CARGO_DENY_VERSION} && \
- cargo install cargo-hack --locked --version ${CARGO_HACK_VERSION} && \
- cargo install cargo-nextest --locked --version ${CARGO_NEXTEST_VERSION} && \
- cargo install cargo-chef --locked --version ${CARGO_CHEF_VERSION} && \
- cargo install diesel_cli --locked --version ${CARGO_DIESEL_CLI_VERSION} \
+ cargo install rustfilt --locked --version "${RUSTFILT_VERSION}" && \
+ cargo install cargo-hakari --locked --version "${CARGO_HAKARI_VERSION}" && \
+ cargo install cargo-deny --locked --version "${CARGO_DENY_VERSION}" && \
+ cargo install cargo-hack --locked --version "${CARGO_HACK_VERSION}" && \
+ cargo install cargo-nextest --locked --version "${CARGO_NEXTEST_VERSION}" && \
+ cargo install cargo-chef --locked --version "${CARGO_CHEF_VERSION}" && \
+ cargo install diesel_cli --locked --version "${CARGO_DIESEL_CLI_VERSION}" \
--features postgres-bundled --no-default-features && \
rm -rf /home/nonroot/.cargo/registry && \
rm -rf /home/nonroot/.cargo/git
diff --git a/build-tools/package-lock.json b/build-tools/package-lock.json
index b2c44ed9b4..0d48345fd5 100644
--- a/build-tools/package-lock.json
+++ b/build-tools/package-lock.json
@@ -6,7 +6,7 @@
"": {
"name": "build-tools",
"devDependencies": {
- "@redocly/cli": "1.34.4",
+ "@redocly/cli": "1.34.5",
"@sourcemeta/jsonschema": "10.0.0"
}
},
@@ -472,9 +472,9 @@
}
},
"node_modules/@redocly/cli": {
- "version": "1.34.4",
- "resolved": "https://registry.npmjs.org/@redocly/cli/-/cli-1.34.4.tgz",
- "integrity": "sha512-seH/GgrjSB1EeOsgJ/4Ct6Jk2N7sh12POn/7G8UQFARMyUMJpe1oHtBwT2ndfp4EFCpgBAbZ/82Iw6dwczNxEA==",
+ "version": "1.34.5",
+ "resolved": "https://registry.npmjs.org/@redocly/cli/-/cli-1.34.5.tgz",
+ "integrity": "sha512-5IEwxs7SGP5KEXjBKLU8Ffdz9by/KqNSeBk6YUVQaGxMXK//uYlTJIPntgUXbo1KAGG2d2q2XF8y4iFz6qNeiw==",
"dev": true,
"license": "MIT",
"dependencies": {
@@ -484,14 +484,14 @@
"@opentelemetry/sdk-trace-node": "1.26.0",
"@opentelemetry/semantic-conventions": "1.27.0",
"@redocly/config": "^0.22.0",
- "@redocly/openapi-core": "1.34.4",
- "@redocly/respect-core": "1.34.4",
+ "@redocly/openapi-core": "1.34.5",
+ "@redocly/respect-core": "1.34.5",
"abort-controller": "^3.0.0",
"chokidar": "^3.5.1",
"colorette": "^1.2.0",
"core-js": "^3.32.1",
"dotenv": "16.4.7",
- "form-data": "^4.0.0",
+ "form-data": "^4.0.4",
"get-port-please": "^3.0.1",
"glob": "^7.1.6",
"handlebars": "^4.7.6",
@@ -522,9 +522,9 @@
"license": "MIT"
},
"node_modules/@redocly/openapi-core": {
- "version": "1.34.4",
- "resolved": "https://registry.npmjs.org/@redocly/openapi-core/-/openapi-core-1.34.4.tgz",
- "integrity": "sha512-hf53xEgpXIgWl3b275PgZU3OTpYh1RoD2LHdIfQ1JzBNTWsiNKczTEsI/4Tmh2N1oq9YcphhSMyk3lDh85oDjg==",
+ "version": "1.34.5",
+ "resolved": "https://registry.npmjs.org/@redocly/openapi-core/-/openapi-core-1.34.5.tgz",
+ "integrity": "sha512-0EbE8LRbkogtcCXU7liAyC00n9uNG9hJ+eMyHFdUsy9lB/WGqnEBgwjA9q2cyzAVcdTkQqTBBU1XePNnN3OijA==",
"dev": true,
"license": "MIT",
"dependencies": {
@@ -544,21 +544,21 @@
}
},
"node_modules/@redocly/respect-core": {
- "version": "1.34.4",
- "resolved": "https://registry.npmjs.org/@redocly/respect-core/-/respect-core-1.34.4.tgz",
- "integrity": "sha512-MitKyKyQpsizA4qCVv+MjXL4WltfhFQAoiKiAzrVR1Kusro3VhYb6yJuzoXjiJhR0ukLP5QOP19Vcs7qmj9dZg==",
+ "version": "1.34.5",
+ "resolved": "https://registry.npmjs.org/@redocly/respect-core/-/respect-core-1.34.5.tgz",
+ "integrity": "sha512-GheC/g/QFztPe9UA9LamooSplQuy9pe0Yr8XGTqkz0ahivLDl7svoy/LSQNn1QH3XGtLKwFYMfTwFR2TAYyh5Q==",
"dev": true,
"license": "MIT",
"dependencies": {
"@faker-js/faker": "^7.6.0",
"@redocly/ajv": "8.11.2",
- "@redocly/openapi-core": "1.34.4",
+ "@redocly/openapi-core": "1.34.5",
"better-ajv-errors": "^1.2.0",
"colorette": "^2.0.20",
"concat-stream": "^2.0.0",
"cookie": "^0.7.2",
"dotenv": "16.4.7",
- "form-data": "4.0.0",
+ "form-data": "^4.0.4",
"jest-diff": "^29.3.1",
"jest-matcher-utils": "^29.3.1",
"js-yaml": "4.1.0",
@@ -582,21 +582,6 @@
"dev": true,
"license": "MIT"
},
- "node_modules/@redocly/respect-core/node_modules/form-data": {
- "version": "4.0.0",
- "resolved": "https://registry.npmjs.org/form-data/-/form-data-4.0.0.tgz",
- "integrity": "sha512-ETEklSGi5t0QMZuiXoA/Q6vcnxcLQP5vdugSpuAyi6SVGi2clPPp+xgEhuMaHC+zGgn31Kd235W35f7Hykkaww==",
- "dev": true,
- "license": "MIT",
- "dependencies": {
- "asynckit": "^0.4.0",
- "combined-stream": "^1.0.8",
- "mime-types": "^2.1.12"
- },
- "engines": {
- "node": ">= 6"
- }
- },
"node_modules/@sinclair/typebox": {
"version": "0.27.8",
"resolved": "https://registry.npmjs.org/@sinclair/typebox/-/typebox-0.27.8.tgz",
@@ -1345,9 +1330,9 @@
"license": "MIT"
},
"node_modules/form-data": {
- "version": "4.0.3",
- "resolved": "https://registry.npmjs.org/form-data/-/form-data-4.0.3.tgz",
- "integrity": "sha512-qsITQPfmvMOSAdeyZ+12I1c+CKSstAFAwu+97zrnWAbIr5u8wfsExUzCesVLC8NgHuRUqNN4Zy6UPWUTRGslcA==",
+ "version": "4.0.4",
+ "resolved": "https://registry.npmjs.org/form-data/-/form-data-4.0.4.tgz",
+ "integrity": "sha512-KrGhL9Q4zjj0kiUt5OO4Mr/A/jlI2jDYs5eHBpYHPcBEVSiipAvn2Ko2HnPe20rmcuuvMHNdZFp+4IlGTMF0Ow==",
"dev": true,
"license": "MIT",
"dependencies": {
diff --git a/build-tools/package.json b/build-tools/package.json
index 000969c672..2dc1359075 100644
--- a/build-tools/package.json
+++ b/build-tools/package.json
@@ -2,7 +2,7 @@
"name": "build-tools",
"private": true,
"devDependencies": {
- "@redocly/cli": "1.34.4",
+ "@redocly/cli": "1.34.5",
"@sourcemeta/jsonschema": "10.0.0"
}
}
diff --git a/compute/vm-image-spec-bookworm.yaml b/compute/vm-image-spec-bookworm.yaml
index 267e4c83b5..5f27b6bf9d 100644
--- a/compute/vm-image-spec-bookworm.yaml
+++ b/compute/vm-image-spec-bookworm.yaml
@@ -26,7 +26,13 @@ commands:
- name: postgres-exporter
user: nobody
sysvInitAction: respawn
- shell: 'DATA_SOURCE_NAME="user=cloud_admin sslmode=disable dbname=postgres application_name=postgres-exporter pgaudit.log=none" /bin/postgres_exporter --config.file=/etc/postgres_exporter.yml'
+ # Turn off database collector (`--no-collector.database`), we don't use `pg_database_size_bytes` metric anyway, see
+ # https://github.com/neondatabase/flux-fleet/blob/5e19b3fd897667b70d9a7ad4aa06df0ca22b49ff/apps/base/compute-metrics/scrape-compute-pg-exporter-neon.yaml#L29
+ # but it's enabled by default and it doesn't filter out invalid databases, see
+ # https://github.com/prometheus-community/postgres_exporter/blob/06a553c8166512c9d9c5ccf257b0f9bba8751dbc/collector/pg_database.go#L67
+ # so if it hits one, it starts spamming logs
+ # ERROR: [NEON_SMGR] [reqid d9700000018] could not read db size of db 705302 from page server at lsn 5/A2457EB0
+ shell: 'DATA_SOURCE_NAME="user=cloud_admin sslmode=disable dbname=postgres application_name=postgres-exporter pgaudit.log=none" /bin/postgres_exporter --no-collector.database --config.file=/etc/postgres_exporter.yml'
- name: pgbouncer-exporter
user: postgres
sysvInitAction: respawn
diff --git a/compute/vm-image-spec-bullseye.yaml b/compute/vm-image-spec-bullseye.yaml
index 2b6e77b656..cf26ace72a 100644
--- a/compute/vm-image-spec-bullseye.yaml
+++ b/compute/vm-image-spec-bullseye.yaml
@@ -26,7 +26,13 @@ commands:
- name: postgres-exporter
user: nobody
sysvInitAction: respawn
- shell: 'DATA_SOURCE_NAME="user=cloud_admin sslmode=disable dbname=postgres application_name=postgres-exporter pgaudit.log=none" /bin/postgres_exporter --config.file=/etc/postgres_exporter.yml'
+ # Turn off database collector (`--no-collector.database`), we don't use `pg_database_size_bytes` metric anyway, see
+ # https://github.com/neondatabase/flux-fleet/blob/5e19b3fd897667b70d9a7ad4aa06df0ca22b49ff/apps/base/compute-metrics/scrape-compute-pg-exporter-neon.yaml#L29
+ # but it's enabled by default and it doesn't filter out invalid databases, see
+ # https://github.com/prometheus-community/postgres_exporter/blob/06a553c8166512c9d9c5ccf257b0f9bba8751dbc/collector/pg_database.go#L67
+ # so if it hits one, it starts spamming logs
+ # ERROR: [NEON_SMGR] [reqid d9700000018] could not read db size of db 705302 from page server at lsn 5/A2457EB0
+ shell: 'DATA_SOURCE_NAME="user=cloud_admin sslmode=disable dbname=postgres application_name=postgres-exporter pgaudit.log=none" /bin/postgres_exporter --no-collector.database --config.file=/etc/postgres_exporter.yml'
- name: pgbouncer-exporter
user: postgres
sysvInitAction: respawn
diff --git a/compute_tools/Cargo.toml b/compute_tools/Cargo.toml
index 496471acc7..558760b0ad 100644
--- a/compute_tools/Cargo.toml
+++ b/compute_tools/Cargo.toml
@@ -62,6 +62,7 @@ tokio-stream.workspace = true
tonic.workspace = true
tower-otel.workspace = true
tracing.workspace = true
+tracing-appender.workspace = true
tracing-opentelemetry.workspace = true
tracing-subscriber.workspace = true
tracing-utils.workspace = true
diff --git a/compute_tools/README.md b/compute_tools/README.md
index 49f1368f0e..e92e5920b9 100644
--- a/compute_tools/README.md
+++ b/compute_tools/README.md
@@ -52,8 +52,14 @@ stateDiagram-v2
Init --> Running : Started Postgres
Running --> TerminationPendingFast : Requested termination
Running --> TerminationPendingImmediate : Requested termination
+ Running --> ConfigurationPending : Received a /configure request with spec
+ Running --> RefreshConfigurationPending : Received a /refresh_configuration request, compute node will pull a new spec and reconfigure
+ RefreshConfigurationPending --> RefreshConfiguration: Received compute spec and started configuration
+ RefreshConfiguration --> Running : Compute has been re-configured
+ RefreshConfiguration --> RefreshConfigurationPending : Configuration failed and to be retried
TerminationPendingFast --> Terminated compute with 30s delay for cplane to inspect status
TerminationPendingImmediate --> Terminated : Terminated compute immediately
+ Failed --> RefreshConfigurationPending : Received a /refresh_configuration request
Failed --> [*] : Compute exited
Terminated --> [*] : Compute exited
```
diff --git a/compute_tools/src/bin/compute_ctl.rs b/compute_tools/src/bin/compute_ctl.rs
index 04723d6f3d..9c86aba531 100644
--- a/compute_tools/src/bin/compute_ctl.rs
+++ b/compute_tools/src/bin/compute_ctl.rs
@@ -49,9 +49,10 @@ use compute_tools::compute::{
BUILD_TAG, ComputeNode, ComputeNodeParams, forward_termination_signal,
};
use compute_tools::extension_server::get_pg_version_string;
-use compute_tools::logger::*;
use compute_tools::params::*;
+use compute_tools::pg_isready::get_pg_isready_bin;
use compute_tools::spec::*;
+use compute_tools::{hadron_metrics, installed_extensions, logger::*};
use rlimit::{Resource, setrlimit};
use signal_hook::consts::{SIGINT, SIGQUIT, SIGTERM};
use signal_hook::iterator::Signals;
@@ -194,11 +195,19 @@ fn main() -> Result<()> {
.build()?;
let _rt_guard = runtime.enter();
- let tracing_provider = init(cli.dev)?;
+ let mut log_dir = None;
+ if cli.lakebase_mode {
+ log_dir = std::env::var("COMPUTE_CTL_LOG_DIRECTORY").ok();
+ }
+
+ let (tracing_provider, _file_logs_guard) = init(cli.dev, log_dir)?;
// enable core dumping for all child processes
setrlimit(Resource::CORE, rlimit::INFINITY, rlimit::INFINITY)?;
+ installed_extensions::initialize_metrics();
+ hadron_metrics::initialize_metrics();
+
let connstr = Url::parse(&cli.connstr).context("cannot parse connstr as a URL")?;
let config = get_config(&cli)?;
@@ -226,7 +235,12 @@ fn main() -> Result<()> {
cli.installed_extensions_collection_interval,
)),
pg_init_timeout: cli.pg_init_timeout.map(Duration::from_secs),
+ pg_isready_bin: get_pg_isready_bin(&cli.pgbin),
+ instance_id: std::env::var("INSTANCE_ID").ok(),
lakebase_mode: cli.lakebase_mode,
+ build_tag: BUILD_TAG.to_string(),
+ control_plane_uri: cli.control_plane_uri,
+ config_path_test_only: cli.config,
},
config,
)?;
@@ -238,8 +252,14 @@ fn main() -> Result<()> {
deinit_and_exit(tracing_provider, exit_code);
}
-fn init(dev_mode: bool) -> Result> {
- let provider = init_tracing_and_logging(DEFAULT_LOG_LEVEL)?;
+fn init(
+ dev_mode: bool,
+ log_dir: Option,
+) -> Result<(
+ Option,
+ Option,
+)> {
+ let (provider, file_logs_guard) = init_tracing_and_logging(DEFAULT_LOG_LEVEL, &log_dir)?;
let mut signals = Signals::new([SIGINT, SIGTERM, SIGQUIT])?;
thread::spawn(move || {
@@ -250,7 +270,7 @@ fn init(dev_mode: bool) -> Result> {
info!("compute build_tag: {}", &BUILD_TAG.to_string());
- Ok(provider)
+ Ok((provider, file_logs_guard))
}
fn get_config(cli: &Cli) -> Result {
diff --git a/compute_tools/src/compute.rs b/compute_tools/src/compute.rs
index b4d7a6fca9..f53adbb1df 100644
--- a/compute_tools/src/compute.rs
+++ b/compute_tools/src/compute.rs
@@ -21,6 +21,7 @@ use postgres::NoTls;
use postgres::error::SqlState;
use remote_storage::{DownloadError, RemotePath};
use std::collections::{HashMap, HashSet};
+use std::ffi::OsString;
use std::os::unix::fs::{PermissionsExt, symlink};
use std::path::Path;
use std::process::{Command, Stdio};
@@ -40,8 +41,9 @@ use utils::shard::{ShardCount, ShardIndex, ShardNumber};
use crate::configurator::launch_configurator;
use crate::disk_quota::set_disk_quota;
+use crate::hadron_metrics::COMPUTE_ATTACHED;
use crate::installed_extensions::get_installed_extensions;
-use crate::logger::startup_context_from_env;
+use crate::logger::{self, startup_context_from_env};
use crate::lsn_lease::launch_lsn_lease_bg_task_for_static;
use crate::metrics::COMPUTE_CTL_UP;
use crate::monitor::launch_monitor;
@@ -113,11 +115,17 @@ pub struct ComputeNodeParams {
/// Interval for installed extensions collection
pub installed_extensions_collection_interval: Arc,
-
+ /// Hadron instance ID of the compute node.
+ pub instance_id: Option,
/// Timeout of PG compute startup in the Init state.
pub pg_init_timeout: Option,
-
+ // Path to the `pg_isready` binary.
+ pub pg_isready_bin: String,
pub lakebase_mode: bool,
+
+ pub build_tag: String,
+ pub control_plane_uri: Option,
+ pub config_path_test_only: Option,
}
type TaskHandle = Mutex>>;
@@ -405,6 +413,52 @@ struct StartVmMonitorResult {
vm_monitor: Option>>,
}
+/// Databricks-specific environment variables to be passed to the `postgres` sub-process.
+pub struct DatabricksEnvVars {
+ /// The Databricks "endpoint ID" of the compute instance. Used by `postgres` to check
+ /// the token scopes of internal auth tokens.
+ pub endpoint_id: String,
+ /// Hostname of the Databricks workspace URL this compute instance belongs to.
+ /// Used by postgres to verify Databricks PAT tokens.
+ pub workspace_host: String,
+}
+
+impl DatabricksEnvVars {
+ pub fn new(compute_spec: &ComputeSpec, compute_id: Option<&String>) -> Self {
+ // compute_id is a string format of "{endpoint_id}/{compute_idx}"
+ // endpoint_id is a uuid. We only need to pass down endpoint_id to postgres.
+ // Panics if compute_id is not set or not in the expected format.
+ let endpoint_id = compute_id.unwrap().split('/').next().unwrap().to_string();
+ let workspace_host = compute_spec
+ .databricks_settings
+ .as_ref()
+ .map(|s| s.databricks_workspace_host.clone())
+ .unwrap_or("".to_string());
+ Self {
+ endpoint_id,
+ workspace_host,
+ }
+ }
+
+ /// Constants for the names of Databricks-specific postgres environment variables.
+ const DATABRICKS_ENDPOINT_ID_ENVVAR: &'static str = "DATABRICKS_ENDPOINT_ID";
+ const DATABRICKS_WORKSPACE_HOST_ENVVAR: &'static str = "DATABRICKS_WORKSPACE_HOST";
+
+ /// Convert DatabricksEnvVars to a list of string pairs that can be passed as env vars. Consumes `self`.
+ pub fn to_env_var_list(self) -> Vec<(String, String)> {
+ vec![
+ (
+ Self::DATABRICKS_ENDPOINT_ID_ENVVAR.to_string(),
+ self.endpoint_id.clone(),
+ ),
+ (
+ Self::DATABRICKS_WORKSPACE_HOST_ENVVAR.to_string(),
+ self.workspace_host.clone(),
+ ),
+ ]
+ }
+}
+
impl ComputeNode {
pub fn new(params: ComputeNodeParams, config: ComputeConfig) -> Result {
let connstr = params.connstr.as_str();
@@ -486,6 +540,7 @@ impl ComputeNode {
port: this.params.external_http_port,
config: this.compute_ctl_config.clone(),
compute_id: this.params.compute_id.clone(),
+ instance_id: this.params.instance_id.clone(),
}
.launch(&this);
@@ -1402,6 +1457,8 @@ impl ComputeNode {
let pgdata_path = Path::new(&self.params.pgdata);
let tls_config = self.tls_config(&pspec.spec);
+ let databricks_settings = spec.databricks_settings.as_ref();
+ let postgres_port = self.params.connstr.port();
// Remove/create an empty pgdata directory and put configuration there.
self.create_pgdata()?;
@@ -1409,8 +1466,11 @@ impl ComputeNode {
pgdata_path,
&self.params,
&pspec.spec,
+ postgres_port,
self.params.internal_http_port,
tls_config,
+ databricks_settings,
+ self.params.lakebase_mode,
)?;
// Syncing safekeepers is only safe with primary nodes: if a primary
@@ -1450,8 +1510,28 @@ impl ComputeNode {
)
})?;
- // Update pg_hba.conf received with basebackup.
- update_pg_hba(pgdata_path, None)?;
+ if let Some(settings) = databricks_settings {
+ copy_tls_certificates(
+ &settings.pg_compute_tls_settings.key_file,
+ &settings.pg_compute_tls_settings.cert_file,
+ pgdata_path,
+ )?;
+
+ // Update pg_hba.conf received with basebackup including additional databricks settings.
+ update_pg_hba(pgdata_path, Some(&settings.databricks_pg_hba))?;
+ update_pg_ident(pgdata_path, Some(&settings.databricks_pg_ident))?;
+ } else {
+ // Update pg_hba.conf received with basebackup.
+ update_pg_hba(pgdata_path, None)?;
+ }
+
+ if let Some(databricks_settings) = spec.databricks_settings.as_ref() {
+ copy_tls_certificates(
+ &databricks_settings.pg_compute_tls_settings.key_file,
+ &databricks_settings.pg_compute_tls_settings.cert_file,
+ pgdata_path,
+ )?;
+ }
// Place pg_dynshmem under /dev/shm. This allows us to use
// 'dynamic_shared_memory_type = mmap' so that the files are placed in
@@ -1564,14 +1644,31 @@ impl ComputeNode {
pub fn start_postgres(&self, storage_auth_token: Option) -> Result {
let pgdata_path = Path::new(&self.params.pgdata);
+ let env_vars: Vec<(String, String)> = if self.params.lakebase_mode {
+ let databricks_env_vars = {
+ let state = self.state.lock().unwrap();
+ let spec = &state.pspec.as_ref().unwrap().spec;
+ DatabricksEnvVars::new(spec, Some(&self.params.compute_id))
+ };
+
+ info!(
+ "Starting Postgres for databricks endpoint id: {}",
+ &databricks_env_vars.endpoint_id
+ );
+
+ let mut env_vars = databricks_env_vars.to_env_var_list();
+ env_vars.extend(storage_auth_token.map(|t| ("NEON_AUTH_TOKEN".to_string(), t)));
+ env_vars
+ } else if let Some(storage_auth_token) = &storage_auth_token {
+ vec![("NEON_AUTH_TOKEN".to_owned(), storage_auth_token.to_owned())]
+ } else {
+ vec![]
+ };
+
// Run postgres as a child process.
let mut pg = maybe_cgexec(&self.params.pgbin)
.args(["-D", &self.params.pgdata])
- .envs(if let Some(storage_auth_token) = &storage_auth_token {
- vec![("NEON_AUTH_TOKEN", storage_auth_token)]
- } else {
- vec![]
- })
+ .envs(env_vars)
.stderr(Stdio::piped())
.spawn()
.expect("cannot start postgres process");
@@ -1785,6 +1882,34 @@ impl ComputeNode {
Ok::<(), anyhow::Error>(())
}
+ // Signal to the configurator to refresh the configuration by pulling a new spec from the HCC.
+ // Note that this merely triggers a notification on a condition variable the configurator thread
+ // waits on. The configurator thread (in configurator.rs) pulls the new spec from the HCC and
+ // applies it.
+ pub async fn signal_refresh_configuration(&self) -> Result<()> {
+ let states_allowing_configuration_refresh = [
+ ComputeStatus::Running,
+ ComputeStatus::Failed,
+ ComputeStatus::RefreshConfigurationPending,
+ ];
+
+ let mut state = self.state.lock().expect("state lock poisoned");
+ if states_allowing_configuration_refresh.contains(&state.status) {
+ state.status = ComputeStatus::RefreshConfigurationPending;
+ self.state_changed.notify_all();
+ Ok(())
+ } else if state.status == ComputeStatus::Init {
+ // If the compute is in Init state, we can't refresh the configuration immediately,
+ // but we should be able to do that soon.
+ Ok(())
+ } else {
+ Err(anyhow::anyhow!(
+ "Cannot refresh compute configuration in state {:?}",
+ state.status
+ ))
+ }
+ }
+
// Wrapped this around `pg_ctl reload`, but right now we don't use
// `pg_ctl` for start / stop.
#[instrument(skip_all)]
@@ -1846,12 +1971,16 @@ impl ComputeNode {
// Write new config
let pgdata_path = Path::new(&self.params.pgdata);
+ let postgres_port = self.params.connstr.port();
config::write_postgres_conf(
pgdata_path,
&self.params,
&spec,
+ postgres_port,
self.params.internal_http_port,
tls_config,
+ spec.databricks_settings.as_ref(),
+ self.params.lakebase_mode,
)?;
self.pg_reload_conf()?;
@@ -1957,6 +2086,8 @@ impl ComputeNode {
// wait
ComputeStatus::Init
| ComputeStatus::Configuration
+ | ComputeStatus::RefreshConfiguration
+ | ComputeStatus::RefreshConfigurationPending
| ComputeStatus::Empty => {
state = self.state_changed.wait(state).unwrap();
}
@@ -2513,6 +2644,34 @@ LIMIT 100",
);
}
}
+
+ /// Set the compute spec and update related metrics.
+ /// This is the central place where pspec is updated.
+ pub fn set_spec(params: &ComputeNodeParams, state: &mut ComputeState, pspec: ParsedSpec) {
+ state.pspec = Some(pspec);
+ ComputeNode::update_attached_metric(params, state);
+ let _ = logger::update_ids(¶ms.instance_id, &Some(params.compute_id.clone()));
+ }
+
+ pub fn update_attached_metric(params: &ComputeNodeParams, state: &mut ComputeState) {
+ // Update the pg_cctl_attached gauge when all identifiers are available.
+ if let Some(instance_id) = ¶ms.instance_id {
+ if let Some(pspec) = &state.pspec {
+ // Clear all values in the metric
+ COMPUTE_ATTACHED.reset();
+
+ // Set new metric value
+ COMPUTE_ATTACHED
+ .with_label_values(&[
+ ¶ms.compute_id,
+ instance_id,
+ &pspec.tenant_id.to_string(),
+ &pspec.timeline_id.to_string(),
+ ])
+ .set(1);
+ }
+ }
+ }
}
pub async fn installed_extensions(conf: tokio_postgres::Config) -> Result<()> {
diff --git a/compute_tools/src/compute_prewarm.rs b/compute_tools/src/compute_prewarm.rs
index 07b4a596cc..97e62c1c80 100644
--- a/compute_tools/src/compute_prewarm.rs
+++ b/compute_tools/src/compute_prewarm.rs
@@ -90,6 +90,7 @@ impl ComputeNode {
}
/// If there is a prewarm request ongoing, return `false`, `true` otherwise.
+ /// Has a failpoint "compute-prewarm"
pub fn prewarm_lfc(self: &Arc, from_endpoint: Option) -> bool {
{
let state = &mut self.state.lock().unwrap().lfc_prewarm_state;
@@ -112,9 +113,8 @@ impl ComputeNode {
Err(err) => {
crate::metrics::LFC_PREWARM_ERRORS.inc();
error!(%err, "could not prewarm LFC");
-
LfcPrewarmState::Failed {
- error: err.to_string(),
+ error: format!("{err:#}"),
}
}
};
@@ -135,16 +135,20 @@ impl ComputeNode {
async fn prewarm_impl(&self, from_endpoint: Option) -> Result {
let EndpointStoragePair { url, token } = self.endpoint_storage_pair(from_endpoint)?;
+ #[cfg(feature = "testing")]
+ fail::fail_point!("compute-prewarm", |_| {
+ bail!("prewarm configured to fail because of a failpoint")
+ });
+
info!(%url, "requesting LFC state from endpoint storage");
let request = Client::new().get(&url).bearer_auth(token);
let res = request.send().await.context("querying endpoint storage")?;
- let status = res.status();
- match status {
+ match res.status() {
StatusCode::OK => (),
StatusCode::NOT_FOUND => {
return Ok(false);
}
- _ => bail!("{status} querying endpoint storage"),
+ status => bail!("{status} querying endpoint storage"),
}
let mut uncompressed = Vec::new();
@@ -205,7 +209,7 @@ impl ComputeNode {
crate::metrics::LFC_OFFLOAD_ERRORS.inc();
error!(%err, "could not offload LFC state to endpoint storage");
self.state.lock().unwrap().lfc_offload_state = LfcOffloadState::Failed {
- error: err.to_string(),
+ error: format!("{err:#}"),
};
}
@@ -213,16 +217,22 @@ impl ComputeNode {
let EndpointStoragePair { url, token } = self.endpoint_storage_pair(None)?;
info!(%url, "requesting LFC state from Postgres");
- let mut compressed = Vec::new();
- ComputeNode::get_maintenance_client(&self.tokio_conn_conf)
+ let row = ComputeNode::get_maintenance_client(&self.tokio_conn_conf)
.await
.context("connecting to postgres")?
.query_one("select neon.get_local_cache_state()", &[])
.await
- .context("querying LFC state")?
- .try_get::(0)
- .context("deserializing LFC state")
- .map(ZstdEncoder::new)?
+ .context("querying LFC state")?;
+ let state = row
+ .try_get::>(0)
+ .context("deserializing LFC state")?;
+ let Some(state) = state else {
+ info!(%url, "empty LFC state, not exporting");
+ return Ok(());
+ };
+
+ let mut compressed = Vec::new();
+ ZstdEncoder::new(state)
.read_to_end(&mut compressed)
.await
.context("compressing LFC state")?;
diff --git a/compute_tools/src/compute_promote.rs b/compute_tools/src/compute_promote.rs
index 42256faa22..a34368c531 100644
--- a/compute_tools/src/compute_promote.rs
+++ b/compute_tools/src/compute_promote.rs
@@ -1,11 +1,12 @@
use crate::compute::ComputeNode;
use anyhow::{Context, Result, bail};
-use compute_api::{
- responses::{LfcPrewarmState, PromoteState, SafekeepersLsn},
- spec::ComputeMode,
-};
+use compute_api::responses::{LfcPrewarmState, PromoteConfig, PromoteState};
+use compute_api::spec::ComputeMode;
+use itertools::Itertools;
+use std::collections::HashMap;
use std::{sync::Arc, time::Duration};
use tokio::time::sleep;
+use tracing::info;
use utils::lsn::Lsn;
impl ComputeNode {
@@ -13,21 +14,22 @@ impl ComputeNode {
/// and http client disconnects, this does not stop promotion, and subsequent
/// calls block until promote finishes.
/// Called by control plane on secondary after primary endpoint is terminated
- pub async fn promote(self: &Arc, safekeepers_lsn: SafekeepersLsn) -> PromoteState {
+ /// Has a failpoint "compute-promotion"
+ pub async fn promote(self: &Arc, cfg: PromoteConfig) -> PromoteState {
let cloned = self.clone();
+ let promote_fn = async move || {
+ let Err(err) = cloned.promote_impl(cfg).await else {
+ return PromoteState::Completed;
+ };
+ tracing::error!(%err, "promoting");
+ PromoteState::Failed {
+ error: format!("{err:#}"),
+ }
+ };
+
let start_promotion = || {
let (tx, rx) = tokio::sync::watch::channel(PromoteState::NotPromoted);
- tokio::spawn(async move {
- tx.send(match cloned.promote_impl(safekeepers_lsn).await {
- Ok(_) => PromoteState::Completed,
- Err(err) => {
- tracing::error!(%err, "promoting");
- PromoteState::Failed {
- error: err.to_string(),
- }
- }
- })
- });
+ tokio::spawn(async move { tx.send(promote_fn().await) });
rx
};
@@ -47,9 +49,7 @@ impl ComputeNode {
task.borrow().clone()
}
- // Why do we have to supply safekeepers?
- // For secondary we use primary_connection_conninfo so safekeepers field is empty
- async fn promote_impl(&self, safekeepers_lsn: SafekeepersLsn) -> Result<()> {
+ async fn promote_impl(&self, mut cfg: PromoteConfig) -> Result<()> {
{
let state = self.state.lock().unwrap();
let mode = &state.pspec.as_ref().unwrap().spec.mode;
@@ -73,7 +73,7 @@ impl ComputeNode {
.await
.context("connecting to postgres")?;
- let primary_lsn = safekeepers_lsn.wal_flush_lsn;
+ let primary_lsn = cfg.wal_flush_lsn;
let mut last_wal_replay_lsn: Lsn = Lsn::INVALID;
const RETRIES: i32 = 20;
for i in 0..=RETRIES {
@@ -86,7 +86,7 @@ impl ComputeNode {
if last_wal_replay_lsn >= primary_lsn {
break;
}
- tracing::info!("Try {i}, replica lsn {last_wal_replay_lsn}, primary lsn {primary_lsn}");
+ info!("Try {i}, replica lsn {last_wal_replay_lsn}, primary lsn {primary_lsn}");
sleep(Duration::from_secs(1)).await;
}
if last_wal_replay_lsn < primary_lsn {
@@ -96,7 +96,7 @@ impl ComputeNode {
// using $1 doesn't work with ALTER SYSTEM SET
let safekeepers_sql = format!(
"ALTER SYSTEM SET neon.safekeepers='{}'",
- safekeepers_lsn.safekeepers
+ cfg.spec.safekeeper_connstrings.join(",")
);
client
.query(&safekeepers_sql, &[])
@@ -106,6 +106,12 @@ impl ComputeNode {
.query("SELECT pg_reload_conf()", &[])
.await
.context("reloading postgres config")?;
+
+ #[cfg(feature = "testing")]
+ fail::fail_point!("compute-promotion", |_| {
+ bail!("promotion configured to fail because of a failpoint")
+ });
+
let row = client
.query_one("SELECT * FROM pg_promote()", &[])
.await
@@ -125,8 +131,36 @@ impl ComputeNode {
bail!("replica in read only mode after promotion");
}
- let mut state = self.state.lock().unwrap();
- state.pspec.as_mut().unwrap().spec.mode = ComputeMode::Primary;
- Ok(())
+ {
+ let mut state = self.state.lock().unwrap();
+ let spec = &mut state.pspec.as_mut().unwrap().spec;
+ spec.mode = ComputeMode::Primary;
+ let new_conf = cfg.spec.cluster.postgresql_conf.as_mut().unwrap();
+ let existing_conf = spec.cluster.postgresql_conf.as_ref().unwrap();
+ Self::merge_spec(new_conf, existing_conf);
+ }
+ info!("applied new spec, reconfiguring as primary");
+ self.reconfigure()
+ }
+
+ /// Merge old and new Postgres conf specs to apply on secondary.
+ /// Change new spec's port and safekeepers since they are supplied
+ /// differenly
+ fn merge_spec(new_conf: &mut String, existing_conf: &str) {
+ let mut new_conf_set: HashMap<&str, &str> = new_conf
+ .split_terminator('\n')
+ .map(|e| e.split_once("=").expect("invalid item"))
+ .collect();
+ new_conf_set.remove("neon.safekeepers");
+
+ let existing_conf_set: HashMap<&str, &str> = existing_conf
+ .split_terminator('\n')
+ .map(|e| e.split_once("=").expect("invalid item"))
+ .collect();
+ new_conf_set.insert("port", existing_conf_set["port"]);
+ *new_conf = new_conf_set
+ .iter()
+ .map(|(k, v)| format!("{k}={v}"))
+ .join("\n");
}
}
diff --git a/compute_tools/src/config.rs b/compute_tools/src/config.rs
index dd46353343..55a1eda0b7 100644
--- a/compute_tools/src/config.rs
+++ b/compute_tools/src/config.rs
@@ -7,11 +7,14 @@ use std::io::prelude::*;
use std::path::Path;
use compute_api::responses::TlsConfig;
-use compute_api::spec::{ComputeAudit, ComputeMode, ComputeSpec, GenericOption};
+use compute_api::spec::{
+ ComputeAudit, ComputeMode, ComputeSpec, DatabricksSettings, GenericOption,
+};
use crate::compute::ComputeNodeParams;
use crate::pg_helpers::{
- GenericOptionExt, GenericOptionsSearch, PgOptionsSerialize, escape_conf_value,
+ DatabricksSettingsExt as _, GenericOptionExt, GenericOptionsSearch, PgOptionsSerialize,
+ escape_conf_value,
};
use crate::tls::{self, SERVER_CRT, SERVER_KEY};
@@ -40,12 +43,16 @@ pub fn line_in_file(path: &Path, line: &str) -> Result {
}
/// Create or completely rewrite configuration file specified by `path`
+#[allow(clippy::too_many_arguments)]
pub fn write_postgres_conf(
pgdata_path: &Path,
params: &ComputeNodeParams,
spec: &ComputeSpec,
+ postgres_port: Option,
extension_server_port: u16,
tls_config: &Option,
+ databricks_settings: Option<&DatabricksSettings>,
+ lakebase_mode: bool,
) -> Result<()> {
let path = pgdata_path.join("postgresql.conf");
// File::create() destroys the file content if it exists.
@@ -285,6 +292,24 @@ pub fn write_postgres_conf(
writeln!(file, "log_destination='stderr,syslog'")?;
}
+ if lakebase_mode {
+ // Explicitly set the port based on the connstr, overriding any previous port setting.
+ // Note: It is important that we don't specify a different port again after this.
+ let port = postgres_port.expect("port must be present in connstr");
+ writeln!(file, "port = {port}")?;
+
+ // This is databricks specific settings.
+ // This should be at the end of the file but before `compute_ctl_temp_override.conf` below
+ // so that it can override any settings above.
+ // `compute_ctl_temp_override.conf` is intended to override any settings above during specific operations.
+ // To prevent potential breakage in the future, we keep it above `compute_ctl_temp_override.conf`.
+ writeln!(file, "# Databricks settings start")?;
+ if let Some(settings) = databricks_settings {
+ writeln!(file, "{}", settings.as_pg_settings())?;
+ }
+ writeln!(file, "# Databricks settings end")?;
+ }
+
// This is essential to keep this line at the end of the file,
// because it is intended to override any settings above.
writeln!(file, "include_if_exists = 'compute_ctl_temp_override.conf'")?;
diff --git a/compute_tools/src/configurator.rs b/compute_tools/src/configurator.rs
index d97bd37285..feca8337b2 100644
--- a/compute_tools/src/configurator.rs
+++ b/compute_tools/src/configurator.rs
@@ -1,23 +1,40 @@
-use std::sync::Arc;
+use std::fs::File;
use std::thread;
+use std::{path::Path, sync::Arc};
-use compute_api::responses::ComputeStatus;
+use anyhow::Result;
+use compute_api::responses::{ComputeConfig, ComputeStatus};
use tracing::{error, info, instrument};
-use crate::compute::ComputeNode;
+use crate::compute::{ComputeNode, ParsedSpec};
+use crate::spec::get_config_from_control_plane;
#[instrument(skip_all)]
fn configurator_main_loop(compute: &Arc) {
info!("waiting for reconfiguration requests");
loop {
let mut state = compute.state.lock().unwrap();
+ /* BEGIN_HADRON */
+ // RefreshConfiguration should only be used inside the loop
+ assert_ne!(state.status, ComputeStatus::RefreshConfiguration);
+ /* END_HADRON */
- // We have to re-check the status after re-acquiring the lock because it could be that
- // the status has changed while we were waiting for the lock, and we might not need to
- // wait on the condition variable. Otherwise, we might end up in some soft-/deadlock, i.e.
- // we are waiting for a condition variable that will never be signaled.
- if state.status != ComputeStatus::ConfigurationPending {
- state = compute.state_changed.wait(state).unwrap();
+ if compute.params.lakebase_mode {
+ while state.status != ComputeStatus::ConfigurationPending
+ && state.status != ComputeStatus::RefreshConfigurationPending
+ && state.status != ComputeStatus::Failed
+ {
+ info!("configurator: compute status: {:?}, sleeping", state.status);
+ state = compute.state_changed.wait(state).unwrap();
+ }
+ } else {
+ // We have to re-check the status after re-acquiring the lock because it could be that
+ // the status has changed while we were waiting for the lock, and we might not need to
+ // wait on the condition variable. Otherwise, we might end up in some soft-/deadlock, i.e.
+ // we are waiting for a condition variable that will never be signaled.
+ if state.status != ComputeStatus::ConfigurationPending {
+ state = compute.state_changed.wait(state).unwrap();
+ }
}
// Re-check the status after waking up
@@ -37,6 +54,133 @@ fn configurator_main_loop(compute: &Arc) {
// XXX: used to test that API is blocking
// std::thread::sleep(std::time::Duration::from_millis(10000));
+ compute.set_status(new_status);
+ } else if state.status == ComputeStatus::RefreshConfigurationPending {
+ info!(
+ "compute node suspects its configuration is out of date, now refreshing configuration"
+ );
+ state.set_status(ComputeStatus::RefreshConfiguration, &compute.state_changed);
+ // Drop the lock guard here to avoid holding the lock while downloading config from the control plane / HCC.
+ // This is the only thread that can move compute_ctl out of the `RefreshConfiguration` state, so it
+ // is safe to drop the lock like this.
+ drop(state);
+
+ let get_config_result: anyhow::Result =
+ if let Some(config_path) = &compute.params.config_path_test_only {
+ // This path is only to make testing easier. In production we always get the config from the HCC.
+ info!(
+ "reloading config.json from path: {}",
+ config_path.to_string_lossy()
+ );
+ let path = Path::new(config_path);
+ if let Ok(file) = File::open(path) {
+ match serde_json::from_reader::(file) {
+ Ok(config) => Ok(config),
+ Err(e) => {
+ error!("could not parse config file: {}", e);
+ Err(anyhow::anyhow!("could not parse config file: {}", e))
+ }
+ }
+ } else {
+ error!(
+ "could not open config file at path: {:?}",
+ config_path.to_string_lossy()
+ );
+ Err(anyhow::anyhow!(
+ "could not open config file at path: {}",
+ config_path.to_string_lossy()
+ ))
+ }
+ } else if let Some(control_plane_uri) = &compute.params.control_plane_uri {
+ get_config_from_control_plane(control_plane_uri, &compute.params.compute_id)
+ } else {
+ Err(anyhow::anyhow!("config_path_test_only is not set"))
+ };
+
+ // Parse any received ComputeSpec and transpose the result into a Result>.
+ let parsed_spec_result: Result> =
+ get_config_result.and_then(|config| {
+ if let Some(spec) = config.spec {
+ if let Ok(pspec) = ParsedSpec::try_from(spec) {
+ Ok(Some(pspec))
+ } else {
+ Err(anyhow::anyhow!("could not parse spec"))
+ }
+ } else {
+ Ok(None)
+ }
+ });
+
+ let new_status: ComputeStatus;
+ match parsed_spec_result {
+ // Control plane (HCM) returned a spec and we were able to parse it.
+ Ok(Some(pspec)) => {
+ {
+ let mut state = compute.state.lock().unwrap();
+ // Defensive programming to make sure this thread is indeed the only one that can move the compute
+ // node out of the `RefreshConfiguration` state. Would be nice if we can encode this invariant
+ // into the type system.
+ assert_eq!(state.status, ComputeStatus::RefreshConfiguration);
+
+ if state.pspec.as_ref().map(|ps| ps.pageserver_connstr.clone())
+ == Some(pspec.pageserver_connstr.clone())
+ {
+ info!(
+ "Refresh configuration: Retrieved spec is the same as the current spec. Waiting for control plane to update the spec before attempting reconfiguration."
+ );
+ state.status = ComputeStatus::Running;
+ compute.state_changed.notify_all();
+ drop(state);
+ std::thread::sleep(std::time::Duration::from_secs(5));
+ continue;
+ }
+ // state.pspec is consumed by compute.reconfigure() below. Note that compute.reconfigure() will acquire
+ // the compute.state lock again so we need to have the lock guard go out of scope here. We could add a
+ // "locked" variant of compute.reconfigure() that takes the lock guard as an argument to make this cleaner,
+ // but it's not worth forking the codebase too much for this minor point alone right now.
+ state.pspec = Some(pspec);
+ }
+ match compute.reconfigure() {
+ Ok(_) => {
+ info!("Refresh configuration: compute node configured");
+ new_status = ComputeStatus::Running;
+ }
+ Err(e) => {
+ error!(
+ "Refresh configuration: could not configure compute node: {}",
+ e
+ );
+ // Set the compute node back to the `RefreshConfigurationPending` state if the configuration
+ // was not successful. It should be okay to treat this situation the same as if the loop
+ // hasn't executed yet as long as the detection side keeps notifying.
+ new_status = ComputeStatus::RefreshConfigurationPending;
+ }
+ }
+ }
+ // Control plane (HCM)'s response does not contain a spec. This is the "Empty" attachment case.
+ Ok(None) => {
+ info!(
+ "Compute Manager signaled that this compute is no longer attached to any storage. Exiting."
+ );
+ // We just immediately terminate the whole compute_ctl in this case. It's not necessary to attempt a
+ // clean shutdown as Postgres is probably not responding anyway (which is why we are in this refresh
+ // configuration state).
+ std::process::exit(1);
+ }
+ // Various error cases:
+ // - The request to the control plane (HCM) either failed or returned a malformed spec.
+ // - compute_ctl itself is configured incorrectly (e.g., compute_id is not set).
+ Err(e) => {
+ error!(
+ "Refresh configuration: error getting a parsed spec: {:?}",
+ e
+ );
+ new_status = ComputeStatus::RefreshConfigurationPending;
+ // We may be dealing with an overloaded HCM if we end up in this path. Backoff 5 seconds before
+ // retrying to avoid hammering the HCM.
+ std::thread::sleep(std::time::Duration::from_secs(5));
+ }
+ }
compute.set_status(new_status);
} else if state.status == ComputeStatus::Failed {
info!("compute node is now in Failed state, exiting");
diff --git a/compute_tools/src/http/middleware/authorize.rs b/compute_tools/src/http/middleware/authorize.rs
index 1b0bf4d9c5..407833bb0e 100644
--- a/compute_tools/src/http/middleware/authorize.rs
+++ b/compute_tools/src/http/middleware/authorize.rs
@@ -16,12 +16,16 @@ use crate::http::JsonResponse;
#[derive(Clone, Debug)]
pub(in crate::http) struct Authorize {
compute_id: String,
+ // BEGIN HADRON
+ // Hadron instance ID. Only set if it's a Lakebase V1 a.k.a. Hadron instance.
+ instance_id: Option,
+ // END HADRON
jwks: JwkSet,
validation: Validation,
}
impl Authorize {
- pub fn new(compute_id: String, jwks: JwkSet) -> Self {
+ pub fn new(compute_id: String, instance_id: Option, jwks: JwkSet) -> Self {
let mut validation = Validation::new(Algorithm::EdDSA);
// BEGIN HADRON
@@ -46,6 +50,7 @@ impl Authorize {
Self {
compute_id,
+ instance_id,
jwks,
validation,
}
@@ -59,10 +64,20 @@ impl AsyncAuthorizeRequest for Authorize {
fn authorize(&mut self, mut request: Request) -> Self::Future {
let compute_id = self.compute_id.clone();
+ let is_hadron_instance = self.instance_id.is_some();
let jwks = self.jwks.clone();
let validation = self.validation.clone();
Box::pin(async move {
+ // BEGIN HADRON
+ // In Hadron deployments the "external" HTTP endpoint on compute_ctl can only be
+ // accessed by trusted components (enforced by dblet network policy), so we can bypass
+ // all auth here.
+ if is_hadron_instance {
+ return Ok(request);
+ }
+ // END HADRON
+
let TypedHeader(Authorization(bearer)) = request
.extract_parts::>>()
.await
diff --git a/compute_tools/src/http/openapi_spec.yaml b/compute_tools/src/http/openapi_spec.yaml
index 3cf5ea7c51..ab729d62b5 100644
--- a/compute_tools/src/http/openapi_spec.yaml
+++ b/compute_tools/src/http/openapi_spec.yaml
@@ -96,7 +96,7 @@ paths:
content:
application/json:
schema:
- $ref: "#/components/schemas/SafekeepersLsn"
+ $ref: "#/components/schemas/ComputeSchemaWithLsn"
responses:
200:
description: Promote succeeded or wasn't started
@@ -297,14 +297,7 @@ paths:
content:
application/json:
schema:
- type: object
- required:
- - spec
- properties:
- spec:
- # XXX: I don't want to explain current spec in the OpenAPI format,
- # as it could be changed really soon. Consider doing it later.
- type: object
+ $ref: "#/components/schemas/ComputeSchema"
responses:
200:
description: Compute configuration finished.
@@ -591,18 +584,25 @@ components:
type: string
example: "1.0.0"
- SafekeepersLsn:
+ ComputeSchema:
type: object
required:
- - safekeepers
+ - spec
+ properties:
+ spec:
+ type: object
+ ComputeSchemaWithLsn:
+ type: object
+ required:
+ - spec
- wal_flush_lsn
properties:
- safekeepers:
- description: Primary replica safekeepers
- type: string
+ spec:
+ $ref: "#/components/schemas/ComputeState"
wal_flush_lsn:
- description: Primary last WAL flush LSN
type: string
+ description: "last WAL flush LSN"
+ example: "0/028F10D8"
LfcPrewarmState:
type: object
diff --git a/compute_tools/src/http/routes/configure.rs b/compute_tools/src/http/routes/configure.rs
index b7325d283f..943ff45357 100644
--- a/compute_tools/src/http/routes/configure.rs
+++ b/compute_tools/src/http/routes/configure.rs
@@ -43,7 +43,12 @@ pub(in crate::http) async fn configure(
// configure request for tracing purposes.
state.startup_span = Some(tracing::Span::current());
- state.pspec = Some(pspec);
+ if compute.params.lakebase_mode {
+ ComputeNode::set_spec(&compute.params, &mut state, pspec);
+ } else {
+ state.pspec = Some(pspec);
+ }
+
state.set_status(ComputeStatus::ConfigurationPending, &compute.state_changed);
drop(state);
}
diff --git a/compute_tools/src/http/routes/hadron_liveness_probe.rs b/compute_tools/src/http/routes/hadron_liveness_probe.rs
new file mode 100644
index 0000000000..4f66b6b139
--- /dev/null
+++ b/compute_tools/src/http/routes/hadron_liveness_probe.rs
@@ -0,0 +1,34 @@
+use crate::pg_isready::pg_isready;
+use crate::{compute::ComputeNode, http::JsonResponse};
+use axum::{extract::State, http::StatusCode, response::Response};
+use std::sync::Arc;
+
+/// NOTE: NOT ENABLED YET
+/// Detect if the compute is alive.
+/// Called by the liveness probe of the compute container.
+pub(in crate::http) async fn hadron_liveness_probe(
+ State(compute): State>,
+) -> Response {
+ let port = match compute.params.connstr.port() {
+ Some(port) => port,
+ None => {
+ return JsonResponse::error(
+ StatusCode::INTERNAL_SERVER_ERROR,
+ "Failed to get the port from the connection string",
+ );
+ }
+ };
+ match pg_isready(&compute.params.pg_isready_bin, port) {
+ Ok(_) => {
+ // The connection is successful, so the compute is alive.
+ // Return a 200 OK response.
+ JsonResponse::success(StatusCode::OK, "ok")
+ }
+ Err(e) => {
+ tracing::error!("Hadron liveness probe failed: {}", e);
+ // The connection failed, so the compute is not alive.
+ // Return a 500 Internal Server Error response.
+ JsonResponse::error(StatusCode::INTERNAL_SERVER_ERROR, e)
+ }
+ }
+}
diff --git a/compute_tools/src/http/routes/metrics.rs b/compute_tools/src/http/routes/metrics.rs
index 96b464fd12..8406746327 100644
--- a/compute_tools/src/http/routes/metrics.rs
+++ b/compute_tools/src/http/routes/metrics.rs
@@ -13,6 +13,7 @@ use metrics::{Encoder, TextEncoder};
use crate::communicator_socket_client::connect_communicator_socket;
use crate::compute::ComputeNode;
+use crate::hadron_metrics;
use crate::http::JsonResponse;
use crate::metrics::collect;
@@ -21,11 +22,18 @@ pub(in crate::http) async fn get_metrics() -> Response {
// When we call TextEncoder::encode() below, it will immediately return an
// error if a metric family has no metrics, so we need to preemptively
// filter out metric families with no metrics.
- let metrics = collect()
+ let mut metrics = collect()
.into_iter()
.filter(|m| !m.get_metric().is_empty())
.collect::>();
+ // Add Hadron metrics.
+ let hadron_metrics: Vec = hadron_metrics::collect()
+ .into_iter()
+ .filter(|m| !m.get_metric().is_empty())
+ .collect();
+ metrics.extend(hadron_metrics);
+
let encoder = TextEncoder::new();
let mut buffer = vec![];
diff --git a/compute_tools/src/http/routes/mod.rs b/compute_tools/src/http/routes/mod.rs
index dd71f663eb..c0f68701c6 100644
--- a/compute_tools/src/http/routes/mod.rs
+++ b/compute_tools/src/http/routes/mod.rs
@@ -10,11 +10,13 @@ pub(in crate::http) mod extension_server;
pub(in crate::http) mod extensions;
pub(in crate::http) mod failpoints;
pub(in crate::http) mod grants;
+pub(in crate::http) mod hadron_liveness_probe;
pub(in crate::http) mod insights;
pub(in crate::http) mod lfc;
pub(in crate::http) mod metrics;
pub(in crate::http) mod metrics_json;
pub(in crate::http) mod promote;
+pub(in crate::http) mod refresh_configuration;
pub(in crate::http) mod status;
pub(in crate::http) mod terminate;
diff --git a/compute_tools/src/http/routes/promote.rs b/compute_tools/src/http/routes/promote.rs
index bc5f93b4da..7ca3464b63 100644
--- a/compute_tools/src/http/routes/promote.rs
+++ b/compute_tools/src/http/routes/promote.rs
@@ -1,14 +1,14 @@
use crate::http::JsonResponse;
-use axum::Form;
+use axum::extract::Json;
use http::StatusCode;
pub(in crate::http) async fn promote(
compute: axum::extract::State>,
- Form(safekeepers_lsn): Form,
+ Json(cfg): Json,
) -> axum::response::Response {
- let state = compute.promote(safekeepers_lsn).await;
- if let compute_api::responses::PromoteState::Failed { error } = state {
- return JsonResponse::error(StatusCode::INTERNAL_SERVER_ERROR, error);
+ let state = compute.promote(cfg).await;
+ if let compute_api::responses::PromoteState::Failed { error: _ } = state {
+ return JsonResponse::create_response(StatusCode::INTERNAL_SERVER_ERROR, state);
}
JsonResponse::success(StatusCode::OK, state)
}
diff --git a/compute_tools/src/http/routes/refresh_configuration.rs b/compute_tools/src/http/routes/refresh_configuration.rs
new file mode 100644
index 0000000000..9b2f95ca5a
--- /dev/null
+++ b/compute_tools/src/http/routes/refresh_configuration.rs
@@ -0,0 +1,29 @@
+// This file is added by Hadron
+
+use std::sync::Arc;
+
+use axum::{
+ extract::State,
+ response::{IntoResponse, Response},
+};
+use http::StatusCode;
+
+use crate::compute::ComputeNode;
+use crate::hadron_metrics::POSTGRES_PAGESTREAM_REQUEST_ERRORS;
+use crate::http::JsonResponse;
+
+/// The /refresh_configuration POST method is used to nudge compute_ctl to pull a new spec
+/// from the HCC and attempt to reconfigure Postgres with the new spec. The method does not wait
+/// for the reconfiguration to complete. Rather, it simply delivers a signal that will cause
+/// configuration to be reloaded in a best effort manner. Invocation of this method does not
+/// guarantee that a reconfiguration will occur. The caller should consider keep sending this
+/// request while it believes that the compute configuration is out of date.
+pub(in crate::http) async fn refresh_configuration(
+ State(compute): State>,
+) -> Response {
+ POSTGRES_PAGESTREAM_REQUEST_ERRORS.inc();
+ match compute.signal_refresh_configuration().await {
+ Ok(_) => StatusCode::OK.into_response(),
+ Err(e) => JsonResponse::error(StatusCode::INTERNAL_SERVER_ERROR, e),
+ }
+}
diff --git a/compute_tools/src/http/routes/terminate.rs b/compute_tools/src/http/routes/terminate.rs
index 5b30b020c8..deac760f43 100644
--- a/compute_tools/src/http/routes/terminate.rs
+++ b/compute_tools/src/http/routes/terminate.rs
@@ -1,7 +1,7 @@
use crate::compute::{ComputeNode, forward_termination_signal};
use crate::http::JsonResponse;
use axum::extract::State;
-use axum::response::Response;
+use axum::response::{IntoResponse, Response};
use axum_extra::extract::OptionalQuery;
use compute_api::responses::{ComputeStatus, TerminateMode, TerminateResponse};
use http::StatusCode;
@@ -33,7 +33,29 @@ pub(in crate::http) async fn terminate(
if !matches!(state.status, ComputeStatus::Empty | ComputeStatus::Running) {
return JsonResponse::invalid_status(state.status);
}
+
+ // If compute is Empty, there's no Postgres to terminate. The regular compute_ctl termination path
+ // assumes Postgres to be configured and running, so we just special-handle this case by exiting
+ // the process directly.
+ if compute.params.lakebase_mode && state.status == ComputeStatus::Empty {
+ drop(state);
+ info!("terminating empty compute - will exit process");
+
+ // Queue a task to exit the process after 5 seconds. The 5-second delay aims to
+ // give enough time for the HTTP response to be sent so that HCM doesn't get an abrupt
+ // connection termination.
+ tokio::spawn(async {
+ tokio::time::sleep(tokio::time::Duration::from_secs(5)).await;
+ info!("exiting process after terminating empty compute");
+ std::process::exit(0);
+ });
+
+ return StatusCode::OK.into_response();
+ }
+
+ // For Running status, proceed with normal termination
state.set_status(mode.into(), &compute.state_changed);
+ drop(state);
}
forward_termination_signal(false);
diff --git a/compute_tools/src/http/server.rs b/compute_tools/src/http/server.rs
index f0fbca8263..2fd3121f4f 100644
--- a/compute_tools/src/http/server.rs
+++ b/compute_tools/src/http/server.rs
@@ -23,7 +23,8 @@ use super::{
middleware::authorize::Authorize,
routes::{
check_writability, configure, database_schema, dbs_and_roles, extension_server, extensions,
- grants, insights, lfc, metrics, metrics_json, promote, status, terminate,
+ grants, hadron_liveness_probe, insights, lfc, metrics, metrics_json, promote,
+ refresh_configuration, status, terminate,
},
};
use crate::compute::ComputeNode;
@@ -43,6 +44,7 @@ pub enum Server {
port: u16,
config: ComputeCtlConfig,
compute_id: String,
+ instance_id: Option,
},
}
@@ -67,7 +69,12 @@ impl From<&Server> for Router> {
post(extension_server::download_extension),
)
.route("/extensions", post(extensions::install_extension))
- .route("/grants", post(grants::add_grant));
+ .route("/grants", post(grants::add_grant))
+ // Hadron: Compute-initiated configuration refresh
+ .route(
+ "/refresh_configuration",
+ post(refresh_configuration::refresh_configuration),
+ );
// Add in any testing support
if cfg!(feature = "testing") {
@@ -79,7 +86,10 @@ impl From<&Server> for Router> {
router
}
Server::External {
- config, compute_id, ..
+ config,
+ compute_id,
+ instance_id,
+ ..
} => {
let unauthenticated_router = Router::>::new()
.route("/metrics", get(metrics::get_metrics))
@@ -100,8 +110,13 @@ impl From<&Server> for Router> {
.route("/metrics.json", get(metrics_json::get_metrics))
.route("/status", get(status::get_status))
.route("/terminate", post(terminate::terminate))
+ .route(
+ "/hadron_liveness_probe",
+ get(hadron_liveness_probe::hadron_liveness_probe),
+ )
.layer(AsyncRequireAuthorizationLayer::new(Authorize::new(
compute_id.clone(),
+ instance_id.clone(),
config.jwks.clone(),
)));
diff --git a/compute_tools/src/installed_extensions.rs b/compute_tools/src/installed_extensions.rs
index 90e1a17be4..5f60b711c8 100644
--- a/compute_tools/src/installed_extensions.rs
+++ b/compute_tools/src/installed_extensions.rs
@@ -2,6 +2,7 @@ use std::collections::HashMap;
use anyhow::Result;
use compute_api::responses::{InstalledExtension, InstalledExtensions};
+use once_cell::sync::Lazy;
use tokio_postgres::error::Error as PostgresError;
use tokio_postgres::{Client, Config, NoTls};
@@ -119,3 +120,7 @@ pub async fn get_installed_extensions(
extensions: extensions_map.into_values().collect(),
})
}
+
+pub fn initialize_metrics() {
+ Lazy::force(&INSTALLED_EXTENSIONS);
+}
diff --git a/compute_tools/src/lib.rs b/compute_tools/src/lib.rs
index 5ffa2f004a..85a6f955d9 100644
--- a/compute_tools/src/lib.rs
+++ b/compute_tools/src/lib.rs
@@ -25,6 +25,7 @@ mod migration;
pub mod monitor;
pub mod params;
pub mod pg_helpers;
+pub mod pg_isready;
pub mod pgbouncer;
pub mod rsyslog;
pub mod spec;
diff --git a/compute_tools/src/logger.rs b/compute_tools/src/logger.rs
index cd076472a6..83e666223c 100644
--- a/compute_tools/src/logger.rs
+++ b/compute_tools/src/logger.rs
@@ -1,7 +1,10 @@
use std::collections::HashMap;
+use std::sync::{LazyLock, RwLock};
+use tracing::Subscriber;
use tracing::info;
-use tracing_subscriber::layer::SubscriberExt;
+use tracing_appender;
use tracing_subscriber::prelude::*;
+use tracing_subscriber::{fmt, layer::SubscriberExt, registry::LookupSpan};
/// Initialize logging to stderr, and OpenTelemetry tracing and exporter.
///
@@ -15,16 +18,44 @@ use tracing_subscriber::prelude::*;
///
pub fn init_tracing_and_logging(
default_log_level: &str,
-) -> anyhow::Result> {
+ log_dir_opt: &Option,
+) -> anyhow::Result<(
+ Option,
+ Option,
+)> {
// Initialize Logging
let env_filter = tracing_subscriber::EnvFilter::try_from_default_env()
.unwrap_or_else(|_| tracing_subscriber::EnvFilter::new(default_log_level));
+ // Standard output streams
let fmt_layer = tracing_subscriber::fmt::layer()
.with_ansi(false)
.with_target(false)
.with_writer(std::io::stderr);
+ // Logs with file rotation. Files in `$log_dir/pgcctl.yyyy-MM-dd`
+ let (json_to_file_layer, _file_logs_guard) = if let Some(log_dir) = log_dir_opt {
+ std::fs::create_dir_all(log_dir)?;
+ let file_logs_appender = tracing_appender::rolling::RollingFileAppender::builder()
+ .rotation(tracing_appender::rolling::Rotation::DAILY)
+ .filename_prefix("pgcctl")
+ // Lib appends to existing files, so we will keep files for up to 2 days even on restart loops.
+ // At minimum, log-daemon will have 1 day to detect and upload a file (if created right before midnight).
+ .max_log_files(2)
+ .build(log_dir)
+ .expect("Initializing rolling file appender should succeed");
+ let (file_logs_writer, _file_logs_guard) =
+ tracing_appender::non_blocking(file_logs_appender);
+ let json_to_file_layer = tracing_subscriber::fmt::layer()
+ .with_ansi(false)
+ .with_target(false)
+ .event_format(PgJsonLogShapeFormatter)
+ .with_writer(file_logs_writer);
+ (Some(json_to_file_layer), Some(_file_logs_guard))
+ } else {
+ (None, None)
+ };
+
// Initialize OpenTelemetry
let provider =
tracing_utils::init_tracing("compute_ctl", tracing_utils::ExportConfig::default());
@@ -35,12 +66,13 @@ pub fn init_tracing_and_logging(
.with(env_filter)
.with(otlp_layer)
.with(fmt_layer)
+ .with(json_to_file_layer)
.init();
tracing::info!("logging and tracing started");
utils::logging::replace_panic_hook_with_tracing_panic_hook().forget();
- Ok(provider)
+ Ok((provider, _file_logs_guard))
}
/// Replace all newline characters with a special character to make it
@@ -95,3 +127,157 @@ pub fn startup_context_from_env() -> Option {
None
}
}
+
+/// Track relevant id's
+const UNKNOWN_IDS: &str = r#""pg_instance_id": "", "pg_compute_id": """#;
+static IDS: LazyLock> = LazyLock::new(|| RwLock::new(UNKNOWN_IDS.to_string()));
+
+pub fn update_ids(instance_id: &Option, compute_id: &Option) -> anyhow::Result<()> {
+ let ids = format!(
+ r#""pg_instance_id": "{}", "pg_compute_id": "{}""#,
+ instance_id.as_ref().map(|s| s.as_str()).unwrap_or_default(),
+ compute_id.as_ref().map(|s| s.as_str()).unwrap_or_default()
+ );
+ let mut guard = IDS
+ .write()
+ .map_err(|e| anyhow::anyhow!("Log set id's rwlock poisoned: {}", e))?;
+ *guard = ids;
+ Ok(())
+}
+
+/// Massage compute_ctl logs into PG json log shape so we can use the same Lumberjack setup.
+struct PgJsonLogShapeFormatter;
+impl fmt::format::FormatEvent for PgJsonLogShapeFormatter
+where
+ S: Subscriber + for<'a> LookupSpan<'a>,
+ N: for<'a> fmt::format::FormatFields<'a> + 'static,
+{
+ fn format_event(
+ &self,
+ ctx: &fmt::FmtContext<'_, S, N>,
+ mut writer: fmt::format::Writer<'_>,
+ event: &tracing::Event<'_>,
+ ) -> std::fmt::Result {
+ // Format values from the event's metadata, and open message string
+ let metadata = event.metadata();
+ {
+ let ids_guard = IDS.read();
+ let ids = ids_guard
+ .as_ref()
+ .map(|guard| guard.as_str())
+ // Surpress so that we don't lose all uploaded/ file logs if something goes super wrong. We would notice the missing id's.
+ .unwrap_or(UNKNOWN_IDS);
+ write!(
+ &mut writer,
+ r#"{{"timestamp": "{}", "error_severity": "{}", "file_name": "{}", "backend_type": "compute_ctl_self", {}, "message": "#,
+ chrono::Utc::now().format("%Y-%m-%d %H:%M:%S%.3f GMT"),
+ metadata.level(),
+ metadata.target(),
+ ids
+ )?;
+ }
+
+ let mut message = String::new();
+ let message_writer = fmt::format::Writer::new(&mut message);
+
+ // Gather the message
+ ctx.field_format().format_fields(message_writer, event)?;
+
+ // TODO: any better options than to copy-paste this OSS span formatter?
+ // impl FormatEvent for Format
+ // https://docs.rs/tracing-subscriber/latest/tracing_subscriber/fmt/trait.FormatEvent.html#impl-FormatEvent%3CS,+N%3E-for-Format%3CFull,+T%3E
+
+ // write message, close bracket, and new line
+ writeln!(writer, "{}}}", serde_json::to_string(&message).unwrap())
+ }
+}
+
+#[cfg(feature = "testing")]
+#[cfg(test)]
+mod test {
+ use super::*;
+ use std::{cell::RefCell, io};
+
+ // Use thread_local! instead of Mutex for test isolation
+ thread_local! {
+ static WRITER_OUTPUT: RefCell = const { RefCell::new(String::new()) };
+ }
+
+ #[derive(Clone, Default)]
+ struct StaticStringWriter;
+
+ impl io::Write for StaticStringWriter {
+ fn write(&mut self, buf: &[u8]) -> io::Result {
+ let output = String::from_utf8(buf.to_vec()).expect("Invalid UTF-8 in test output");
+ WRITER_OUTPUT.with(|s| s.borrow_mut().push_str(&output));
+ Ok(buf.len())
+ }
+
+ fn flush(&mut self) -> io::Result<()> {
+ Ok(())
+ }
+ }
+
+ impl fmt::MakeWriter<'_> for StaticStringWriter {
+ type Writer = Self;
+
+ fn make_writer(&self) -> Self::Writer {
+ Self
+ }
+ }
+
+ #[test]
+ fn test_log_pg_json_shape_formatter() {
+ // Use a scoped subscriber to prevent global state pollution
+ let subscriber = tracing_subscriber::registry().with(
+ tracing_subscriber::fmt::layer()
+ .with_ansi(false)
+ .with_target(false)
+ .event_format(PgJsonLogShapeFormatter)
+ .with_writer(StaticStringWriter),
+ );
+
+ let _ = update_ids(&Some("000".to_string()), &Some("111".to_string()));
+
+ // Clear any previous test state
+ WRITER_OUTPUT.with(|s| s.borrow_mut().clear());
+
+ let messages = [
+ "test message",
+ r#"json escape check: name="BatchSpanProcessor.Flush.ExportError" reason="Other(reqwest::Error { kind: Request, url: \"http://localhost:4318/v1/traces\", source: hyper_
+ util::client::legacy::Error(Connect, ConnectError(\"tcp connect error\", Os { code: 111, kind: ConnectionRefused, message: \"Connection refused\" })) })" Failed during the export process"#,
+ ];
+
+ tracing::subscriber::with_default(subscriber, || {
+ for message in messages {
+ tracing::info!(message);
+ }
+ });
+ tracing::info!("not test message");
+
+ // Get captured output
+ let output = WRITER_OUTPUT.with(|s| s.borrow().clone());
+
+ let json_strings: Vec<&str> = output.lines().collect();
+ assert_eq!(
+ json_strings.len(),
+ messages.len(),
+ "Log didn't have the expected number of json strings."
+ );
+
+ let json_string_shape_regex = regex::Regex::new(
+ r#"\{"timestamp": "\d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2}\.\d{3} GMT", "error_severity": "INFO", "file_name": ".+", "backend_type": "compute_ctl_self", "pg_instance_id": "000", "pg_compute_id": "111", "message": ".+"\}"#
+ ).unwrap();
+
+ for (i, expected_message) in messages.iter().enumerate() {
+ let json_string = json_strings[i];
+ assert!(
+ json_string_shape_regex.is_match(json_string),
+ "Json log didn't match expected pattern:\n{json_string}",
+ );
+ let parsed_json: serde_json::Value = serde_json::from_str(json_string).unwrap();
+ let actual_message = parsed_json["message"].as_str().unwrap();
+ assert_eq!(*expected_message, actual_message);
+ }
+ }
+}
diff --git a/compute_tools/src/pg_isready.rs b/compute_tools/src/pg_isready.rs
new file mode 100644
index 0000000000..76c45d6b0a
--- /dev/null
+++ b/compute_tools/src/pg_isready.rs
@@ -0,0 +1,30 @@
+use anyhow::{Context, anyhow};
+
+// Run `/usr/local/bin/pg_isready -p {port}`
+// Check the connectivity of PG
+// Success means PG is listening on the port and accepting connections
+// Note that PG does not need to authenticate the connection, nor reserve a connection quota for it.
+// See https://www.postgresql.org/docs/current/app-pg-isready.html
+pub fn pg_isready(bin: &str, port: u16) -> anyhow::Result<()> {
+ let child_result = std::process::Command::new(bin)
+ .arg("-p")
+ .arg(port.to_string())
+ .spawn();
+
+ child_result
+ .context("spawn() failed")
+ .and_then(|mut child| child.wait().context("wait() failed"))
+ .and_then(|status| match status.success() {
+ true => Ok(()),
+ false => Err(anyhow!("process exited with {status}")),
+ })
+ // wrap any prior error with the overall context that we couldn't run the command
+ .with_context(|| format!("could not run `{bin} --port {port}`"))
+}
+
+// It's safe to assume pg_isready is under the same directory with postgres,
+// because it is a PG util bin installed along with postgres
+pub fn get_pg_isready_bin(pgbin: &str) -> String {
+ let split = pgbin.split("/").collect::>();
+ split[0..split.len() - 1].join("/") + "/pg_isready"
+}
diff --git a/compute_tools/src/spec.rs b/compute_tools/src/spec.rs
index d00f86a2c0..2dda9c3134 100644
--- a/compute_tools/src/spec.rs
+++ b/compute_tools/src/spec.rs
@@ -142,7 +142,7 @@ pub fn update_pg_hba(pgdata_path: &Path, databricks_pg_hba: Option<&String>) ->
// Update pg_hba to contains databricks specfic settings before adding neon settings
// PG uses the first record that matches to perform authentication, so we need to have
// our rules before the default ones from neon.
- // See https://www.postgresql.org/docs/16/auth-pg-hba-conf.html
+ // See https://www.postgresql.org/docs/current/auth-pg-hba-conf.html
if let Some(databricks_pg_hba) = databricks_pg_hba {
if config::line_in_file(
&pghba_path,
diff --git a/control_plane/src/bin/neon_local.rs b/control_plane/src/bin/neon_local.rs
index 579a696398..372118c6aa 100644
--- a/control_plane/src/bin/neon_local.rs
+++ b/control_plane/src/bin/neon_local.rs
@@ -560,7 +560,9 @@ enum EndpointCmd {
Create(EndpointCreateCmdArgs),
Start(EndpointStartCmdArgs),
Reconfigure(EndpointReconfigureCmdArgs),
+ RefreshConfiguration(EndpointRefreshConfigurationArgs),
Stop(EndpointStopCmdArgs),
+ UpdatePageservers(EndpointUpdatePageserversCmdArgs),
GenerateJwt(EndpointGenerateJwtCmdArgs),
}
@@ -721,6 +723,13 @@ struct EndpointReconfigureCmdArgs {
safekeepers: Option,
}
+#[derive(clap::Args)]
+#[clap(about = "Refresh the endpoint's configuration by forcing it reload it's spec")]
+struct EndpointRefreshConfigurationArgs {
+ #[clap(help = "Postgres endpoint id")]
+ endpoint_id: String,
+}
+
#[derive(clap::Args)]
#[clap(about = "Stop an endpoint")]
struct EndpointStopCmdArgs {
@@ -738,6 +747,16 @@ struct EndpointStopCmdArgs {
mode: EndpointTerminateMode,
}
+#[derive(clap::Args)]
+#[clap(about = "Update the pageservers in the spec file of the compute endpoint")]
+struct EndpointUpdatePageserversCmdArgs {
+ #[clap(help = "Postgres endpoint id")]
+ endpoint_id: String,
+
+ #[clap(short = 'p', long, help = "Specified pageserver id")]
+ pageserver_id: Option,
+}
+
#[derive(clap::Args)]
#[clap(about = "Generate a JWT for an endpoint")]
struct EndpointGenerateJwtCmdArgs {
@@ -1518,7 +1537,7 @@ async fn handle_endpoint(subcmd: &EndpointCmd, env: &local_env::LocalEnv) -> Res
let endpoint = cplane
.endpoints
.get(endpoint_id.as_str())
- .ok_or_else(|| anyhow::anyhow!("endpoint {endpoint_id} not found"))?;
+ .ok_or_else(|| anyhow!("endpoint {endpoint_id} not found"))?;
if !args.allow_multiple {
cplane.check_conflicting_endpoints(
@@ -1629,6 +1648,44 @@ async fn handle_endpoint(subcmd: &EndpointCmd, env: &local_env::LocalEnv) -> Res
println!("Starting existing endpoint {endpoint_id}...");
endpoint.start(args).await?;
}
+ EndpointCmd::UpdatePageservers(args) => {
+ let endpoint_id = &args.endpoint_id;
+ let endpoint = cplane
+ .endpoints
+ .get(endpoint_id.as_str())
+ .with_context(|| format!("postgres endpoint {endpoint_id} is not found"))?;
+ let pageservers = match args.pageserver_id {
+ Some(pageserver_id) => {
+ let pageserver =
+ PageServerNode::from_env(env, env.get_pageserver_conf(pageserver_id)?);
+
+ vec![(
+ PageserverProtocol::Libpq,
+ pageserver.pg_connection_config.host().clone(),
+ pageserver.pg_connection_config.port(),
+ )]
+ }
+ None => {
+ let storage_controller = StorageController::from_env(env);
+ storage_controller
+ .tenant_locate(endpoint.tenant_id)
+ .await?
+ .shards
+ .into_iter()
+ .map(|shard| {
+ (
+ PageserverProtocol::Libpq,
+ Host::parse(&shard.listen_pg_addr)
+ .expect("Storage controller reported malformed host"),
+ shard.listen_pg_port,
+ )
+ })
+ .collect::>()
+ }
+ };
+
+ endpoint.update_pageservers_in_config(pageservers).await?;
+ }
EndpointCmd::Reconfigure(args) => {
let endpoint_id = &args.endpoint_id;
let endpoint = cplane
@@ -1682,6 +1739,14 @@ async fn handle_endpoint(subcmd: &EndpointCmd, env: &local_env::LocalEnv) -> Res
.reconfigure(Some(pageservers), None, safekeepers, None)
.await?;
}
+ EndpointCmd::RefreshConfiguration(args) => {
+ let endpoint_id = &args.endpoint_id;
+ let endpoint = cplane
+ .endpoints
+ .get(endpoint_id.as_str())
+ .with_context(|| format!("postgres endpoint {endpoint_id} is not found"))?;
+ endpoint.refresh_configuration().await?;
+ }
EndpointCmd::Stop(args) => {
let endpoint_id = &args.endpoint_id;
let endpoint = cplane
diff --git a/control_plane/src/endpoint.rs b/control_plane/src/endpoint.rs
index 892180a4dc..4317c4d0f1 100644
--- a/control_plane/src/endpoint.rs
+++ b/control_plane/src/endpoint.rs
@@ -846,6 +846,7 @@ impl Endpoint {
autoprewarm: args.autoprewarm,
offload_lfc_interval_seconds: args.offload_lfc_interval_seconds,
suspend_timeout_seconds: -1, // Only used in neon_local.
+ databricks_settings: None,
};
// this strange code is needed to support respec() in tests
@@ -990,7 +991,9 @@ impl Endpoint {
| ComputeStatus::Configuration
| ComputeStatus::TerminationPendingFast
| ComputeStatus::TerminationPendingImmediate
- | ComputeStatus::Terminated => {
+ | ComputeStatus::Terminated
+ | ComputeStatus::RefreshConfigurationPending
+ | ComputeStatus::RefreshConfiguration => {
bail!("unexpected compute status: {:?}", state.status)
}
}
@@ -1013,6 +1016,29 @@ impl Endpoint {
Ok(())
}
+ // Update the pageservers in the spec file of the endpoint. This is useful to test the spec refresh scenario.
+ pub async fn update_pageservers_in_config(
+ &self,
+ pageservers: Vec<(PageserverProtocol, Host, u16)>,
+ ) -> Result<()> {
+ let config_path = self.endpoint_path().join("config.json");
+ let mut config: ComputeConfig = {
+ let file = std::fs::File::open(&config_path)?;
+ serde_json::from_reader(file)?
+ };
+
+ let pageserver_connstring = Self::build_pageserver_connstr(&pageservers);
+ assert!(!pageserver_connstring.is_empty());
+ let mut spec = config.spec.unwrap();
+ spec.pageserver_connstring = Some(pageserver_connstring);
+ config.spec = Some(spec);
+
+ let file = std::fs::File::create(&config_path)?;
+ serde_json::to_writer_pretty(file, &config)?;
+
+ Ok(())
+ }
+
// Call the /status HTTP API
pub async fn get_status(&self) -> Result {
let client = reqwest::Client::new();
@@ -1178,6 +1204,33 @@ impl Endpoint {
Ok(response)
}
+ pub async fn refresh_configuration(&self) -> Result<()> {
+ let client = reqwest::Client::builder()
+ .timeout(Duration::from_secs(30))
+ .build()
+ .unwrap();
+ let response = client
+ .post(format!(
+ "http://{}:{}/refresh_configuration",
+ self.internal_http_address.ip(),
+ self.internal_http_address.port()
+ ))
+ .send()
+ .await?;
+
+ let status = response.status();
+ if !(status.is_client_error() || status.is_server_error()) {
+ Ok(())
+ } else {
+ let url = response.url().to_owned();
+ let msg = match response.text().await {
+ Ok(err_body) => format!("Error: {err_body}"),
+ Err(_) => format!("Http error ({}) at {}.", status.as_u16(), url),
+ };
+ Err(anyhow::anyhow!(msg))
+ }
+ }
+
pub fn connstr(&self, user: &str, db_name: &str) -> String {
format!(
"postgresql://{}@{}:{}/{}",
diff --git a/libs/compute_api/src/responses.rs b/libs/compute_api/src/responses.rs
index 5b8fc49750..a27301e45e 100644
--- a/libs/compute_api/src/responses.rs
+++ b/libs/compute_api/src/responses.rs
@@ -108,11 +108,10 @@ pub enum PromoteState {
Failed { error: String },
}
-#[derive(Deserialize, Serialize, Default, Debug, Clone)]
+#[derive(Deserialize, Default, Debug)]
#[serde(rename_all = "snake_case")]
-/// Result of /safekeepers_lsn
-pub struct SafekeepersLsn {
- pub safekeepers: String,
+pub struct PromoteConfig {
+ pub spec: ComputeSpec,
pub wal_flush_lsn: utils::lsn::Lsn,
}
@@ -173,6 +172,11 @@ pub enum ComputeStatus {
TerminationPendingImmediate,
// Terminated Postgres
Terminated,
+ // A spec refresh is being requested
+ RefreshConfigurationPending,
+ // A spec refresh is being applied. We cannot refresh configuration again until the current
+ // refresh is done, i.e., signal_refresh_configuration() will return 500 error.
+ RefreshConfiguration,
}
#[derive(Deserialize, Serialize)]
@@ -185,6 +189,10 @@ impl Display for ComputeStatus {
match self {
ComputeStatus::Empty => f.write_str("empty"),
ComputeStatus::ConfigurationPending => f.write_str("configuration-pending"),
+ ComputeStatus::RefreshConfiguration => f.write_str("refresh-configuration"),
+ ComputeStatus::RefreshConfigurationPending => {
+ f.write_str("refresh-configuration-pending")
+ }
ComputeStatus::Init => f.write_str("init"),
ComputeStatus::Running => f.write_str("running"),
ComputeStatus::Configuration => f.write_str("configuration"),
diff --git a/libs/compute_api/src/spec.rs b/libs/compute_api/src/spec.rs
index 061ac3e66d..6709c06fc6 100644
--- a/libs/compute_api/src/spec.rs
+++ b/libs/compute_api/src/spec.rs
@@ -193,6 +193,9 @@ pub struct ComputeSpec {
///
/// We use this value to derive other values, such as the installed extensions metric.
pub suspend_timeout_seconds: i64,
+
+ // Databricks specific options for compute instance.
+ pub databricks_settings: Option,
}
/// Feature flag to signal `compute_ctl` to enable certain experimental functionality.
diff --git a/libs/http-utils/src/endpoint.rs b/libs/http-utils/src/endpoint.rs
index f5a7735ad8..2b54ffbf12 100644
--- a/libs/http-utils/src/endpoint.rs
+++ b/libs/http-utils/src/endpoint.rs
@@ -558,11 +558,11 @@ async fn add_request_id_header_to_response(
mut res: Response,
req_info: RequestInfo,
) -> Result, ApiError> {
- if let Some(request_id) = req_info.context::() {
- if let Ok(request_header_value) = HeaderValue::from_str(&request_id.0) {
- res.headers_mut()
- .insert(&X_REQUEST_ID_HEADER, request_header_value);
- };
+ if let Some(request_id) = req_info.context::()
+ && let Ok(request_header_value) = HeaderValue::from_str(&request_id.0)
+ {
+ res.headers_mut()
+ .insert(&X_REQUEST_ID_HEADER, request_header_value);
};
Ok(res)
diff --git a/libs/http-utils/src/server.rs b/libs/http-utils/src/server.rs
index f93f71c962..ce90b8d710 100644
--- a/libs/http-utils/src/server.rs
+++ b/libs/http-utils/src/server.rs
@@ -72,10 +72,10 @@ impl Server {
if err.is_incomplete_message() || err.is_closed() || err.is_timeout() {
return true;
}
- if let Some(inner) = err.source() {
- if let Some(io) = inner.downcast_ref::() {
- return suppress_io_error(io);
- }
+ if let Some(inner) = err.source()
+ && let Some(io) = inner.downcast_ref::()
+ {
+ return suppress_io_error(io);
}
false
}
diff --git a/libs/metrics/src/lib.rs b/libs/metrics/src/lib.rs
index 41873cdcd6..6cf27abcaf 100644
--- a/libs/metrics/src/lib.rs
+++ b/libs/metrics/src/lib.rs
@@ -129,6 +129,12 @@ impl InfoMetric {
}
}
+impl Default for InfoMetric {
+ fn default() -> Self {
+ InfoMetric::new(L::default())
+ }
+}
+
impl> InfoMetric {
pub fn with_metric(label: L, metric: M) -> Self {
Self {
diff --git a/libs/neon-shmem/src/hash.rs b/libs/neon-shmem/src/hash.rs
index 58726b9ba3..a58797d8fa 100644
--- a/libs/neon-shmem/src/hash.rs
+++ b/libs/neon-shmem/src/hash.rs
@@ -363,7 +363,7 @@ where
// TODO: An Iterator might be nicer. The communicator's clock algorithm needs to
// _slowly_ iterate through all buckets with its clock hand, without holding a lock.
// If we switch to an Iterator, it must not hold the lock.
- pub fn get_at_bucket(&self, pos: usize) -> Option> {
+ pub fn get_at_bucket(&self, pos: usize) -> Option> {
let map = unsafe { self.shared_ptr.as_ref() }.unwrap().read();
if pos >= map.buckets.len() {
return None;
diff --git a/libs/pageserver_api/src/models.rs b/libs/pageserver_api/src/models.rs
index 7c7c65fb70..230c1f46ea 100644
--- a/libs/pageserver_api/src/models.rs
+++ b/libs/pageserver_api/src/models.rs
@@ -1500,6 +1500,7 @@ pub struct TimelineArchivalConfigRequest {
#[derive(Serialize, Deserialize, PartialEq, Eq, Clone)]
pub struct TimelinePatchIndexPartRequest {
pub rel_size_migration: Option,
+ pub rel_size_migrated_at: Option,
pub gc_compaction_last_completed_lsn: Option,
pub applied_gc_cutoff_lsn: Option,
#[serde(default)]
@@ -1533,10 +1534,10 @@ pub enum RelSizeMigration {
/// `None` is the same as `Some(RelSizeMigration::Legacy)`.
Legacy,
/// The tenant is migrating to the new rel_size format. Both old and new rel_size format are
- /// persisted in the index part. The read path will read both formats and merge them.
+ /// persisted in the storage. The read path will read both formats and validate them.
Migrating,
/// The tenant has migrated to the new rel_size format. Only the new rel_size format is persisted
- /// in the index part, and the read path will not read the old format.
+ /// in the storage, and the read path will not read the old format.
Migrated,
}
@@ -1619,6 +1620,7 @@ pub struct TimelineInfo {
/// The status of the rel_size migration.
pub rel_size_migration: Option,
+ pub rel_size_migrated_at: Option,
/// Whether the timeline is invisible in synthetic size calculations.
pub is_invisible: Option,
diff --git a/libs/postgres_ffi/Cargo.toml b/libs/postgres_ffi/Cargo.toml
index d4fec6cbe9..fca75b7bc1 100644
--- a/libs/postgres_ffi/Cargo.toml
+++ b/libs/postgres_ffi/Cargo.toml
@@ -12,7 +12,6 @@ crc32c.workspace = true
criterion.workspace = true
once_cell.workspace = true
log.workspace = true
-memoffset.workspace = true
pprof.workspace = true
thiserror.workspace = true
serde.workspace = true
diff --git a/libs/postgres_ffi/src/controlfile_utils.rs b/libs/postgres_ffi/src/controlfile_utils.rs
index eaa9450294..d6d17ce3fb 100644
--- a/libs/postgres_ffi/src/controlfile_utils.rs
+++ b/libs/postgres_ffi/src/controlfile_utils.rs
@@ -34,9 +34,8 @@ const SIZEOF_CONTROLDATA: usize = size_of::();
impl ControlFileData {
/// Compute the offset of the `crc` field within the `ControlFileData` struct.
/// Equivalent to offsetof(ControlFileData, crc) in C.
- // Someday this can be const when the right compiler features land.
- fn pg_control_crc_offset() -> usize {
- memoffset::offset_of!(ControlFileData, crc)
+ const fn pg_control_crc_offset() -> usize {
+ std::mem::offset_of!(ControlFileData, crc)
}
///
diff --git a/proxy/subzero_core/.gitignore b/libs/proxy/subzero_core/.gitignore
similarity index 100%
rename from proxy/subzero_core/.gitignore
rename to libs/proxy/subzero_core/.gitignore
diff --git a/proxy/subzero_core/Cargo.toml b/libs/proxy/subzero_core/Cargo.toml
similarity index 100%
rename from proxy/subzero_core/Cargo.toml
rename to libs/proxy/subzero_core/Cargo.toml
diff --git a/proxy/subzero_core/src/lib.rs b/libs/proxy/subzero_core/src/lib.rs
similarity index 100%
rename from proxy/subzero_core/src/lib.rs
rename to libs/proxy/subzero_core/src/lib.rs
diff --git a/libs/proxy/tokio-postgres2/src/client.rs b/libs/proxy/tokio-postgres2/src/client.rs
index 068566e955..90ff39aff1 100644
--- a/libs/proxy/tokio-postgres2/src/client.rs
+++ b/libs/proxy/tokio-postgres2/src/client.rs
@@ -15,6 +15,7 @@ use tokio::sync::mpsc;
use crate::cancel_token::RawCancelToken;
use crate::codec::{BackendMessages, FrontendMessage, RecordNotices};
use crate::config::{Host, SslMode};
+use crate::connection::gc_bytesmut;
use crate::query::RowStream;
use crate::simple_query::SimpleQueryStream;
use crate::types::{Oid, Type};
@@ -95,20 +96,13 @@ impl InnerClient {
Ok(PartialQuery(Some(self)))
}
- // pub fn send_with_sync(&mut self, f: F) -> Result<&mut Responses, Error>
- // where
- // F: FnOnce(&mut BytesMut) -> Result<(), Error>,
- // {
- // self.start()?.send_with_sync(f)
- // }
-
pub fn send_simple_query(&mut self, query: &str) -> Result<&mut Responses, Error> {
self.responses.waiting += 1;
self.buffer.clear();
// simple queries do not need sync.
frontend::query(query, &mut self.buffer).map_err(Error::encode)?;
- let buf = self.buffer.split().freeze();
+ let buf = self.buffer.split();
self.send_message(FrontendMessage::Raw(buf))
}
@@ -125,7 +119,7 @@ impl Drop for PartialQuery<'_> {
if let Some(client) = self.0.take() {
client.buffer.clear();
frontend::sync(&mut client.buffer);
- let buf = client.buffer.split().freeze();
+ let buf = client.buffer.split();
let _ = client.send_message(FrontendMessage::Raw(buf));
}
}
@@ -141,7 +135,7 @@ impl<'a> PartialQuery<'a> {
client.buffer.clear();
f(&mut client.buffer)?;
frontend::flush(&mut client.buffer);
- let buf = client.buffer.split().freeze();
+ let buf = client.buffer.split();
client.send_message(FrontendMessage::Raw(buf))
}
@@ -154,7 +148,7 @@ impl<'a> PartialQuery<'a> {
client.buffer.clear();
f(&mut client.buffer)?;
frontend::sync(&mut client.buffer);
- let buf = client.buffer.split().freeze();
+ let buf = client.buffer.split();
let _ = client.send_message(FrontendMessage::Raw(buf));
Ok(&mut self.0.take().unwrap().responses)
@@ -191,6 +185,7 @@ impl Client {
ssl_mode: SslMode,
process_id: i32,
secret_key: i32,
+ write_buf: BytesMut,
) -> Client {
Client {
inner: InnerClient {
@@ -201,7 +196,7 @@ impl Client {
waiting: 0,
received: 0,
},
- buffer: Default::default(),
+ buffer: write_buf,
},
cached_typeinfo: Default::default(),
@@ -292,8 +287,35 @@ impl Client {
simple_query::batch_execute(self.inner_mut(), query).await
}
- pub async fn discard_all(&mut self) -> Result {
- self.batch_execute("discard all").await
+ /// Similar to `discard_all`, but it does not clear any query plans
+ ///
+ /// This runs in the background, so it can be executed without `await`ing.
+ pub fn reset_session_background(&mut self) -> Result<(), Error> {
+ // "CLOSE ALL": closes any cursors
+ // "SET SESSION AUTHORIZATION DEFAULT": resets the current_user back to the session_user
+ // "RESET ALL": resets any GUCs back to their session defaults.
+ // "DEALLOCATE ALL": deallocates any prepared statements
+ // "UNLISTEN *": stops listening on all channels
+ // "SELECT pg_advisory_unlock_all();": unlocks all advisory locks
+ // "DISCARD TEMP;": drops all temporary tables
+ // "DISCARD SEQUENCES;": deallocates all cached sequence state
+
+ let _responses = self.inner_mut().send_simple_query(
+ "ROLLBACK;
+ CLOSE ALL;
+ SET SESSION AUTHORIZATION DEFAULT;
+ RESET ALL;
+ DEALLOCATE ALL;
+ UNLISTEN *;
+ SELECT pg_advisory_unlock_all();
+ DISCARD TEMP;
+ DISCARD SEQUENCES;",
+ )?;
+
+ // Clean up memory usage.
+ gc_bytesmut(&mut self.inner_mut().buffer);
+
+ Ok(())
}
/// Begins a new database transaction.
diff --git a/libs/proxy/tokio-postgres2/src/codec.rs b/libs/proxy/tokio-postgres2/src/codec.rs
index 813faa0e35..35f616d229 100644
--- a/libs/proxy/tokio-postgres2/src/codec.rs
+++ b/libs/proxy/tokio-postgres2/src/codec.rs
@@ -1,13 +1,13 @@
use std::io;
-use bytes::{Bytes, BytesMut};
+use bytes::BytesMut;
use fallible_iterator::FallibleIterator;
use postgres_protocol2::message::backend;
use tokio::sync::mpsc::UnboundedSender;
use tokio_util::codec::{Decoder, Encoder};
pub enum FrontendMessage {
- Raw(Bytes),
+ Raw(BytesMut),
RecordNotices(RecordNotices),
}
@@ -17,7 +17,10 @@ pub struct RecordNotices {
}
pub enum BackendMessage {
- Normal { messages: BackendMessages },
+ Normal {
+ messages: BackendMessages,
+ ready: bool,
+ },
Async(backend::Message),
}
@@ -40,11 +43,11 @@ impl FallibleIterator for BackendMessages {
pub struct PostgresCodec;
-impl Encoder for PostgresCodec {
+impl Encoder for PostgresCodec {
type Error = io::Error;
- fn encode(&mut self, item: Bytes, dst: &mut BytesMut) -> io::Result<()> {
- dst.extend_from_slice(&item);
+ fn encode(&mut self, item: BytesMut, dst: &mut BytesMut) -> io::Result<()> {
+ dst.unsplit(item);
Ok(())
}
}
@@ -56,6 +59,7 @@ impl Decoder for PostgresCodec {
fn decode(&mut self, src: &mut BytesMut) -> Result, io::Error> {
let mut idx = 0;
+ let mut ready = false;
while let Some(header) = backend::Header::parse(&src[idx..])? {
let len = header.len() as usize + 1;
if src[idx..].len() < len {
@@ -79,6 +83,7 @@ impl Decoder for PostgresCodec {
idx += len;
if header.tag() == backend::READY_FOR_QUERY_TAG {
+ ready = true;
break;
}
}
@@ -88,6 +93,7 @@ impl Decoder for PostgresCodec {
} else {
Ok(Some(BackendMessage::Normal {
messages: BackendMessages(src.split_to(idx)),
+ ready,
}))
}
}
diff --git a/libs/proxy/tokio-postgres2/src/config.rs b/libs/proxy/tokio-postgres2/src/config.rs
index c619f92d13..3579dd94a2 100644
--- a/libs/proxy/tokio-postgres2/src/config.rs
+++ b/libs/proxy/tokio-postgres2/src/config.rs
@@ -250,19 +250,20 @@ impl Config {
{
let stream = connect_tls(stream, self.ssl_mode, tls).await?;
let mut stream = StartupStream::new(stream);
- connect_raw::startup(&mut stream, self).await?;
connect_raw::authenticate(&mut stream, self).await?;
Ok(stream)
}
- pub async fn authenticate(&self, stream: &mut StartupStream) -> Result<(), Error>
+ pub fn authenticate(
+ &self,
+ stream: &mut StartupStream,
+ ) -> impl Future