Fix #34863: check container health during startup to fail early

Author: LEDfan

src/main/java/eu/openanalytics/containerproxy/backend/IContainerBackend.java

@@ -108,5 +108,11 @@ default Proxy addRuntimeValuesAfterSpel(Authentication user, ProxySpec spec, Pro
         return proxy;
     }
 
+    /**
+     * Checks the health of the proxy, by checking the health of the underlying container.
+     * Assumes that the container has started and reached the running state.
+     * @param proxy the proxy to check the health of
+     * @return whether the proxy is healthy
+     */
     boolean isProxyHealthy(Proxy proxy);
 }

src/main/java/eu/openanalytics/containerproxy/backend/dispatcher/proxysharing/ProxySharingDispatcher.java

@@ -48,7 +48,6 @@
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.ApplicationEventPublisher;
-import org.springframework.context.annotation.Lazy;
 import org.springframework.context.event.EventListener;
 import org.springframework.core.env.Environment;
 import org.springframework.security.core.Authentication;

src/main/java/eu/openanalytics/containerproxy/backend/docker/DockerSwarmBackend.java

@@ -44,7 +44,6 @@
 import org.mandas.docker.client.LogStream;
 import org.mandas.docker.client.exceptions.DockerException;
 import org.mandas.docker.client.exceptions.ServiceNotFoundException;
-import org.mandas.docker.client.exceptions.TaskNotFoundException;
 import org.mandas.docker.client.messages.RegistryAuth;
 import org.mandas.docker.client.messages.mount.Mount;
 import org.mandas.docker.client.messages.swarm.DnsConfig;
@@ -88,6 +87,8 @@ public class DockerSwarmBackend extends AbstractDockerBackend {
 
     private int serviceWaitTime;
 
+    private static final List<String> STARTING_STATES = List.of("new", "pending", "assigned", "accepted", "ready", "preparing", "starting", "running");
+
     @PostConstruct
     public void initialize() {
         super.initialize();
@@ -221,21 +222,18 @@ public Proxy startContainer(Authentication user, Container initialContainer, Con
 
             // Give the service some time to start up and launch a container.
             boolean containerFound = Retrying.retry((currentAttempt, maxAttempts) -> {
-                try {
-                    Task serviceTask = dockerClient
-                        .listTasks(Task.Criteria.builder().serviceName(serviceName).build())
-                        .stream().findAny().orElseThrow(() -> new IllegalStateException("Swarm service has no tasks"));
-                    if (serviceTask.status().containerStatus() != null) {
-                        rContainerBuilder.id(serviceTask.status().containerStatus().containerId());
-                        return true;
-                    } else if (currentAttempt > 10 && log != null) {
-                        slog.info(proxy, String.format("Docker Swarm Service not ready yet, trying again (%d/%d)", currentAttempt, maxAttempts));
-                    }
-                } catch (Exception e) {
-                    throw new RuntimeException("Failed to inspect swarm service tasks", e);
+                Task serviceTask = dockerClient
+                    .listTasks(Task.Criteria.builder().serviceName(serviceName).build())
+                    .stream().findAny().orElseThrow(() -> new IllegalStateException("Swarm service has no tasks"));
+                if (serviceTask.status().containerStatus() != null && serviceTask.status().state().equals("running")) {
+                    rContainerBuilder.id(serviceTask.status().containerStatus().containerId());
+                    return Retrying.SUCCESS;
+                } else if (!STARTING_STATES.contains(serviceTask.status().state())) {
+                    slog.warn(proxy, "Docker Swarm container failed: container not running, state reported by docker: " + toJson(serviceTask.status()));
+                    return new Retrying.Result(false, false);
                 }
-                return false;
-            }, serviceWaitTime, true);
+                return Retrying.FAILURE;
+            }, serviceWaitTime, "Docker Swarm Service", 10, proxy, slog);
 
             if (!containerFound) {
                 dockerClient.removeService(serviceId);

src/main/java/eu/openanalytics/containerproxy/backend/ecs/EcsBackend.java

@@ -96,6 +96,8 @@ public class EcsBackend extends AbstractContainerBackend {
     private static final Pattern TAG_VALUE_PATTERN = Pattern.compile("^[a-zA-Z0-9 +-=._:/@]*$");
     private static final Pattern LOG_GORUP_REPLACE_PATTERN = Pattern.compile("[^a-zA-Z0-9_\\-.#]");
     private static final List<RuntimeValueKey<?>> IGNORED_RUNTIME_VALUES = Arrays.asList(PortMappingsKey.inst, UserGroupsKey.inst);
+    private static final List<String> STARTING_STATES = List.of("PROVISIONING", "PENDING", "ACTIVATING");
+    private static final List<String> STOPPING_STATES = List.of("DEACTIVATING", "STOPPING", "DEPROVISIONING", "STOPPED", "DELETED");
 
     private EcsClient ecsClient;
     private Boolean enableCloudWatch;
@@ -235,15 +237,17 @@ public Proxy startContainer(Authentication user, Container initialContainer, Con
                     .cluster(cluster)
                     .tasks(taskArn));
 
-                if (response.hasTasks() && response.tasks().get(0).lastStatus().equals("RUNNING")) {
-                    return true;
-                } else {
-                    if (currentAttempt > 10) {
-                        slog.info(proxy, String.format("ECS Task not ready yet, trying again (%d/%d)", currentAttempt, maxAttempts));
+                if (response.hasTasks()) {
+                    Task task = response.tasks().get(0);
+                    if (task.lastStatus().equals("RUNNING")) {
+                        return Retrying.SUCCESS;
+                    } else if (!STARTING_STATES.contains(task.lastStatus()) || !task.desiredStatus().equals("RUNNING")) {
+                        slog.warn(proxy, String.format("ECS container failed: task not running, stopCode: '%s', stoppingAt: '%s', stoppedAt: '%s', stoppedReason: '%s'", task.stopCode(), task.stoppingAt(), task.stoppedAt(), task.stoppedReason()));
+                        return new Retrying.Result(false, false);
                     }
-                    return false;
                 }
-            }, totalWaitMs);
+                return Retrying.FAILURE;
+            }, totalWaitMs, "ECS Task", 10, proxy, slog);
 
             proxyStartupLogBuilder.containerStarted(initialContainer.getIndex());
 
@@ -413,24 +417,19 @@ protected void doStopProxy(Proxy proxy) throws Exception {
             ecsClient.deleteTaskDefinitions(builder -> builder.taskDefinitions("sp-task-definition-" + proxy.getId() + ":1"));
         }
 
-        List<String> stoppingState = Arrays.asList("DEACTIVATING", "STOPPING", "DEPROVISIONING", "STOPPED", "DELETED");
-
         boolean isInactive = Retrying.retry((currentAttempt, maxAttempts) -> {
             for (Container container : proxy.getContainers()) {
                 String taskArn = container.getRuntimeValue(BackendContainerNameKey.inst);
                 DescribeTasksResponse response = ecsClient.describeTasks(builder -> builder
                     .cluster(cluster)
                     .tasks(taskArn));
 
-                if (response.hasTasks() && !stoppingState.contains(response.tasks().get(0).lastStatus())) {
-                    if (currentAttempt > 10) {
-                        slog.info(proxy, String.format("ECS Task not in stopping state yet, trying again (%d/%d)", currentAttempt, maxAttempts));
-                    }
-                    return false;
+                if (response.hasTasks() && !STOPPING_STATES.contains(response.tasks().get(0).lastStatus())) {
+                    return Retrying.FAILURE;
                 }
             }
-            return true;
-        }, totalWaitMs);
+            return Retrying.SUCCESS;
+        }, totalWaitMs, "Stopping ECS Task", 10, proxy, slog);
 
         if (!isInactive) {
             slog.warn(proxy, "Container did not get into stopping state");

src/main/java/eu/openanalytics/containerproxy/backend/kubernetes/KubernetesBackend.java

@@ -93,7 +93,6 @@
 import org.apache.commons.compress.utils.IOUtils;
 import org.apache.commons.lang3.StringUtils;
 import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
-import org.springframework.context.ApplicationEventPublisher;
 import org.springframework.security.core.Authentication;
 import org.springframework.stereotype.Component;
 
@@ -349,14 +348,17 @@ public Proxy startContainer(Authentication user, Container initialContainer, Con
             Pod startedPod = kubeClient.pods().inNamespace(effectiveKubeNamespace).create(patchedPod);
 
             boolean podReady = Retrying.retry((currentAttempt, maxAttempts) -> {
-                if (!Readiness.getInstance().isReady(kubeClient.resource(startedPod).fromServer().get())) {
-                    if (currentAttempt > 10 && log != null) {
-                        slog.info(proxy, String.format("Kubernetes Pod not ready yet, trying again (%d/%d)", currentAttempt, maxAttempts));
-                    }
-                    return false;
+                Pod pod = kubeClient.resource(startedPod).fromServer().get();
+                Optional<String> error = getContainerFailure(pod);
+                if (error.isPresent()) {
+                    slog.warn(proxy, error.get());
+                    return new Retrying.Result(false, false);
+                }
+                if (!Readiness.getInstance().isReady(pod)) {
+                    return Retrying.FAILURE;
                 }
-                return true;
-            }, totalWaitMs);
+                return Retrying.SUCCESS;
+            }, totalWaitMs, "Kubernetes Pod", 10, proxy, slog);
 
             if (!podReady) {
                 // check a final time whether the pod is ready
@@ -396,7 +398,7 @@ public Proxy startContainer(Authentication user, Container initialContainer, Con
                         .build());
 
                 // Workaround: waitUntilReady appears to be buggy.
-                Retrying.retry((currentAttempt, maxAttempts) -> isServiceReady(kubeClient.resource(startupService).fromServer().get()), 60_000);
+                Retrying.retry((currentAttempt, maxAttempts) -> new Retrying.Result(isServiceReady(kubeClient.resource(startupService).fromServer().get())), 60_000);
 
                 service = kubeClient.resource(startupService).fromServer().get();
                 portBindings = service.getSpec().getPorts().stream()
@@ -660,7 +662,7 @@ protected void doStopProxy(Proxy proxy) {
             String podNamespace = podInfo.get().getNamespace();
             String podName = podInfo.get().getName();
 
-            if (getContainerFailure(proxy, podNamespace, podName).isPresent()) {
+            if (getContainerFailure(podNamespace, podName).isPresent()) {
                 logKubernetesWarnings(proxy, podNamespace, podName);
             }
 
@@ -783,28 +785,31 @@ public List<ExistingContainerInfo> scanExistingContainers() {
         return containers;
     }
 
-    private Optional<String> getContainerFailure(Proxy proxy, String podNamespace, String podName) {
+    private Optional<String> getContainerFailure(String podNamespace, String podName) {
         Pod pod = kubeClient.pods().inNamespace(podNamespace).withName(podName).get();
+        return getContainerFailure(pod);
+    }
+
+    private Optional<String> getContainerFailure(Pod pod) {
         if (pod == null) {
             return Optional.of("Kubernetes container failed, pod does not exist");
-        } else {
-            Optional<ContainerStatus> containerStatus = pod.getStatus().getContainerStatuses().stream().findFirst();
-            ContainerState state = null;
-            if (containerStatus.isPresent() && containerStatus.get().getState() != null) {
-                state = containerStatus.get().getState();
-            } else if (containerStatus.isPresent() && containerStatus.get().getLastState() != null) {
-                state = containerStatus.get().getLastState();
-            }
-            if (state != null && state.getTerminated() != null) {
-                String message = pod.getStatus().getMessage();
-                String logs = state.getTerminated().getMessage();
-                String reason = state.getTerminated().getReason();
-                Integer exitCode = state.getTerminated().getExitCode();
-                return Optional.of(String.format("Kubernetes pod failed, reason: '%s', exitCode: '%s', node: '%s', message:\n%s\nlogs:\n%s\n", reason, exitCode, pod.getSpec().getNodeName(), message, logs));
-            }
-            if (pod.isMarkedForDeletion()) {
-                return Optional.of(String.format("Kubernetes pod is being terminated, node: '%s'", pod.getSpec().getNodeName()));
-            }
+        }
+        Optional<ContainerStatus> containerStatus = pod.getStatus().getContainerStatuses().stream().findFirst();
+        ContainerState state = null;
+        if (containerStatus.isPresent() && containerStatus.get().getState() != null) {
+            state = containerStatus.get().getState();
+        } else if (containerStatus.isPresent() && containerStatus.get().getLastState() != null) {
+            state = containerStatus.get().getLastState();
+        }
+        if (state != null && state.getTerminated() != null) {
+            String message = pod.getStatus().getMessage();
+            String logs = state.getTerminated().getMessage();
+            String reason = state.getTerminated().getReason();
+            Integer exitCode = state.getTerminated().getExitCode();
+            return Optional.of(String.format("Kubernetes pod failed, reason: '%s', exitCode: '%s', node: '%s', message:\n%s\nlogs:\n%s\n", reason, exitCode, pod.getSpec().getNodeName(), message, logs));
+        }
+        if (pod.isMarkedForDeletion()) {
+            return Optional.of(String.format("Kubernetes pod is being terminated, node: '%s'", pod.getSpec().getNodeName()));
         }
         return Optional.empty();
     }
@@ -817,7 +822,7 @@ public boolean isProxyHealthy(Proxy proxy) {
                 continue;
             }
             for (int i = 0; i < 5; i++) {
-                Optional<String> error = getContainerFailure(proxy, podInfo.get().getNamespace(), podInfo.get().getName());
+                Optional<String> error = getContainerFailure(podInfo.get().getNamespace(), podInfo.get().getName());
                 if (error.isPresent()) {
                     slog.warn(proxy, error.get());
                     return false;

src/main/java/eu/openanalytics/containerproxy/service/ProxyService.java

@@ -43,7 +43,6 @@
 import eu.openanalytics.containerproxy.spec.expression.SpecExpressionContext;
 import eu.openanalytics.containerproxy.spec.expression.SpecExpressionResolver;
 import eu.openanalytics.containerproxy.util.ProxyMappingManager;
-import eu.openanalytics.containerproxy.util.Retrying;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.context.ApplicationEventPublisher;

src/main/java/eu/openanalytics/containerproxy/util/Retrying.java

@@ -20,6 +20,8 @@
  */
 package eu.openanalytics.containerproxy.util;
 
+import eu.openanalytics.containerproxy.model.runtime.Proxy;
+import eu.openanalytics.containerproxy.service.StructuredLogger;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
@@ -28,35 +30,49 @@ public class Retrying {
     private static final Logger log = LoggerFactory.getLogger(Retrying.class);
 
     public static boolean retry(Attempt job, int maxDelay) {
-        return retry(job, maxDelay, false);
+        return retry(job, maxDelay, null, -1);
     }
 
-    public static boolean retry(Attempt job, int maxDelay, boolean retryOnException) {
-        return retry(job, maxDelay, null, -1, retryOnException);
+    public static boolean retry(Attempt job, int maxDelay, String logMessage, int logAfterAttempts) {
+        return retry(job, maxDelay, logMessage, logAfterAttempts, null, null);
     }
 
-    public static boolean retry(Attempt job, int maxDelay, String logMessage, int logAfterAttmepts, boolean retryOnException) {
-        boolean retVal = false;
+    public static boolean retry(Attempt job, int maxDelay, String logMessage, int logAfterAttempts, Proxy proxy, StructuredLogger slog) {
         Exception exception = null;
         int maxAttempts = numberOfAttempts(maxDelay);
         for (int currentAttempt = 0; currentAttempt < maxAttempts; currentAttempt++) {
             delay(currentAttempt); // delay here so that we don't delay for the last iteration
             try {
-                if (job.attempt(currentAttempt, maxAttempts)) {
-                    retVal = true;
-                    exception = null;
-                    break;
+                Result result = job.attempt(currentAttempt, maxAttempts);
+                if (!result.keepGoing) {
+                    if (result.success && currentAttempt > logAfterAttempts && logMessage != null) {
+                        if (slog != null && proxy != null) {
+                            slog.info(proxy, String.format("Ready: %s", logMessage));
+                        } else {
+                            log.info(String.format("Ready: %s", logMessage));
+                        }
+                    }
+                    return result.success;
                 }
             } catch (Exception e) {
-                if (retryOnException) exception = e;
-                else throw new RuntimeException(e);
+                exception = e;
             }
-            if (currentAttempt > logAfterAttmepts && logMessage != null) {
-                log.info(String.format("Retry: %s (%d/%d)", logMessage, currentAttempt, maxAttempts));
+            if (currentAttempt > logAfterAttempts && logMessage != null) {
+                if (slog != null && proxy != null) {
+                    slog.info(proxy, String.format("Waiting: %s (%d/%d)", logMessage, currentAttempt, maxAttempts));
+                } else {
+                    log.info(String.format("Waiting: %s (%d/%d)", logMessage, currentAttempt, maxAttempts));
+                }
             }
         }
-        if (exception == null) return retVal;
-        else throw new RuntimeException(exception);
+        if (exception != null) {
+            if (slog != null && proxy != null) {
+                slog.warn(proxy, exception, String.format("Failed: %s", logMessage));
+            } else {
+                log.warn(String.format("Failed: %s", logMessage), exception);
+            }
+        }
+        return false;
     }
 
     public static void delay(Integer attempt) {
@@ -84,7 +100,18 @@ public static int numberOfAttempts(Integer maxDelay) {
 
     @FunctionalInterface
     public interface Attempt {
-        boolean attempt(int currentAttempt, int maxAttempts) throws Exception;
+        Result attempt(int currentAttempt, int maxAttempts) throws Exception;
+    }
+
+    public record Result(boolean success, boolean keepGoing) {
+
+        public Result(boolean success) {
+            this(success, !success);
+        }
+
     }
 
+    public final static Result SUCCESS = new Result(true, false);
+    public final static Result FAILURE = new Result(false, true);
+
 }