Skip to content

Always close completed app sessions#36651

Merged
rosstimothy merged 3 commits intomasterfrom
tross/fix_app_session_leaks
Jan 13, 2024
Merged

Always close completed app sessions#36651
rosstimothy merged 3 commits intomasterfrom
tross/fix_app_session_leaks

Conversation

@rosstimothy
Copy link
Copy Markdown
Contributor

@rosstimothy rosstimothy commented Jan 12, 2024

The previous use of gravitational/ttlmap with a fixed capacity led to sessions leaking and never being closed if a spike of sessions greater than the capacity occurred. The sessionChunkCache relied on the expiry callback function set on the ttlmap to be called in order to close the app session and release resources. However, if an item was evicted from the ttlmap because the capacity had been exceeded the expiry callback was fired.

Instead of increasing the capacity to a larger size the ttlmap was replaced entirely by utils.FnCache. It offers equivalent functionality while still being actively maintained. This also allowed refactoring to remove the sessionChunkCache entirely since the FnCache took care of most of the added functionality that the ttlmap wrapper was providing.

Partially addressed #36541.

changelog: Ensure that any opened app session is always closed on completion

@rosstimothy
Extend expiry functionality of FnCache
9d0a175 
The FnCacheConfig now provides an optional OnExpires callback which
will be called when any item in the cache is removed due to expiry.
Eviction of expired entries used to only happen on retrieval
attempts, but this can now be triggered on demand using
(FnCache) RemoveExpired. A new Shutdown method was also added to
allow all items in the cache to be removed. If OnExpires is set
then it will be called for every item in the cache during Shutdown.
@rosstimothy
Add cancellation to abort in flight loads
58de094
@rosstimothy
Always close completed app sessions
ecec9df 
The previous use of gravitational/ttlmap with a fixed capacity led
to sessions leaking and never being closed if a spike of sessions
greater than the capcity occurred. The sessionChunkCache relied
on the expiry callback function set on the ttlmap to be called in
order to close the app session and release resources. However, if
an item was evicted from the ttlmap because the capacity had been
exceeded the expiry callback was fired.

Instead of increasing the capacity to a larger size the ttlmap was
replaced entirely by utils.FnCache. It offers equivalent
functionality while still being actively maintained. This also
allowed refactoring to remove the sessionChunkCache entirely since
the FnCache took care of most of the added functionality that the
ttlmap wrapper was providing.

Partially addressed #36541.
@rosstimothy rosstimothy marked this pull request as ready for review January 12, 2024 22:05
@github-actions github-actions Bot requested review from Tener and kimlisa January 12, 2024 22:05
zmb3
zmb3 approved these changes Jan 13, 2024
View reviewed changes
Copy link
Copy Markdown
Collaborator

@zmb3 zmb3 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Overall looks great but I wonder if we need to expire sessions every second.

Comment thread lib/srv/app/server.go
}

func (s *Server) expireSessions() {
ticker := time.NewTicker(time.Second)
Copy link
Copy Markdown
Collaborator

@zmb3 zmb3 Jan 13, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why one second? Seems pretty frequent.

Copy link
Copy Markdown
Contributor Author

@rosstimothy rosstimothy Jan 13, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This matches the previous behavior https://github.com/gravitational/teleport/pull/36651/files#diff-ca39a541840180f58e858d283e0b0720d82f8bc9a6eead8564e8f0e4f02db123L427-L440.

Base automatically changed from tross/update_fncache to master January 13, 2024 15:02
@rosstimothy rosstimothy added this pull request to the merge queue Jan 13, 2024
Merged via the queue into master with commit a3f363e Jan 13, 2024
@rosstimothy rosstimothy deleted the tross/fix_app_session_leaks branch January 13, 2024 15:43
@public-teleport-github-review-bot
Copy link
Copy Markdown

public-teleport-github-review-bot Bot commented Jan 13, 2024

@rosstimothy See the table below for backport results.

Branch Result
branch/v12 Failed
branch/v13 Failed
branch/v14 Failed

This was referenced Jan 18, 2024
Merged
Merged
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@tigrato tigrato tigrato approved these changes

@zmb3 zmb3 zmb3 approved these changes

Assignees

No one assigned

Labels

application-access size/sm

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@rosstimothy @tigrato @zmb3