lxd: update the instancesShutdown function to work with a usedResourcesMap

gabrielmougard · gabrielmougard · commit cc831d873f32 · 2025-02-18T10:05:00.000+01:00
Now the `instancesShutdown` is being able to query the state of instances (busy or not).
If the instance to be shutdown in a worker is detected as busy, we send it back to the shutdown channel with a bounded exponential backoff.

Backoff strategy:

It starts with an initial retry delay of 5 seconds.  Subsequent retries increase exponentially, multiplying the previous delay by 1.5, with a jitter factor of 0.2 to avoid synchronized retries. The delay is capped at a maximum of 60 seconds to prevent excessively long waits. The entire retry process continues for a maximum of 15 minutes (MaxElapsedTime), after which it terminates regardless of success, ensuring the task doesn't run indefinitely.

Example:

Retry 1: 5 seconds
Retry 2: 7.5 seconds (5 * 1.5)
Retry 3: 11.25 seconds (7.5 * 1.5)
Retry 4: 16.875 seconds (11.25 * 1.5)
Retry 5: 25.3125 seconds (16.875 * 1.5)
Retry 6: 37.96875 seconds (25.312 * 1.5)
Retry 7: 56.953 seconds
Retry 8: 60 seconds, because MaxInterval will prevent from incrementing more so we do 60s from here.
Retry 9: 60s
Retry 10: 60s
Retry 11: 60s

&lt;Instance operation finishes before the 15min max elapsed time!&gt;

Signed-off-by: Gabriel Mougard &lt;gabriel.mougard@canonical.com&gt;
diff --git a/lxd/daemon.go b/lxd/daemon.go
@@ -1527,7 +1527,7 @@ func (d *Daemon) init() error {
 			return fmt.Errorf("Failed loading containers to restart: %w", err)
 		}
 
-		instancesShutdown(instances)
+		instancesShutdown(instances, nil, nil)
 		instancesStart(s, instances)
 	}
 
@@ -2102,7 +2102,7 @@ func (d *Daemon) Stop(ctx context.Context, sig os.Signal) error {
 
 		// Full shutdown requested.
 		if sig == unix.SIGPWR {
-			instancesShutdown(instances)
+			instancesShutdown(instances, usedResourcesMap, &resourceMapMu)
 
 			logger.Info("Stopping networks")
 			networkShutdown(s)
diff --git a/lxd/instances.go b/lxd/instances.go
@@ -24,6 +24,7 @@ import (
 	"github.com/canonical/lxd/shared/api"
 	"github.com/canonical/lxd/shared/entity"
 	"github.com/canonical/lxd/shared/logger"
+	"github.com/cenkalti/backoff/v4"
 )
 
 var instancesCmd = APIEndpoint{
@@ -455,20 +456,31 @@ func instancesOnDisk(s *state.State) ([]instance.Instance, error) {
 	return instances, nil
 }
 
-func instancesShutdown(instances []instance.Instance) {
+func instancesShutdown(instances []instance.Instance, usedResourceMap map[*api.URL]bool, usedResourceMapMu *sync.Mutex) {
 	sort.Sort(instanceStopList(instances))
 
 	// Limit shutdown concurrency to number of instances or number of CPU cores (which ever is less).
 	var wg sync.WaitGroup
 	instShutdownCh := make(chan instance.Instance)
+	resourceConstrainedMode := usedResourceMap != nil && usedResourceMapMu != nil
+	var instToBackoff map[*api.URL]*backoff.ExponentialBackOff
+	var instToBackoffMu sync.Mutex
 	maxConcurrent := runtime.NumCPU()
 	instCount := len(instances)
 	if instCount < maxConcurrent {
 		maxConcurrent = instCount
 	}
 
+	// If we are in resource constrained mode, we need to track the instance URL (the URLs here are for instances that are still busy, i.e have associated pending operations) to their backoff
+	// so that we can re-send the instance back to the instShutdownCh channel to be shutdown after the backoff period has elapsed.
+	// Each instance URL will have a backoff associated with it so that an instance that is newly detected as busy will have an shorter backoff period than an instance that has been busy for a while.
+	if resourceConstrainedMode {
+		instToBackoff = make(map[*api.URL]*backoff.ExponentialBackOff, len(instances))
+		instToBackoffMu = sync.Mutex{}
+	}
+
 	for i := 0; i < maxConcurrent; i++ {
-		go func(instShutdownCh <-chan instance.Instance) {
+		go func(instShutdownCh chan instance.Instance) {
 			for inst := range instShutdownCh {
 				// Determine how long to wait for the instance to shutdown cleanly.
 				timeoutSeconds := 30
@@ -477,6 +489,51 @@ func instancesShutdown(instances []instance.Instance) {
 					timeoutSeconds, _ = strconv.Atoi(value)
 				}
 
+				instanceURL := entity.InstanceURL(inst.Project().Name, inst.Name())
+				if resourceConstrainedMode {
+					usedResourceMapMu.Lock()
+					exponentialBackOff, exists := instToBackoff[instanceURL]
+					if !exists {
+						exponentialBackOff := backoff.NewExponentialBackOff()
+						exponentialBackOff.InitialInterval = 5 * time.Second
+						exponentialBackOff.Multiplier = 1.5
+						exponentialBackOff.RandomizationFactor = 0.2
+						exponentialBackOff.MaxInterval = 60 * time.Second
+						exponentialBackOff.MaxElapsedTime = 15 * time.Minute
+						instToBackoff[instanceURL] = exponentialBackOff
+					}
+
+					code, err := backoff.RetryWithData(func() (int, error) {
+						usedResourceMapMu.Lock()
+						blocked, exists := usedResourceMap[instanceURL]
+						usedResourceMapMu.Unlock()
+
+						if blocked && exists {
+							instShutdownCh <- inst
+							return 1, nil
+						}
+
+						return 0, nil
+					}, exponentialBackOff)
+					if err != nil {
+						if err != backoff.Permanent(err) {
+							logger.Warn("Failed to retry backoff operation during busy instance shutdown attempt", logger.Ctx{"project": inst.Project().Name, "instance": inst.Name(), "err": err})
+						} else {
+							logger.Warn("Unknown error returned from backoff operation during instance shutdown retry", logger.Ctx{"project": inst.Project().Name, "instance": inst.Name(), "err": err})
+						}
+
+						instToBackoffMu.Unlock()
+						continue
+					}
+
+					instToBackoffMu.Unlock()
+					// This means the instance has been sent back to the channel to be retried.
+					// We should not attempt to shutdown the instance for now.
+					if code == 1 {
+						continue
+					}
+				}
+
 				err := inst.Shutdown(time.Second * time.Duration(timeoutSeconds))
 				if err != nil {
 					logger.Warn("Failed shutting down instance, forcefully stopping", logger.Ctx{"project": inst.Project().Name, "instance": inst.Name(), "err": err})
@@ -486,6 +543,13 @@ func instancesShutdown(instances []instance.Instance) {
 					}
 				}
 
+				if resourceConstrainedMode {
+					instanceURL := entity.InstanceURL(inst.Project().Name, inst.Name())
+					usedResourceMapMu.Lock()
+					usedResourceMap[instanceURL] = false
+					usedResourceMapMu.Unlock()
+				}
+
 				if inst.ID() > 0 {
 					// If DB was available then the instance shutdown process will have set
 					// the last power state to STOPPED, so set that back to RUNNING so that

Original file line number	Diff line number	Diff line change
`@@ -1527,7 +1527,7 @@ func (d *Daemon) init() error {`
`1527`	`1527`	`return fmt.Errorf("Failed loading containers to restart: %w", err)`
`1528`	`1528`	`}`
`1529`	`1529`
`1530`		`- instancesShutdown(instances)`
	`1530`	`+ instancesShutdown(instances, nil, nil)`
`1531`	`1531`	`instancesStart(s, instances)`
`1532`	`1532`	`}`
`1533`	`1533`
`@@ -2102,7 +2102,7 @@ func (d *Daemon) Stop(ctx context.Context, sig os.Signal) error {`
`2102`	`2102`
`2103`	`2103`	`// Full shutdown requested.`
`2104`	`2104`	`if sig == unix.SIGPWR {`
`2105`		`- instancesShutdown(instances)`
	`2105`	`+ instancesShutdown(instances, usedResourcesMap, &resourceMapMu)`
`2106`	`2106`
`2107`	`2107`	`logger.Info("Stopping networks")`
`2108`	`2108`	`networkShutdown(s)`