On 24 April 2018 at 09:08, Quentin Schulz quentin.schulz@bootlin.com wrote:
Hi Neil,
I think there was a global misunderstanding from a poorly choice of words. When I was saying "available device" I meant a device that isn't in Maintenance or Retired. If the device is idle, running a job, scheduled to run a job, etc... I consider it "available". Sorry for the misunderstanding.
Currently, "Maintenance" is considered as available for submission & for scheduling. This is to support maximum uptime and minimal disruption to CI loops for temporary work happening on devices.
We are looking at clarifying this soon.
I know this has been a long and complex thread. Thank you for sticking with the discussion, despite the complexity and terminology.
On Mon, Apr 23, 2018 at 12:54:03PM +0100, Neil Williams wrote:
On 23 April 2018 at 11:21, Quentin Schulz quentin.schulz@bootlin.com wrote:
Hi Neil,
Thanks for your prompt answer.
On Fri, Apr 20, 2018 at 07:56:29AM +0100, Neil Williams wrote:
On 19 April 2018 at 20:11, Quentin Schulz <
quentin.schulz@bootlin.com>
wrote:
Hi all,
I've encountered a deadlock in my LAVA server with the following
scheme.
I have an at91rm9200ek in my lab that got submitted a lot of
multi-node
jobs requesting an other "board" (a laptop of type dummy-ssh). All of my other boards in the lab have received the same multi-node
jobs
requesting the same and only laptop.
That is the source of the resource starvation - multiple
requirements of
a
single device. The scheduler needs to be greedy and grab whatever
suitable
devices it can as soon as it can to be able to run MultiNode. The
primary
ordering of scheduling is the Test Job ID which is determined at
submission.
Why would you order test jobs without knowing if the boards it depends on are available when it's going to be scheduled? What am I missing?
To avoid the situation where a MultiNode job is constantly waiting for
all
devices to be available at exactly the same time. Instances frequently
have
long queues of submitted test jobs, a mix of single node and MultiNode.
The
MultiNode jobs must be able to grab whatever device is available, in
order
of submit time, and then wait for the other part to be available. Otherwise, all devices would run all single node test jobs in the entire queue before any MultiNode test jobs could start. Many instances
constantly
have a queue of single node test jobs.
That's understood and expected.
If you have an imbalance between the number of machines which can be available and then submit MultiNode jobs which all rely on the
starved
resource, there is not much LAVA can do currently. We are looking at
a
way
to reschedule MultiNode test jobs but it is very complex and low
priority.
What version of lava-server and lava-dispatcher are you running?
lava-dispatcher 2018.2.post3-1+jessie lava-server 2018.2-1+jessie lava-coordinator 0.1.7-1
(You need to upgrade to Stretch - there will be no fixes or upgrades available for Jessie. All development work must only happen on Stretch.
See
the lava-announce mailing list archive.)
Thanks, we'll have a look into this.
What is the structure of your current lab?
MultiNode is complex - not just at the test job synchronization
level but
also at the lab structure / administrative level.
I have two machines. One acting as LAVA server and one as LAVA slave. The LAVA slave is handling all boards in our lab.
I have one laptop (an actual x86 laptop for which we know the NIC
driver
works reliably at high (~1Gbps) speeds) that we use for MultiNode jobs (actually requesting the laptop and one board at the same time only) to test network. This laptop is seen as a board by LAVA, there is nothing LAVA-related on this board (it should be seen as a device).
Then you need more LAVA devices to replicate the role played by the
laptop.
Exactly one device for each MultiNode test job which can be submitted at any one time. Then use device tags to allocate one of the "laptop"
devices
to each of the other boards involved in the MultiNode test jobs.
Alternatively, you need to manage both the submissions and the device availability.
Think of just the roles played by the devices.
There are N client role devices (not in Retired state) and there are X server role devices where the server role is what the laptop is currently doing.
You need to have N == X to solve the imbalance in the queue.
If N > 1 (and there are more than one device-type in the count 'N') then you also need to use device tags so that each device-type has a dedicated pool of server role devices where the number of devices in the server
role
pool exactly matches the number of devices of the device-type using the specified device tag.
I had to take the at91rm9200ek out of the lab because it was
behaving.
However, LAVA is still scheduling multi-node jobs on the laptop
which
requires the at91rm9200ek as the other part of the job, while its
status
is clearly Maintenance.
A device in Maintenance is still available for scheduling - only
Retired
is
excluded - test jobs submitted to a Retired device are rejected.
Why is that? The device is explicitely in Maintenance, which IMHO tells that the board shouldn't be used.
Not for the scheduler - the scheduler can still accept submissions and queue them up until the device comes out of Maintenance.
This prevents test jobs being rejected during certain kinds of
maintenance.
(Wider scale maintenance would involve taking down the UI on the master
at
which point submissions would get a 404 but that is up to admins to schedule and announce etc.)
This is about uptime for busy instances which frequently get batches of submissions out of operations like cron. The available devices quickly
get
swamped but the queue needs to continue accepting jobs until admins
decide
that devices which need work are going to be unavailable for long enough that the resulting queue would be impractical. i.e. when the length of
time
to wait for the job exceeds the useful window of the results from the job or when the number of test jobs in the queue exceeds the ability of the available devices to keep on top of the queue and avoid ever increasing queues.
I guess that's an implementation choice but I'd have guessed the scheduler was first looping over idle devices to then schedule the oldest job in the queue for this device type.
But my understanding is that the scheduler rather sets an order when jobs are submitted that isn't temperable with. Is that correct?
The order is priority, submit_time and then target_group.
Changing ordering on-the-fly and backing out from certain states is the subject of https://projects.linaro.org/browse/LAVA-595 - that is the work I've already described as low priority, large scale and complex.
You do have the ability to set the Priority of new test jobs for submission which want to use the laptop in a MultiNode test job along with a device which is NOT the at91rm9200ek. You will need to cancel the test job involving the at91rm9200ek which is currently scheduled. (Other test jobs for the at91rm9200ek in the Queue can be left alone provided that these test jobs have a lower Priority than the jobs you want to run on other devices.)
When the scheduler comes back around, it will find a new test job with higher Priority which wants to use the laptop with a hikey device or whatever and the at91rm9200ek will be ignored. It's not perfect because you would then need to either keep that Priority pipe full or cancel the submitted test jobs for the at91rm9200ek.
Once a test job has been submitted, it will be either scheduled or cancelled.
Yes, that's understood and that makes sense to me. However, for
"normal"
jobs, if you can't find a board of device type X that is available, it does not get scheduled, right? Why can't we do the same for MultiNode jobs?
Because the MultiNode job will never find all devices in the right state
at
the same time once there is a mixed queue of single node and MultiNode
jobs.
All devices defined in the MultiNode test job must be available at
exactly
the same time. Once there are single node jobs in the queue, that never happens.
A is running B is Idle MultiNode submitted for A & B single node submitted for A single node submitted for B
scheduler considers the queue - MultiNode cannot start (A is busy), so
move
on and start the single node job on B (because the single node test job
on
B may actually complete before the job on A finishes, so it is
inefficient
to keep B idle when it could be doing useful stuff for another user).
A is running B is running
no actions
A completes and goes to Idle B is still running
and so the pattern continues for as long as there are any single node
test
jobs for either A or B in the queue.
The MultiNode test job never starts because A and B are never Idle at the same time until the queue is completely empty (which *never* happens in many instances).
So the scheduler must grab B while it is Idle to prevent the single node test job starting. Then when A completes, the scheduler must also grab A before that single node test job starts running.
A is running B is Idle MultiNode submitted for A & B single node submitted for A single node submitted for B
B is transitioned to Scheduling and is unavailable for the single node
test
job.
A is running B is scheduling
no actions
A completes and goes to Idle B is scheduling
Scheduler transitions A into scheduling - that test job can now start.
(Now consider MultiNode test jobs covering a dozen devices in an instance with a hundred mixed devices and permanent queues of single node test
jobs.)
The scheduler also needs to be very fast, so the actual decisions need to be made on quite simple criteria - specifically, without going back to
the
database to find out about what else might be in the queue or trying to second-guess when test jobs might end.
That is understood as well for devices that are idle, running or scheduled to run. The point I was trying to make was why schedule a job for a device that is in Maintenance (what I meant by the poorly chosen "available" word).
Is that because one the job is submitted it's ordered by the scheduler and then run by the scheduler in the given order and the jobs are not discriminated against the device Maintenance status?
The problem you have is not that the device is in Maintenance but that the other device(s) in the MultiNode test job are Idle. Therefore, those jobs get scheduled because there is no reason not to do so.
If the submission was to be rejected when all devices of the requested device-type are in Maintenance, that is a large change which would negatively impact a lot of busy instances.
We do need to clarify these states but essentially, Maintenance is a manual state change which has the same effect as the automatic state change to Bad. That is as far as it goes currently.
Now, until I put the at91rm9200ek back in the lab, all my boards are
reserved and scheduling for a multi-node job and thus, my lab is basically dead.
The correct fix here is to have enough devices of the device-type of
the
starved resource such that one of each other device-type can use that resource simultaneously and then use device-tags to match up groups
of
devices so that submitting lots of jobs for one type all at the same
time
does not simply consume all of the available resources.
e.g. four device-types - phone, hikey, qemu and panda. Each
multinode job
wants a single QEMU with each of the others, so the QEMU type becomes starved, depending on how jobs are submitted. If two hikey-qemu jobs
are
submitted together, then 1 QEMU gets scheduled, waiting for the
hikey to
become free after running the first job. If each QEMU has
device-tags,
then
the second hikey-qemu job will wait not only for the hikey but will
also
wait for the one QEMU which has the hikey device tag. This way, only
those
jobs would then wait for a QEMU device. There would be three QEMU
devices,
one with a device tag like "phone", one with "hikey" and one with
"panda".
If another panda device is added, another QEMU with the "panda"
device
tag
would be required. The number of QEMU devices required is the sum of
the
number of devices of each other device-type which may be required in
a
MultiNode test job.
This is a structural problem within your lab.
You would need one "laptop" for each other device-type which can use
that
device-type in your lab. Then each "laptop" gets unique a device-tag
.
Each
test job for at91rm9200ek must specify that the "laptop" device must
have
the matching device tag. Each test job for each other device-type
uses
the
matching device-tag for that device-type. We had this problem in the Harston lab for a long time when using V1 and had to implement just
such
a
structure of matched devices and device tags. However, the need for
this
disappeared when the Harston lab transitioned all devices and test
jobs
to
LAVA V2.
I strongly disagree with your statement. A software problem can often
be
dealt with by adding more resources but I'm not willing to spend thousands on something that can be fixed on the software side.
We've been through these loops within the team for many years and have millions of test jobs which demonstrate the problems and the fix. I'm afraid you are misunderstanding the problem if you think that there is a software solution for a queue containing both MultiNode and single node test jobs - other than the solution we now use in the LAVA scheduler. The process has been tried and tested over 8 years and millions of test jobs across dozens of mixed use case instances and has proven to be the most efficient use of resources across all those models.
Each test job in a MultiNode test is considered separately - if one or
more
devices are Idle, then those are immediately put into Scheduling. Only
when
all are in Scheduling can any of those jobs start. The status of other
test
jobs in the MultiNode group can only be handled at the point when at
least
one test job in that MultiNode group is in Scheduling.
I think there is a global misunderstanding due to my bad choice of words. I understand and I'm convinced there are no other ways to deal with what you explained above.
Aside from a non-negligeable financial and time (to setup and maintain) effort to buy a board with a stable and reliable NIC for each and every board in my lab, it just isn't our use case.
If I would do such a thing, then my network would be the bottleneck to my network tests and I'd have to spend a lot (financially and on time
or
maintenance) to have a top notch network infrastructure for tests I don't care if they run one after the other. I can't have a separate network for each and every board as well, simply because my boards
often
have a single Ethernet port, thus I can't separate the test network
from
the lab network for, e.g. images downloading that are part of the booting process, hence I can't do reliable network testing even by multiplying "laptop" devices.
I can understand it's not your typical use case at Linaro and you've dozens and dozens of the same board and a huge infrastructure to handle the whole LAVA lab and maybe people working full-time on LAVA, the lab, the boards, the infrastructure. But that's the complete opposite of our use case.
Maybe you can understand ours where we have only one board of each device type, being part of KernelCI to test and report kernel booting status and having occasional custom tests (like network) on upstream or custom branches/repositories. We sporadically work on the lab, fixing the issues we're seeing with the boards but that's not what we do for a living.
I do understand and I personally run a lab in much the same way. However, the code needs to work the same way in that lab as it does in the larger
Of course.
labs. It is the local configuration and resource availability which must change to suit.
For now, the best thing is to put devices into Retired so that
submissions
are rejected and then you will also have to manage your submissions and your queue.
Can't we have a "Maintenance but I don't know when it's coming back so please still submit jobs but do not schedule them" option :D ?
This is exactly what you already have - but it's not actually what you mean.
The problem is that you're thinking of the state of the at91rm9200ek when what matters to the scheduler is the state of the laptop device *in isolation*. The state of the at91rm9200ek only matters AFTER the laptop has been assigned.
What you mean is:
"I don't know when ANY of the devices of device-type A are going to be ready to start a test job, so do not allow ANY OTHER device of ANY OTHER device-type to be scheduled either IF that device-type is listed in a MultiNode test job which ALSO requires a device of this device-type".
(The reason it's ANY is that if 10 test jobs are submitted all wanting at91rm9200ek and laptop, then if you had 10 laptops and 1 at91rm9200ek, those 10 laptops would also go into Scheduled - that is the imbalance we talked about previously.)
It is a cross-relational issue.
Correlating across the MultiNode test job at the scheduling state is likely to have a massive impact on the speed of the scheduler because:
0: a device in Maintenance or Bad is NOT currently available to be scheduled - that's the whole point. 1: the other device(s) in the MultiNode group DO get scheduled because those were in Idle 2: asking the scheduler to check the state of all devices of all device-types mentioned in a MultiNode job when considering whether to schedule any other device in that same MultiNode job is going to make the scheduler SLOW.
So what we do is let the Idle (laptop) device go into a waiting state and let the scheduler move the at91rm9200ek device into scheduling *only* when a at91rm9200ek device becomes available for scheduling - as two completely separate decisions. Then, the relational work is done by the database when the lava-master makes the query "which test jobs are available to start NOW". This is much more efficient because we are looking at jobs where all devices in the target_group are in state SCHEDULED. The database can easily exclude test jobs which are in state SUBMITTED (the at91rm9200ek jobs) and a simple check on target_group shows that the MultiNode test job is not ready to start. That can all be done with a single database query using select_related and other ORM niceties.
Let's describe this with roles:
role: client device-type: at91rm9200ek
role: server device-type: laptop
If the at91rm9200ek is in Maintenance and there are no other devices of device-type at91rm9200ek in state Idle, then nothing will get scheduled for at91rm9200ek.
However, when a MultiNode test job is submitted for 1 at91rm9200ek and 1 or more "laptop" device(s), then there is no reason to stop scheduling the laptop device in state Idle without scrabbling through the test job definition and working out (again and again, every time the scheduler loops through the queue) which device-types are requested, which devices of those types are available and what to do next.
The problem is NOT the state of the at91rm9200ek - Maintenance or Bad, it makes no difference. The problem for the SCHEDULER is that the laptop device is Idle and requested by a test job with a sufficiently low submit_time (and high enough Priority) that it is first in the queue.
The problem at the SUBMISSION stage is that the only decision available is whether to allow the test job asking for at91rm9200ek & laptop onto the queue or whether to refuse it outright. Currently, a refusal is only implemented if all devices of at least one device-type specified in the test job are in Retired state.
After many, many rounds of testing, test jobs, discussions going on over several years we came to the decision that in your situation - where there is a dire shortage of a resource used by multiple MultiNode test jobs, that the only thing that was safe for the SCHEDULER to do was to allow the Idle device to be scheduled and let the test job wait for resources to become available, either by moving the other device out of Maintenance or providing extra hardware for the Idle device.
We're looking at what the Maintenance state means for MultiNode in https://projects.linaro.org/browse/LAVA-1299 but it is not acceptable to refuse submissions when devices are not Retired. Users have an
expectation
that devices which are being fixed will come back online at some point -
or
will go into retired. There is also
I agree.
https://projects.linaro.org/browse/LAVA-595 but that work has not yet
been
scoped. It could be a long time before that work starts and will take months of work once it does start.
The problem is a structural one in the physical resources available in
your
local lab. It is a problem we have faced more than once in our own instances and we have gone down all the various routes until we've come
to
the current implementation.
We also work actively on the kernel and thus, we take boards (which we own only once) out of the lab to work on it and then put it into the lab once we've finished working. This is where we put it in Maintenance mode as, IMHO, Retired does not cover this use case. This "Maintenance" can take seconds, days or months.
For me, you're ignoring an issue that is almost inexistent in your case
It is an issue which has had months of investigation, discussion and intervention in our use cases. We have spent a very long time going
through
all of the permutations.
I understand the scheduler is a critical part of the software that had your attention for a long time and appropriate testing, no doubt.
because you've dealt with it by adding as much resource as you could to make the probability to happen to be close to zero. That does not mean it does not exist. I'm not criticizing the way to deal with it, I'm
just
saying this way isn't a path we can take personally.
Then you need to manage the queue on your instance in ways that allow for your situation.
Let me know if I can be of any help debugging this thing or
testing a
possible fix. I'd have a look at the scheduler but you, obviously knowing the code base way better than I do, might have a quick
patch on
hand.
Patches would be a bad solution for a structural problem.
As a different approach, why do you need MultiNode with a "laptop"
type
device in the first place? Can the test jobs be reconfigured to use
LXC
which does not use MultiNode? What is the "laptop" device-type doing
that
cannot be done in an LXC? LXC is created on-the-fly, one for each
device,
when the test job requests one. This solved the resource starvation
problem
with the majority of MultiNode issues because the work previously
done in
the generic QEMU / "laptop" role can just as easily be done in an
LXC.
We're testing Gigabit NICs can actually handle Gbps transfers. We need
a
fully available Gbps NIC for each and every test we do to make the
results
reliable and consistent.
Then as that resource is limited, you must create a way that only one
test
job of this kind can ever actually run at a time. That can be done by working at the stage prior to submission or it can be done by changing
the
device availablity such that the submission is rejected. Critically,
there
must also be a way to prevent jobs entering the queue if one of the device-types is not available. That can be easily determined using the XML-RPC API prior to submission. Once submitted, LAVA must attempt to run
That's a "lot" of complexity to deal with on our side but that's indeed a way to do it. I'd have to make sure only one device has a MultiNode job in queue and monitor it to send the next one.
the test job as quickly as possible, under the expectation that devices which have not been Retired will become available again within a
reasonable
amount of time. If that is not the case then those devices should be Retired. (Devices can be brought out of Retired as easily as going in, it doesn't have to be a permanent state, nothing is actually deleted from
the
device configuration.)
Hum... I'm just wondering. What about a device that was submitted a MultiNode job but got Retired since then?
Well spotted - that is left to the admins to manage. There is a story outstanding to cancel all test jobs submitted,scheduled or running for devices which are transitioned into Retired.
Now I'm wondering what's the difference between Retired and Maintenance except that it does not accept job submission?
The difference only shows if ALL devices of the device-type are in the specified state.
Retired - no submissions allowed. No test jobs in the queue will be scheduled. Running test jobs will be left to complete. Submitted jobs are currently unchanged if the state changes to Retired. Maintenance - submissions are allowed. No test jobs in the queue will be scheduled. Running test jobs will be left to complete. Submitted jobs are unchanged if the state changes to Maintenance.
So the only distinction between Retired and Maintenance at the moment is submissions.
What you are describing sounds like a misuse of MultiNode resulting
in
resource starvation and the fix is to have enough of the limited
resource
to prevent starvation - either by adding hardware and changing the
current
test jobs to use device-tags or relocating the work done on the
starved
resource into an LXC so that every device can have a dedicated
"container"
to do things which cannot be easily done on the device.
Neither of those options are possible in our use case.
I understand the MultiNode scheduler is complex and low priority. We've modestly contributed to LAVA before, we're not telling you to fix it ASAP but rather to help or guide us to fix this issue in a way it could be accepted in the upstream version of LAVA.
If you still stand strong against a patch or if it's a lengthy complete rework of the scheduler, could we have at least a way to tell for how long a test have been scheduled (or for how long a board has been reserved for a test that is scheduled)?
That data is already available in the current UI and over the XML-RPC API and REST API.
Check for Queued Jobs and the scheduling state, also the job_details call in XML-RPC. There are a variety of ways of getting the information you require using the existing APIs - which one you use will depend on your preference and current scripting.
Rather than polling on XML-RPC, it would be better for a monitoring
process
to use ZMQ and the publisher events to get push notifications of change
of
state. That lowers the load on the master, depending on how busy the instance actually becomes.
That way we can use an external tool to monitor this and manually cancel them when needed. Currently, I don't think there is a way to tell since when the job was scheduled.
Every test job has a database object of submit_time created at the point where the job is created upon submission.
Submit_time isn't really an option if it's telling what its name is telling because I can have jobs in queue for days. (Multiple network tests for each and every board and also time-consuming tests (e.g. crypto) that have the same priority).
I'll have a look at what you've offered above, thanks.
Thanks for having taken the time to answer my question,
Quentin