Fix #35404: stop ECS tasks on shutdown within timeout

Author: LEDfan

src/main/java/eu/openanalytics/containerproxy/backend/AbstractContainerBackend.java

@@ -50,6 +50,7 @@
 import java.nio.file.Files;
 import java.nio.file.Path;
 import java.nio.file.Paths;
+import java.util.Collection;
 import java.util.HashMap;
 import java.util.Map;
 import java.util.Properties;
@@ -148,6 +149,17 @@ public void stopProxy(Proxy proxy) throws ContainerProxyException {
         }
     }
 
+    @Override
+    public void stopProxies(Collection<Proxy> proxies) {
+        for (Proxy proxy : proxies) {
+            try {
+                stopProxy(proxy);
+            } catch (Exception exception) {
+                log.error("Error while stopping proxy", exception);
+            }
+        }
+    }
+
     protected abstract void doStopProxy(Proxy proxy) throws Exception;
 
     @Override

src/main/java/eu/openanalytics/containerproxy/backend/IContainerBackend.java

@@ -32,6 +32,7 @@
 
 import java.io.OutputStream;
 import java.net.URI;
+import java.util.Collection;
 import java.util.List;
 import java.util.Map;
 import java.util.function.BiConsumer;
@@ -59,6 +60,13 @@ public interface IContainerBackend {
      */
     void stopProxy(Proxy proxy) throws ContainerProxyException;
 
+    /**
+     * Stops the given proxies. Might use different mechanism to stop the proxies.
+     *
+     * @param proxies proxies to stop
+     */
+    void stopProxies(Collection<Proxy> proxies);
+
     default void pauseProxy(Proxy proxy) {
         throw new IllegalStateException("PauseProxy not supported by backend");
     }

src/main/java/eu/openanalytics/containerproxy/backend/dispatcher/DefaultProxyDispatcher.java

@@ -32,6 +32,8 @@
 import org.springframework.security.core.Authentication;
 import org.springframework.stereotype.Component;
 
+import java.util.Collection;
+
 @Component
 public class DefaultProxyDispatcher implements IProxyDispatcher {
 
@@ -54,6 +56,11 @@ public void stopProxy(Proxy proxy, ProxyStopReason proxyStopReason) throws Conta
         containerBackend.stopProxy(proxy);
     }
 
+    @Override
+    public void stopProxies(Collection<Proxy> proxies) {
+        containerBackend.stopProxies(proxies);
+    }
+
     @Override
     public void pauseProxy(Proxy proxy) {
         containerBackend.pauseProxy(proxy);

src/main/java/eu/openanalytics/containerproxy/backend/dispatcher/IProxyDispatcher.java

@@ -28,6 +28,8 @@
 import eu.openanalytics.containerproxy.model.spec.ProxySpec;
 import org.springframework.security.core.Authentication;
 
+import java.util.Collection;
+
 public interface IProxyDispatcher {
 
     Proxy startProxy(Authentication user, Proxy proxy, ProxySpec spec, ProxyStartupLog.ProxyStartupLogBuilder proxyStartupLogBuilder) throws ProxyFailedToStartException;
@@ -38,6 +40,8 @@ default void stopProxy(Proxy proxy) throws ContainerProxyException {
         stopProxy(proxy, ProxyStopReason.Unknown);
     }
 
+    void stopProxies(Collection<Proxy> proxies);
+
     void pauseProxy(Proxy proxy);
 
     Proxy resumeProxy(Authentication user, Proxy proxy, ProxySpec proxySpec) throws ProxyFailedToStartException;
@@ -51,4 +55,5 @@ default void stopProxy(Proxy proxy) throws ContainerProxyException {
     boolean isProxyHealthy(Proxy proxy);
 
     boolean isProxyHealthySupported();
+
 }

src/main/java/eu/openanalytics/containerproxy/backend/dispatcher/proxysharing/ProxySharingDispatcher.java

@@ -56,6 +56,7 @@
 import javax.inject.Inject;
 import java.time.Duration;
 import java.time.LocalDateTime;
+import java.util.Collection;
 import java.util.Objects;
 import java.util.UUID;
 import java.util.concurrent.CancellationException;
@@ -195,6 +196,17 @@ public void stopProxy(Proxy proxy, ProxyStopReason proxyStopReason) throws Conta
         cancelPendingDelegateProxy(proxy.getId());
     }
 
+    @Override
+    public void stopProxies(Collection<Proxy> proxies) {
+        for (Proxy proxy : proxies) {
+            try {
+                stopProxy(proxy);
+            } catch (Exception e) {
+                logger.error("Error while stopping proxy", e);
+            }
+        }
+    }
+
     @Override
     public void pauseProxy(Proxy proxy) {
         throw new IllegalStateException("ProxySharingDispatcher does not support pauseProxy.");

src/main/java/eu/openanalytics/containerproxy/backend/dispatcher/proxysharing/ProxySharingScaler.java

@@ -318,6 +318,10 @@ private void markAllDelegateProxiesForRemoval() {
     }
 
     private void reconcile() {
+        if (executor.isShutdown() || executor.isTerminated()) {
+            // see #35403
+            return;
+        }
         long numPendingSeats = getNumPendingSeats();
         long num = seatStore.getNumUnclaimedSeats() + numPendingSeats - pendingDelegatingProxies.size();
         debug(String.format("Status: %s, Unclaimed: %s + PendingDelegate: %s - PendingDelegating: %s = %s -> minimum: %s",
@@ -480,7 +484,7 @@ private Runnable createDelegateProxyJob(DelegateProxy originalDelegateProxy) {
                 } catch (Throwable t2) {
                     // log error, but ignore it otherwise
                     // most important is that we remove the proxy from memory
-                    logError(originalDelegateProxy, t, "Error while stopping failed DelegateProxy");
+                    logError(originalDelegateProxy, t2, "Error while stopping failed DelegateProxy");
                 }
                 // remove seats and other data + trigger reconcile
                 globalEventLoop.schedule(() -> markDelegateProxyForRemoval(id));
@@ -494,7 +498,7 @@ private Runnable createDelegateProxyJob(DelegateProxy originalDelegateProxy) {
                     } catch (Throwable t2) {
                         // log error, but ignore it otherwise
                         // most important is that we remove the proxy from memory
-                        logError(originalDelegateProxy, t, "Error while stopping failed DelegateProxy");
+                        logError(originalDelegateProxy, t2, "Error while stopping failed DelegateProxy");
                     }
                 }
                 // remove seats and other data + trigger reconcile
@@ -646,14 +650,19 @@ public Long getNumClaimedSeats() {
     }
 
     public void stopAll() {
-        executor.shutdown();
         try {
-            executor.awaitTermination(3, TimeUnit.MINUTES);
-        } catch (InterruptedException e) {
-            throw new RuntimeException(e);
-        }
-        for (DelegateProxy delegateProxy : delegateProxyStore.getAllDelegateProxies()) {
-            containerBackend.stopProxy(delegateProxy.getProxy());
+            executor.shutdown();
+            try {
+                executor.awaitTermination(10, TimeUnit.SECONDS);
+                executor.shutdownNow();
+                executor.awaitTermination(120, TimeUnit.SECONDS);
+            } catch (InterruptedException e) {
+                // ignore
+            }
+            logger.info("Stopping {} delegateProxies", delegateProxyStore.getAllDelegateProxies().size());
+            containerBackend.stopProxies(delegateProxyStore.getAllDelegateProxies().stream().map(DelegateProxy::getProxy).toList());
+        } catch (Exception e) {
+            logger.error("Error while stopping all delegateProxies", e);
         }
     }
 

src/main/java/eu/openanalytics/containerproxy/backend/ecs/EcsBackend.java

@@ -43,6 +43,7 @@
 import org.apache.commons.lang3.StringUtils;
 import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
 import org.springframework.data.util.Pair;
+import org.springframework.scheduling.annotation.Scheduled;
 import org.springframework.security.core.Authentication;
 import org.springframework.stereotype.Component;
 import software.amazon.awssdk.regions.Region;
@@ -71,19 +72,22 @@
 import software.amazon.awssdk.services.ecs.model.Tag;
 import software.amazon.awssdk.services.ecs.model.Task;
 import software.amazon.awssdk.services.ecs.model.Volume;
+import software.amazon.awssdk.services.sts.StsClient;
 
 import javax.annotation.PostConstruct;
 import javax.inject.Inject;
 import java.io.IOException;
 import java.net.URI;
 import java.util.ArrayList;
 import java.util.Arrays;
+import java.util.Collection;
 import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
 import java.util.Objects;
 import java.util.Optional;
 import java.util.UUID;
+import java.util.concurrent.TimeUnit;
 import java.util.regex.Pattern;
 import java.util.stream.Stream;
 
@@ -100,6 +104,7 @@ public class EcsBackend extends AbstractContainerBackend {
     private static final List<RuntimeValueKey<?>> IGNORED_RUNTIME_VALUES = Arrays.asList(PortMappingsKey.inst, UserGroupsKey.inst);
     private static final List<String> STARTING_STATES = List.of("PROVISIONING", "PENDING", "ACTIVATING");
     private static final List<String> STOPPING_STATES = List.of("DEACTIVATING", "STOPPING", "DEPROVISIONING", "STOPPED", "DELETED");
+    private static final Tag TO_DELETE_TAG = Tag.builder().key("openanalytics.eu/sp-to-delete").value("true").build();
 
     private EcsClient ecsClient;
     private Boolean enableCloudWatch;
@@ -111,6 +116,8 @@ public class EcsBackend extends AbstractContainerBackend {
     private int totalWaitMs;
     private String cluster;
     private String defaultRepositoryCredentialsParameter;
+    private String region;
+    private String accountId;
 
     @Inject
     private IProxySpecProvider proxySpecProvider;
@@ -120,10 +127,13 @@ public class EcsBackend extends AbstractContainerBackend {
     public void initialize() {
         super.initialize();
 
-        String region = getProperty(PROPERTY_REGION);
+        region = getProperty(PROPERTY_REGION);
         if (region == null) {
             throw new IllegalStateException("Error in configuration of ECS backend: proxy.ecs.region not set");
         }
+        try (StsClient stsClient = StsClient.create()) {
+            accountId = stsClient.getCallerIdentity().account();
+        }
 
         ecsClient = EcsClient.builder()
             .region(Region.of(region))
@@ -256,21 +266,24 @@ public Proxy startContainer(Authentication user, Container initialContainer, Con
             }, totalWaitMs, "ECS Task", 10, proxy, slog)) serviceReady = true;
             else serviceReady = false;
 
+            if (!serviceReady) {
+                throw new ContainerFailedToStartException("Service failed to start", null, rContainerBuilder.build());
+            }
+
             proxyStartupLogBuilder.containerStarted(initialContainer.getIndex());
 
             String image = ecsClient.describeTasks(builder -> builder.cluster(cluster).tasks(taskArn)).tasks().getFirst().containers().getFirst().image();
             rContainerBuilder.addRuntimeValue(new RuntimeValue(ContainerImageKey.inst, image), false);
 
-            if (!serviceReady) {
-                throw new ContainerFailedToStartException("Service failed to start", null, rContainerBuilder.build());
-            }
-
             Map<Integer, Integer> portBindings = new HashMap<>();
             Container rContainer = rContainerBuilder.build();
             Map<String, URI> targets = setupPortMappingExistingProxy(proxy, rContainer, portBindings);
             return proxy.toBuilder().addTargets(targets).updateContainer(rContainer).build();
         } catch (ContainerFailedToStartException t) {
             throw t;
+        } catch (InterruptedException interruptedException) {
+            Thread.currentThread().interrupt();
+            throw new ContainerFailedToStartException("ECS container failed to start", interruptedException, rContainerBuilder.build());
         } catch (Throwable throwable) {
             throw new ContainerFailedToStartException("ECS container failed to start", throwable, rContainerBuilder.build());
         }
@@ -433,6 +446,10 @@ private List<Secret> getSecrets(EcsSpecExtension specExtension) {
 
     @Override
     protected void doStopProxy(Proxy proxy) {
+        if (Thread.currentThread().isInterrupted()) {
+            // use stopProxies on shutdown of ShinyProxy
+            return;
+        }
         for (Container container : proxy.getContainers()) {
             String taskArn = container.getRuntimeValue(BackendContainerNameKey.inst);
             ecsClient.stopTask(builder -> builder.cluster(cluster).task(taskArn));
@@ -449,18 +466,45 @@ protected void doStopProxy(Proxy proxy) {
                     .cluster(cluster)
                     .tasks(taskArn));
 
-                if (response.hasTasks() && !STOPPING_STATES.contains(response.tasks().getFirst().lastStatus())) {
+                if (response.hasTasks() && !STOPPING_STATES.contains(response.tasks().getFirst().desiredStatus())) {
                     return Retrying.FAILURE;
                 }
             }
             return Retrying.SUCCESS;
-        }, totalWaitMs, "Stopping ECS Task", 10, proxy, slog);
+        }, totalWaitMs, "Stopping ECS Task", 0, proxy, slog);
 
         if (!isInactive) {
             slog.warn(proxy, "Container did not get into stopping state");
         }
     }
 
+    @Override
+    public void stopProxies(Collection<Proxy> proxies) {
+        // ECS has strict rate limits, on shutdown we don't have enough time to stop all task and proxies
+        // see https://docs.aws.amazon.com/AmazonECS/latest/APIReference/request-throttling.html
+        // therefore we stop all tasks (rate limit = 40/s * 120s = 4800 tasks) and tag the TaskDefinitions with a tag (rate limit = 10/s)
+        String taskDefinitionArnPrefix = String.format("arn:aws:ecs:%s:%s:task-definition/sp-task-definition-", region, accountId);
+        String taskDefinitionArnSuffix = ":1";
+        for (Proxy proxy : proxies) {
+            for (Container container : proxy.getContainers()) {
+                String taskArn = container.getRuntimeValue(BackendContainerNameKey.inst);
+                try {
+                    ecsClient.stopTask(builder -> builder.cluster(cluster).task(taskArn));
+                } catch (Exception e) {
+                    log.warn("Error stopping task: ", e);
+                }
+                try {
+                    ecsClient.tagResource(builder -> builder
+                        .resourceArn(taskDefinitionArnPrefix + proxy.getId() + taskDefinitionArnSuffix)
+                        .tags(TO_DELETE_TAG)
+                    );
+                } catch (Exception e) {
+                    log.warn("Error tagging task definition: ", e);
+                }
+            }
+        }
+    }
+
     @Override
     protected String getPropertyPrefix() {
         return PROPERTY_PREFIX;

src/main/java/eu/openanalytics/containerproxy/service/ProxyService.java

@@ -24,6 +24,7 @@
 import eu.openanalytics.containerproxy.ContainerProxyException;
 import eu.openanalytics.containerproxy.ProxyFailedToStartException;
 import eu.openanalytics.containerproxy.ProxyStartValidationException;
+import eu.openanalytics.containerproxy.backend.dispatcher.IProxyDispatcher;
 import eu.openanalytics.containerproxy.backend.dispatcher.ProxyDispatcherService;
 import eu.openanalytics.containerproxy.backend.strategy.IProxyTestStrategy;
 import eu.openanalytics.containerproxy.event.ProxyPauseEvent;
@@ -64,11 +65,13 @@
 import java.time.Instant;
 import java.util.ArrayList;
 import java.util.Arrays;
+import java.util.Collection;
 import java.util.HashSet;
 import java.util.List;
 import java.util.Map;
 import java.util.Set;
 import java.util.UUID;
+import java.util.stream.Collectors;
 import java.util.stream.Stream;
 
 /**
@@ -132,9 +135,13 @@ public void shutdown() {
         if (!stopAppsOnShutdown) {
             return;
         }
-        for (Proxy proxy : proxyStore.getAllProxies()) {
+        // group proxies by dispatcher
+        Collection<Proxy> proxies = proxyStore.getAllProxies();
+        Map<IProxyDispatcher, List<Proxy>> groups = proxies.stream().collect(Collectors.groupingBy(p -> proxyDispatcherService.getDispatcher(p.getSpecId())));
+        for (var group : groups.entrySet()) {
             try {
-                proxyDispatcherService.getDispatcher(proxy.getSpecId()).stopProxy(proxy);
+                // stop proxies in group
+                group.getKey().stopProxies(group.getValue());
             } catch (Exception exception) {
                 log.error("Error during shutdown", exception);
             }
@@ -552,14 +559,14 @@ private Proxy startOrResumeProxy(Authentication user, Proxy proxy, ProxyStartupL
             } catch (Throwable t2) {
                 // log error, but ignore it otherwise
                 // most important is that we remove the proxy from memory
-                slog.warn(t.getProxy(), t, "Error while collecting logs of failed proxy");
+                slog.warn(t.getProxy(), t2, "Error while collecting logs of failed proxy");
             }
             try {
                 proxyDispatcherService.getDispatcher(spec.getId()).stopProxy(t.getProxy());
             } catch (Throwable t2) {
                 // log error, but ignore it otherwise
                 // most important is that we remove the proxy from memory
-                slog.warn(t.getProxy(), t, "Error while stopping failed proxy");
+                slog.warn(t.getProxy(), t2, "Error while stopping failed proxy");
             }
             proxyStore.removeProxy(t.getProxy());
             applicationEventPublisher.publishEvent(new ProxyStartFailedEvent(t.getProxy()));