[RFC] New timer API for ngx_lua

agentzh · 2013-04-15T10:20:46+00:00

Hello! 说到基于 OpenResty 的博客应用，我其实一直想把 W...

[RFC] New timer API for ngx_lua

agentzh

Hello guys!

I've been working on the "timer" git branch for the ngx_lua project
where I've introduced a new timer API.

Essentially it is the ngx.timer.at() function on the Lua land, which
can be used in all contexts but init_by_lua*. The syntax of this
function is as follows:

    local ok, err = ngx.timer.at(delay, user_callback, user_arg1,
user_arg2, ...)

where the first argument, "delay", specifies the delay for the timer,
in seconds. One can specify fractional seconds like 0.001 to mean 1
millisecond here. 0 delay can also be specified, in which case the
timer will immediately expire when the current handler yields
execution. The second argument to ngx.timer.at(), "user_callback", can
be any Lua function, which will be invoked later in a background
"light thread" after the delay specified. The user callback will be
called by ngx_lua with the following arguments:

    premature, user_arg1, user_arg2, ...

where the "premature" argument takes a boolean value indicating
whether it is a premature timer expiration or not, and user_arg1,
user_arg2, and etc, are those (extra) user arguments specified when
calling ngx.timer.at() as the remaining arguments.

Premature timer expiration happens when the Nginx worker process is
trying to shut down, as in an Nginx configuration reload triggered by
the HUP signal or in an Nginx server shutdown. When the Nginx worker
is trying to shut down, one can no longer call ngx.timer.at() to
create new timers and in that case ngx.timer.at() will return nil and
a string, "process exiting", describing the error.

When a timer expires, the user Lua code in the timer callback is
running in a "light thread" detached completely from the original
request creating the timer. So objects with the same lifetime as the
request creating them, like cosockets, cannot be shared between the
original request and the timer user callback function.

Because timer callbacks run in the background and their running time
will not add to any client request's response time, they can easily
accumulate in the server and exhaust system resources due to either
Lua programming mistakes or too much client traffic. To prevent
extreme consequences like crashing the Nginx server, there are
built-in limitations on both the number of "pending timers" and the
number of "running timers" in an Nginx worker process. The "pending
timers" here mean timers that have not yet been expired and "running
timers" are those whose user callbacks are currently running.

By default, the maximal number of pending timers allowed in an Nginx
worker is 1024 while the maximal number of running timers is 256.
Furthermore, the user can configure the lua_max_pending_timers and
lua_max_running_timers directives in nginx.conf to adjust these two
limits, respectively.

According to the current implementation, each "running timer" will
take one (fake) connection record from the global connection record
list configured by the standard "worker_connections" directive in
nginx.conf. So ensure that the worker_connections directive is set to
a large enough value that takes into account both the real connections
and fake connections required by timer callbacks (as limited by the
lua_max_running_timers directive).

A lot of ngx_lua's Lua APIs are enabled in the context of the timer
callbacks, like stream/datagram cosockets (ngx.socket.*), shared
memory dictionaries (ngx.shared.*), user coroutines (coroutine.*),
user "light threads" (ngx.thread.*), ngx.exit(), ngx.now()/ngx.time(),
ngx.md5()/ngx.sha1(), are all allowed. But the subrequest API (like
ngx.location.capture), the ngx.req.* API, the downstream output API
(like ngx.say, ngx.print, and ngx.flush) are explicitly disabled in
this context.

You can check out the (declarative) test cases in the ngx_lua test
suite for more concrete examples for the timer API:

    https://github.com/chaoslawful/lua-nginx-module/blob/timer/t/106-timer.t#L31

And you're very welcome to try out the "timer" git branch in the
ngx_lua repository on Github:

    https://github.com/chaoslawful/lua-nginx-module/tree/timer

Comments on the current design and implementation of this timer API
will be highly appreciated.

Thanks!
-agentzh

billfzhu

Great job. Now i can use ngx_lua communicate with redis and gearman without adding client request's response time.

On Monday, April 15, 2013 10:20:44 AM UTC+8, agentzh wrote:

Hello guys!

I've been working on the "timer" git branch for the ngx_lua project
where I've introduced a new timer API.

Essentially it is the ngx.timer.at() function on the Lua land, which
can be used in all contexts but init_by_lua*. The syntax of this
function is as follows:

local ok, err = ngx.timer.at(delay, user_callback, user_arg1,
user_arg2, ...)

where the first argument, "delay", specifies the delay for the timer,
in seconds. One can specify fractional seconds like 0.001 to mean 1
millisecond here. 0 delay can also be specified, in which case the
timer will immediately expire when the current handler yields
execution. The second argument to ngx.timer.at(), "user_callback", can
be any Lua function, which will be invoked later in a background
"light thread" after the delay specified. The user callback will be
called by ngx_lua with the following arguments:

premature, user_arg1, user_arg2, ...

where the "premature" argument takes a boolean value indicating
whether it is a premature timer expiration or not, and user_arg1,
user_arg2, and etc, are those (extra) user arguments specified when
calling ngx.timer.at() as the remaining arguments.

Premature timer expiration happens when the Nginx worker process is
trying to shut down, as in an Nginx configuration reload triggered by
the HUP signal or in an Nginx server shutdown. When the Nginx worker
is trying to shut down, one can no longer call ngx.timer.at() to
create new timers and in that case ngx.timer.at() will return nil and
a string, "process exiting", describing the error.

When a timer expires, the user Lua code in the timer callback is
running in a "light thread" detached completely from the original
request creating the timer. So objects with the same lifetime as the
request creating them, like cosockets, cannot be shared between the
original request and the timer user callback function.

Because timer callbacks run in the background and their running time
will not add to any client request's response time, they can easily
accumulate in the server and exhaust system resources due to either
Lua programming mistakes or too much client traffic. To prevent
extreme consequences like crashing the Nginx server, there are
built-in limitations on both the number of "pending timers" and the
number of "running timers" in an Nginx worker process. The "pending
timers" here mean timers that have not yet been expired and "running
timers" are those whose user callbacks are currently running.

By default, the maximal number of pending timers allowed in an Nginx
worker is 1024 while the maximal number of running timers is 256.
Furthermore, the user can configure the lua_max_pending_timers and
lua_max_running_timers directives in nginx.conf to adjust these two
limits, respectively.

According to the current implementation, each "running timer" will
take one (fake) connection record from the global connection record
list configured by the standard "worker_connections" directive in
nginx.conf. So ensure that the worker_connections directive is set to
a large enough value that takes into account both the real connections
and fake connections required by timer callbacks (as limited by the
lua_max_running_timers directive).

A lot of ngx_lua's Lua APIs are enabled in the context of the timer
callbacks, like stream/datagram cosockets (ngx.socket.*), shared
memory dictionaries (ngx.shared.*), user coroutines (coroutine.*),
user "light threads" (ngx.thread.*), ngx.exit(), ngx.now()/ngx.time(),
ngx.md5()/ngx.sha1(), are all allowed. But the subrequest API (like
ngx.location.capture), the ngx.req.* API, the downstream output API
(like ngx.say, ngx.print, and ngx.flush) are explicitly disabled in
this context.

You can check out the (declarative) test cases in the ngx_lua test
suite for more concrete examples for the timer API:

https://github.com/chaoslawful/lua-nginx-module/blob/timer/t/106-timer.t#L31

And you're very welcome to try out the "timer" git branch in the
ngx_lua repository on Github:

https://github.com/chaoslawful/lua-nginx-module/tree/timer

Comments on the current design and implementation of this timer API
will be highly appreciated.

Thanks!
-agentzh

matthieu.tourne

On Sun, Apr 14, 2013 at 7:20 PM, agentzh <age...@gmail.com> wrote:

Hello guys!

I've been working on the "timer" git branch for the ngx_lua project
where I've introduced a new timer API.

[...]

Because timer callbacks run in the background and their running time
will not add to any client request's response time, they can easily
accumulate in the server and exhaust system resources due to either
Lua programming mistakes or too much client traffic. To prevent
extreme consequences like crashing the Nginx server, there are
built-in limitations on both the number of "pending timers" and the
number of "running timers" in an Nginx worker process. The "pending
timers" here mean timers that have not yet been expired and "running
timers" are those whose user callbacks are currently running.

I remember discussing that with you when you were designing it, and one of the recommendations (at the time) was to try to "pack" actions together.

This way all the timers potentially get executed at the same time, like a batch and it's more efficient than spawning threads for timers coming in at any given time.

Especially for clean-up code that can get executed "anytime after a certain point in time", this would make total sense.

So now, if I registered timers with the *same exact timestamp*, would they execute one after another without spawning a new thread for each callback ?

Or would I need to turn them into batches some other way ?

That way I could easily do something like :

-- timers with minute resolution

local timer_resolution = 60

-- ttl of 5 min

local file_ttl = 5 * 60

local function get_expire_ts(resolution, ttl)

return math.floor((ngx.now() + ttl) / resolution) * resolution

end

-- two workers doing this at the same time would get the same value for get_expire_ts(), and end up in the same "batch"

ngx.timer.at(get_expire_ts(timer_resolution, ttl), unlink, "file1")

ngx.timer.at(get_expire_ts(timer_resolution, ttl), unlink, "file2")

li.huang

使用该timer解决了我之前由于timeout造成缓存不一致的问题。正想用timer呢，春哥懂我！

代码见附件。

在 2013年4月15日星期一UTC+8上午10时20分44秒，agentzh写道：

Hello guys!

I've been working on the "timer" git branch for the ngx_lua project
where I've introduced a new timer API.

Essentially it is the ngx.timer.at() function on the Lua land, which
can be used in all contexts but init_by_lua*. The syntax of this
function is as follows:

local ok, err = ngx.timer.at(delay, user_callback, user_arg1,
user_arg2, ...)

where the first argument, "delay", specifies the delay for the timer,
in seconds. One can specify fractional seconds like 0.001 to mean 1
millisecond here. 0 delay can also be specified, in which case the
timer will immediately expire when the current handler yields
execution. The second argument to ngx.timer.at(), "user_callback", can
be any Lua function, which will be invoked later in a background
"light thread" after the delay specified. The user callback will be
called by ngx_lua with the following arguments:

premature, user_arg1, user_arg2, ...

where the "premature" argument takes a boolean value indicating
whether it is a premature timer expiration or not, and user_arg1,
user_arg2, and etc, are those (extra) user arguments specified when
calling ngx.timer.at() as the remaining arguments.

Premature timer expiration happens when the Nginx worker process is
trying to shut down, as in an Nginx configuration reload triggered by
the HUP signal or in an Nginx server shutdown. When the Nginx worker
is trying to shut down, one can no longer call ngx.timer.at() to
create new timers and in that case ngx.timer.at() will return nil and
a string, "process exiting", describing the error.

When a timer expires, the user Lua code in the timer callback is
running in a "light thread" detached completely from the original
request creating the timer. So objects with the same lifetime as the
request creating them, like cosockets, cannot be shared between the
original request and the timer user callback function.

Because timer callbacks run in the background and their running time
will not add to any client request's response time, they can easily
accumulate in the server and exhaust system resources due to either
Lua programming mistakes or too much client traffic. To prevent
extreme consequences like crashing the Nginx server, there are
built-in limitations on both the number of "pending timers" and the
number of "running timers" in an Nginx worker process. The "pending
timers" here mean timers that have not yet been expired and "running
timers" are those whose user callbacks are currently running.

By default, the maximal number of pending timers allowed in an Nginx
worker is 1024 while the maximal number of running timers is 256.
Furthermore, the user can configure the lua_max_pending_timers and
lua_max_running_timers directives in nginx.conf to adjust these two
limits, respectively.

According to the current implementation, each "running timer" will
take one (fake) connection record from the global connection record
list configured by the standard "worker_connections" directive in
nginx.conf. So ensure that the worker_connections directive is set to
a large enough value that takes into account both the real connections
and fake connections required by timer callbacks (as limited by the
lua_max_running_timers directive).

A lot of ngx_lua's Lua APIs are enabled in the context of the timer
callbacks, like stream/datagram cosockets (ngx.socket.*), shared
memory dictionaries (ngx.shared.*), user coroutines (coroutine.*),
user "light threads" (ngx.thread.*), ngx.exit(), ngx.now()/ngx.time(),
ngx.md5()/ngx.sha1(), are all allowed. But the subrequest API (like
ngx.location.capture), the ngx.req.* API, the downstream output API
(like ngx.say, ngx.print, and ngx.flush) are explicitly disabled in
this context.

You can check out the (declarative) test cases in the ngx_lua test
suite for more concrete examples for the timer API:

https://github.com/chaoslawful/lua-nginx-module/blob/timer/t/106-timer.t#L31

And you're very welcome to try out the "timer" git branch in the
ngx_lua repository on Github:

https://github.com/chaoslawful/lua-nginx-module/tree/timer

Comments on the current design and implementation of this timer API
will be highly appreciated.

Thanks!
-agentzh

Attachment: set.lua
Description: Binary data

li.huang

附件是

使用ngx.sleep和尾递归模拟timer，我感觉这种方式效率更高，是吗？

在 2013年4月15日星期一UTC+8上午10时20分44秒，agentzh写道：

Hello guys!

I've been working on the "timer" git branch for the ngx_lua project
where I've introduced a new timer API.

Essentially it is the ngx.timer.at() function on the Lua land, which
can be used in all contexts but init_by_lua*. The syntax of this
function is as follows:

local ok, err = ngx.timer.at(delay, user_callback, user_arg1,
user_arg2, ...)

where the first argument, "delay", specifies the delay for the timer,
in seconds. One can specify fractional seconds like 0.001 to mean 1
millisecond here. 0 delay can also be specified, in which case the
timer will immediately expire when the current handler yields
execution. The second argument to ngx.timer.at(), "user_callback", can
be any Lua function, which will be invoked later in a background
"light thread" after the delay specified. The user callback will be
called by ngx_lua with the following arguments:

premature, user_arg1, user_arg2, ...

where the "premature" argument takes a boolean value indicating
whether it is a premature timer expiration or not, and user_arg1,
user_arg2, and etc, are those (extra) user arguments specified when
calling ngx.timer.at() as the remaining arguments.

Premature timer expiration happens when the Nginx worker process is
trying to shut down, as in an Nginx configuration reload triggered by
the HUP signal or in an Nginx server shutdown. When the Nginx worker
is trying to shut down, one can no longer call ngx.timer.at() to
create new timers and in that case ngx.timer.at() will return nil and
a string, "process exiting", describing the error.

When a timer expires, the user Lua code in the timer callback is
running in a "light thread" detached completely from the original
request creating the timer. So objects with the same lifetime as the
request creating them, like cosockets, cannot be shared between the
original request and the timer user callback function.

Because timer callbacks run in the background and their running time
will not add to any client request's response time, they can easily
accumulate in the server and exhaust system resources due to either
Lua programming mistakes or too much client traffic. To prevent
extreme consequences like crashing the Nginx server, there are
built-in limitations on both the number of "pending timers" and the
number of "running timers" in an Nginx worker process. The "pending
timers" here mean timers that have not yet been expired and "running
timers" are those whose user callbacks are currently running.

By default, the maximal number of pending timers allowed in an Nginx
worker is 1024 while the maximal number of running timers is 256.
Furthermore, the user can configure the lua_max_pending_timers and
lua_max_running_timers directives in nginx.conf to adjust these two
limits, respectively.

According to the current implementation, each "running timer" will
take one (fake) connection record from the global connection record
list configured by the standard "worker_connections" directive in
nginx.conf. So ensure that the worker_connections directive is set to
a large enough value that takes into account both the real connections
and fake connections required by timer callbacks (as limited by the
lua_max_running_timers directive).

A lot of ngx_lua's Lua APIs are enabled in the context of the timer
callbacks, like stream/datagram cosockets (ngx.socket.*), shared
memory dictionaries (ngx.shared.*), user coroutines (coroutine.*),
user "light threads" (ngx.thread.*), ngx.exit(), ngx.now()/ngx.time(),
ngx.md5()/ngx.sha1(), are all allowed. But the subrequest API (like
ngx.location.capture), the ngx.req.* API, the downstream output API
(like ngx.say, ngx.print, and ngx.flush) are explicitly disabled in
this context.

You can check out the (declarative) test cases in the ngx_lua test
suite for more concrete examples for the timer API:

https://github.com/chaoslawful/lua-nginx-module/blob/timer/t/106-timer.t#L31

And you're very welcome to try out the "timer" git branch in the
ngx_lua repository on Github:

https://github.com/chaoslawful/lua-nginx-module/tree/timer

Comments on the current design and implementation of this timer API
will be highly appreciated.

Thanks!
-agentzh

Attachment: set.lua
Description: Binary data

agentzh

Hello!

On Tue, Apr 16, 2013 at 3:02 AM, 黄力 wrote:
> 使用ngx.sleep和尾递归模拟timer，我感觉这种方式效率更高，是吗？
>

不使用 timer 会让你的 ngx.sleep() 等所有 Lua 函数调用的时间都计入你的客户端请求的响应延时。这显然不是你这里所需要的。

同时处理 memcached 等后端超时错误的最有效的做法是使用较小的超时设置，同时在超时时自己进行重试。

另外，由于你已经自己对 socket 进行恰当的错误处理了，你可以考虑禁用 ngx_lua cosocket 自动记录的错误日志功能，即配置

    lua_socket_log_errors off;

更多细节见

    http://wiki.nginx.org/HttpLuaModule#lua_socket_log_errors

Best regards,
-agentzh

li.huang

在 2013年4月17日星期三UTC+8上午2时36分52秒，agentzh写道：

Hello!

On Tue, Apr 16, 2013 at 3:02 AM, 黄力 wrote:
> 使用ngx.sleep和尾递归模拟timer，我感觉这种方式效率更高，是吗？
>

不使用 timer 会让你的 ngx.sleep() 等所有 Lua 函数调用的时间都计入你的客户端请求的响应延时。这显然不是你这里所需要的。

同时处理 memcached 等后端超时错误的最有效的做法是使用较小的超时设置，同时在超时时自己进行重试。

使用timer后，我测试过timeout分别为50，100，1000，5000，10000，15000的值：

1. 50和100，缓存无法同步，5个点其中4个是外网有不同程度的差异

2. 1000，缓存在压力测试的时候，4个外网节点和本地节点的缓存差异很大，停止压力后需要较长时间同步完缓存，不丢缓存。

3. 5000，10000，15000，缓存在压力测试的时候，4个外网节点和本地节点的缓存差异很小，停止压力后几秒内同步完缓存，不丢缓存。其中10000的写入缓存最多，所以采用这个超时。

不管怎么说之前用sleep模拟的方式是会丢缓存的，所以timer绝对是救命稻草，谢谢春哥的辛勤工作，呵呵！

测试条件和代码：

nginx机器的带宽被限制为10Mbits，3个并发压力测试。

附件是测试程序和lua代码。

另外，由于你已经自己对 socket 进行恰当的错误处理了，你可以考虑禁用 ngx_lua cosocket 自动记录的错误日志功能，即配置

lua_socket_log_errors off;

今天，测试的时候关掉了，呵呵。

更多细节见

http://wiki.nginx.org/HttpLuaModule#lua_socket_log_errors

Best regards,
-agentzh

Attachment: set.lua.timer
Description: Binary data

#!/usr/bin/env python
# -*-coding:UTF-8 -*

import gevent
from gevent import monkey

# patches stdlib (including socket and ssl modules) to cooperate with other greenlets
monkey.patch_all()

import logging
#import urllib2
import httplib

def c(n):
    begin = n * 1000000
    loop = begin
    end = begin + 1000000
    while loop < end:
        try:
            conn = httplib.HTTPConnection("122.225.36.179", 8181, timeout=10)
            conn.request("GET", "http://www.sina.com.cn/link/bg%d.jpg"; % loop)
            res = conn.getresponse()
            conn.close()
            loop += 1
        except IOError, e:
            print str(e)

def main():
    jobs = [gevent.spawn(c, n) for n in range(3)]
    gevent.joinall(jobs)

if '__main__' == __name__:
    main()

agentzh

Hello!

On Sun, Apr 14, 2013 at 7:20 PM, agentzh <age...@gmail.com> wrote:
> I've been working on the "timer" git branch for the ngx_lua project
> where I've introduced a new timer API.
>

The "timer" branch has just been merged into "master" and deleted.
This new feature will be part of the next ngx_lua release, v0.8.0.
I'll add some formal documentation for it :)

Best regards,
-agentzh

li.huang

给力！！！

在 2013年4月21日星期日UTC+8上午7时06分12秒，agentzh写道：

Hello!

On Sun, Apr 14, 2013 at 7:20 PM, agentzh <age...@gmail.com> wrote:
> I've been working on the "timer" git branch for the ngx_lua project
> where I've introduced a new timer API.
>

The "timer" branch has just been merged into "master" and deleted.
This new feature will be part of the next ngx_lua release, v0.8.0.
I'll add some formal documentation for it :)

Best regards,
-agentzh