Jira (PUP-11163) Prevent thundering herd via deterministic run scheduling

[Reid Vandewiele (Jira)]

Reid Vandewiele created an issue

Puppet / PUP-11163 Prevent thundering herd via deterministic run scheduling Issue Type: Improvement Assignee: Unassigned Created: 2021/07/07 10:00 AM Priority: Normal Reporter: Reid Vandewiele Problem One of the most-viewed articles in Open Source Puppet Assist between September of 2020 and March of 2021 was determine a thundering herd condition in Puppet (OSPA-21). Thundering herds have been an out-of-box problem in Puppet for more than a decade, and for users "in the know", there is a clear, bulletproof solution: use a combination of splayed and deterministic run start times to evenly distribute agent checkins. Problematically, this doesn't work with our daemonized agent. Customers must instead disable the agent, and use OS schedulers such as Cron (Posix) and Scheduled Tasks (Windows). See this module for full automation of the configuration. Desired Solution The Puppet agent should provide a deterministic run scheduling mode which evenly distributes agent runs automatically, and eliminates the possibility of thundering herds developing. This mode should become the new default mode. Characteristics: Scheduled run start times should be based on computed wall clock times. Not on variable-time events such as previous run end times. An agent's individual run start time should include a random splay, seeded on the agent's certname setting The agent should schedule and perform a first-start run quickly (immediately or splayed if splay is configured) on daemon startup, after which subsequent run starts should adhere to the computed wall-clock schedule On startup, an agent might schedule runs thusly. Schedule a startup run for now() + $splay Schedule the first regular daemon run for now() + ((($run_interval - (now() % $run_interval)) + fqdn_rand($certname)) % $run_interval) Every subsequently run should be scheduled exactly $run_interval after of the previously scheduled run Optionally, a provision can be made to skip the first scheduled daemon run if it would occur too soon after the startup run     We advise our largest customers to achieve this scheduling algorithm today in order to better distribute load, and to prevent thundering herds. We should eliminate the onerous workaround by incorporating it into our product, and in so doing deliver the same benefits to all Puppet users, as well as eliminate one of our most common troubleshooting exasperations. Add Comment

This message was sent by Atlassian Jira (v8.13.2#813002-sha1:c495a97)

[Reid Vandewiele (Jira)]

Reid Vandewiele updated an issue

Puppet / PUP-11163 Prevent thundering herd via deterministic run scheduling

Change By: Reid Vandewiele h2. Problem One of the most-viewed articles in Open Source Puppet Assist between September of 2020 and March of 2021 was [ determine a thundering herd condition in Puppet |https://ospassist.puppet.com/hc/en-us/articles/360040327753-determine-a-thundering-herd-condition-in-puppet-]  (OSPA-21).

Thundering herds have been an out-of-box problem in Puppet for more than a decade, and for users "in the know", there is a clear, bulletproof solution: use a combination of splayed and deterministic run start times to evenly distribute agent checkins.

Problematically, this doesn't work with our daemonized agent. Customers must instead disable the agent, and use OS schedulers such as Cron (Posix) and Scheduled Tasks (Windows). See [this module|https://forge.puppet.com/modules/reidmv/puppet_run_scheduler] for full automation of the configuration. h2. Desired Solution

The Puppet agent should provide a deterministic run scheduling mode which evenly distributes agent runs automatically, and eliminates the possibility of thundering herds developing. This mode should become the new default mode. Characteristics:

* Scheduled run start times should be based on computed wall clock times. Not on variable-time events such as previous run end times. * An agent's individual run start time should include a random splay, seeded on the agent's certname setting * The agent should schedule and perform a first-start run quickly (immediately or splayed if splay is configured) on daemon startup, after which subsequent run starts should adhere to the computed wall-clock schedule

On startup, an agent might schedule runs thusly.

# Schedule a startup run for {{now() + $splay}} # Schedule the first regular daemon run for

{{now() + ((($run_interval - (now() % $run_interval)) + fqdn_rand($certname)) % $run_interval)}}

# Every subsequently run should be scheduled exactly {{$run_interval}} after of the previously scheduled run # Optionally, a provision can be made to skip the first scheduled daemon run if it would occur too soon after the startup run

We advise our largest customers to achieve this scheduling algorithm today in order to better distribute load, and to prevent thundering herds. We should eliminate the onerous workaround by incorporating it into our product, and in so doing deliver the same benefits to all Puppet users, as well as eliminate one of our most common troubleshooting exasperations.

Add Comment

[Reid Vandewiele (Jira)]

Reid Vandewiele updated an issue

Puppet / PUP-11163 Prevent thundering herd via deterministic run scheduling Change By: Reid Vandewiele

h2. Problem One of the most-viewed articles in Open Source Puppet Assist between September of 2020 and March of 2021 was [determine a thundering herd condition in Puppet|https://ospassist.puppet.com/hc/en-us/articles/360040327753-determine-a-thundering-herd-condition-in-puppet-] (OSPA-21).

Thundering herds have been an out-of-box problem in Puppet for more than a decade, and for users "in the know", there is a clear, bulletproof solution: use a combination of splayed and , deterministic run start times to evenly distribute agent checkins.

Problematically, this doesn't work with our daemonized agent. Customers must instead disable the agent, and use OS schedulers such as Cron (Posix) and Scheduled Tasks (Windows). See [this module|https://forge.puppet.com/modules/reidmv/puppet_run_scheduler] for full automation of the configuration. h2. Desired Solution The Puppet agent should provide a deterministic run scheduling mode which evenly distributes agent runs automatically, and eliminates the possibility of thundering herds developing. This mode should become the new default mode. Characteristics: * Scheduled run start times should be based on computed wall clock times. Not on variable-time events such as previous run end times. * An agent's individual run start time should include a random splay, seeded on the agent's certname setting * The agent should schedule and perform a first-start run quickly (immediately or splayed if splay is configured) on daemon startup, after which subsequent run starts should adhere to the computed wall-clock schedule On startup, an agent might schedule runs thusly. # Schedule a startup run for {{now() + $splay}} # Schedule the first regular daemon run for {{now() + ((($run_interval - (now() % $run_interval)) + fqdn_rand($certname)) % $run_interval)}} # Every subsequently run should be scheduled exactly {{$run_interval}} after of the previously scheduled run # Optionally, a provision can be made to skip the first scheduled daemon run if it would occur too soon after the startup run     We advise our largest customers to achieve this scheduling algorithm today in order to better distribute load, and to prevent thundering herds. We should eliminate the onerous workaround by incorporating it into our product, and in so doing deliver the same benefits to all Puppet users, as well as eliminate one of our most common troubleshooting exasperations.

Add Comment

[Reid Vandewiele (Jira)]

Reid Vandewiele updated an issue

Puppet / PUP-11163 Prevent thundering herd via deterministic run scheduling Change By: Reid Vandewiele

h2. Problem One of the most-viewed articles in Open Source Puppet Assist between September of 2020 and March of 2021 was [determine a thundering herd condition in Puppet|https://ospassist.puppet.com/hc/en-us/articles/360040327753-determine-a-thundering-herd-condition-in-puppet-] (OSPA-21).

Thundering herds have been an out-of-box problem in Puppet for more than a decade, and for users "in the know", there is a clear, bulletproof solution: use splayed, deterministic run start times to evenly distribute agent checkins.

Problematically, this doesn't work with our daemonized agent. Customers must instead disable the agent, and use OS schedulers such as Cron (Posix) and Scheduled Tasks (Windows). See [this module|https://forge.puppet.com/modules/reidmv/puppet_run_scheduler] for full automation of the configuration. h2. Desired Solution The Puppet agent should provide a deterministic run scheduling mode which evenly distributes agent runs automatically, and eliminates the possibility of thundering herds developing. This mode should become the new default mode. Characteristics: * Scheduled run start times should be based on computed wall clock times. Not on variable-time events such as previous run end times. * An agent's individual run start time should include a random splay, seeded on the agent's certname setting * The agent should schedule and perform a first-start run quickly (immediately or splayed if splay is configured) on daemon startup, after which subsequent run starts should adhere to the computed wall-clock schedule On startup, an agent might schedule runs thusly. # Schedule a startup run for {{now() + $splay}} # Schedule the first regular daemon run for {{now() + ((($run_interval - (now() % $run_interval)) + fqdn_rand($certname)) % $run_interval)}}

# Every subsequently subsequent run should be scheduled exactly {{$run_interval}} after of the previously scheduled run

# Optionally, a provision can be made to skip the first scheduled daemon run if it would occur too soon after the startup run     We advise our largest customers to achieve this scheduling algorithm today in order to better distribute load, and to prevent thundering herds. We should eliminate the onerous workaround by incorporating it into our product, and in so doing deliver the same benefits to all Puppet users, as well as eliminate one of our most common troubleshooting exasperations.

Add Comment

[Reid Vandewiele (Jira)]

Reid Vandewiele updated an issue

Puppet / PUP-11163 Prevent thundering herd via deterministic run scheduling Change By: Reid Vandewiele

h2. Problem One of the most-viewed articles in Open Source Puppet Assist between September of 2020 and March of 2021 was [determine a thundering herd condition in Puppet|https://ospassist.puppet.com/hc/en-us/articles/360040327753-determine-a-thundering-herd-condition-in-puppet-] (OSPA-21). Thundering herds have been an out-of-box problem in Puppet for more than a decade, and for users "in the know", there is a clear, bulletproof solution: use splayed, deterministic run start times to evenly distribute agent checkins. Problematically, this doesn't work with our daemonized agent. Customers must instead disable the agent, and use OS schedulers such as Cron (Posix) and Scheduled Tasks (Windows). See [this module|https://forge.puppet.com/modules/reidmv/puppet_run_scheduler] for full automation of the configuration. h2. Desired Solution The Puppet agent should provide a deterministic run scheduling mode which evenly distributes agent runs automatically, and eliminates the possibility of thundering herds developing. This mode should become the new default mode. Characteristics: * Scheduled run start times should be based on computed wall clock times. Not on variable-time events such as previous run end times.

* An agent's individual run start time should include a random splay offset element , seeded on the agent's certname setting * The agent should schedule and perform a first-start run quickly (immediately , or splayed if splay is configured) on daemon startup, after which subsequent run starts should adhere to the computed wall-clock schedule

On startup, an agent might schedule runs thusly. # Schedule a startup run for {{now() + $splay}} # Schedule the first regular daemon run for {{now() + ((($run_interval - (now() % $run_interval)) + fqdn_rand($certname)) % $run_interval)}}

# Every subsequent run should be scheduled exactly {{$run_interval}} after of the previously scheduled run

# Optionally, a provision can be made to skip the first scheduled daemon run if it would occur too soon after the startup run     We advise our largest customers to achieve this scheduling algorithm today in order to better distribute load, and to prevent thundering herds. We should eliminate the onerous workaround by incorporating it into our product, and in so doing deliver the same benefits to all Puppet users, as well as eliminate one of our most common troubleshooting exasperations.

Add Comment

[Reid Vandewiele (Jira)]

Reid Vandewiele updated an issue

Puppet / PUP-11163 Prevent thundering herd via deterministic run scheduling Change By: Reid Vandewiele

h2. Problem One of the most-viewed articles in Open Source Puppet Assist between September of 2020 and March of 2021 was [determine a thundering herd condition in Puppet|https://ospassist.puppet.com/hc/en-us/articles/360040327753-determine-a-thundering-herd-condition-in-puppet-] (OSPA-21). Thundering herds have been an out-of-box problem in Puppet for more than a decade, and for users "in the know", there is a clear, bulletproof solution: use splayed, deterministic run start times to evenly distribute agent checkins. Problematically, this doesn't work with our daemonized agent. Customers must instead disable the agent, and use OS schedulers such as Cron (Posix) and Scheduled Tasks (Windows). See [this module|https://forge.puppet.com/modules/reidmv/puppet_run_scheduler] for full automation of the configuration. h2. Desired Solution The Puppet agent should provide a deterministic run scheduling mode which evenly distributes agent runs automatically, and eliminates the possibility of thundering herds developing. This mode should become the new default mode. Characteristics: * Scheduled run start times should be based on computed wall clock times. Not on variable-time events such as previous run end times.

* An agent's individual run start time should include a random offset element, seeded on the agent's certname setting * The agent should schedule and perform a first-start run quickly (immediately, or splayed if splay is configured) on daemon startup, after which subsequent run starts should adhere to the computed wall-clock schedule

On startup, an agent might schedule runs thusly. # Schedule a startup run for {{now() + $splay}} # Schedule the first regular daemon run for {{now() + ((($run_interval - (now() % $run_interval)) + fqdn_rand($certname)) % $run_interval)}} # Every subsequent run should be scheduled exactly {{$run_interval}} after of the previously scheduled run

# * Optionally, a provision can be made to skip the first scheduled daemon run if it would occur too soon after the startup run * Optionally, a provision can be made to skip a scheduled run if the previous scheduled run completed within a certain proximity

We advise our largest customers to achieve this scheduling algorithm today in order to better distribute load, and to prevent thundering herds. We should eliminate the onerous workaround by incorporating it into our product, and in so doing deliver the same benefits to all Puppet users, as well as eliminate one of our most common troubleshooting exasperations.

Add Comment

[Reid Vandewiele (Jira)]

Reid Vandewiele updated an issue

Puppet / PUP-11163 Prevent thundering herd via deterministic run scheduling Change By: Reid Vandewiele

h2. Problem One of the most-viewed articles in Open Source Puppet Assist between September of 2020 and March of 2021 was [determine a thundering herd condition in Puppet|https://ospassist.puppet.com/hc/en-us/articles/360040327753-determine-a-thundering-herd-condition-in-puppet-] (OSPA-21). Thundering herds have been an out-of-box problem in Puppet for more than a decade, and for users "in the know", there is a clear, bulletproof solution: use splayed, deterministic run start times to evenly distribute agent checkins. Problematically, this doesn't work with our daemonized agent. Customers must instead disable the agent, and use OS schedulers such as Cron (Posix) and Scheduled Tasks (Windows). See [this module|https://forge.puppet.com/modules/reidmv/puppet_run_scheduler] for full automation of the configuration. h2. Desired Solution The Puppet agent should provide a deterministic run scheduling mode which evenly distributes agent runs automatically, and eliminates the possibility of thundering herds developing. This mode should become the new default mode. Characteristics: * Scheduled run start times should be based on computed wall clock times. Not on variable-time events such as previous run end times. * An agent's individual run start time should include a random offset element, seeded on the agent's certname setting * The agent should schedule and perform a first-start run quickly (immediately, or splayed if splay is configured) on daemon startup, after which subsequent run starts should adhere to the computed wall-clock schedule On startup, an agent might schedule runs thusly. # Schedule a startup run for {{now() + $splay}} # Schedule the first regular daemon run for {{now() + ((($run_interval - (now() % $run_interval)) + fqdn_rand($certname)) % $run_interval)}} # Every subsequent run should be scheduled exactly {{$run_interval}} after of the previously scheduled run

* Optionally, a provision can be made to skip the first scheduled daemon run if it would occur too soon after the startup run

* Optionally, a provision can be made to skip a scheduled run if the previous scheduled run completed too soon within a certain configured proximity

We advise our largest customers to achieve this scheduling algorithm today in order to better distribute load, and to prevent thundering herds. We should eliminate the onerous workaround by incorporating it into our product, and in so doing deliver the same benefits to all Puppet users, as well as eliminate one of our most common troubleshooting exasperations.

Add Comment

[Reid Vandewiele (Jira)]

Reid Vandewiele updated an issue

Puppet / PUP-11163 Prevent thundering herd via deterministic run scheduling Change By: Reid Vandewiele

h2. Problem One of the most-viewed articles in Open Source Puppet Assist between September of 2020 and March of 2021 was [determine a thundering herd condition in Puppet|https://ospassist.puppet.com/hc/en-us/articles/360040327753-determine-a-thundering-herd-condition-in-puppet-] (OSPA-21). Thundering herds have been an out-of-box problem in Puppet for more than a decade, and for users "in the know", there is a clear, bulletproof solution: use splayed, deterministic run start times to evenly distribute agent checkins. Problematically, this doesn't work with our daemonized agent. Customers must instead disable the agent, and use OS schedulers such as Cron (Posix) and Scheduled Tasks (Windows). See [this module|https://forge.puppet.com/modules/reidmv/puppet_run_scheduler] for full automation of the configuration. h2. Desired Solution The Puppet agent should provide a deterministic run scheduling mode which evenly distributes agent runs automatically, and eliminates the possibility of thundering herds developing. This mode should become the new default mode. Characteristics: * Scheduled run start times should be based on computed wall clock times. Not on variable-time events such as previous run end times. * An agent's individual run start time should include a random offset element, seeded on the agent's certname setting * The agent should schedule and perform a first-start run quickly (immediately, or splayed if splay is configured) on daemon startup, after which subsequent run starts should adhere to the computed wall-clock schedule On startup, an agent might schedule runs thusly. # Schedule a startup run for {{now() + $splay}} # Schedule the first regular daemon run for {{now() + ((($run_interval - (now() % $run_interval)) + fqdn_rand($certname)) % $run_interval)}} # Every subsequent run should be scheduled exactly {{$run_interval}} after of the previously scheduled run

* Optionally, a provision can be made to skip a scheduled run if the previous scheduled run completed too soon within a configured proximity . This may happen after the special startup run, for example, or if a scheduled run entered into a backoff/retry loop based on server 503 responses

We advise our largest customers to achieve this scheduling algorithm today in order to better distribute load, and to prevent thundering herds. We should eliminate the onerous workaround by incorporating it into our product, and in so doing deliver the same benefits to all Puppet users, as well as eliminate one of our most common troubleshooting exasperations.

Add Comment

[Reid Vandewiele (Jira)]

Reid Vandewiele updated an issue

Puppet / PUP-11163 Prevent thundering herd via deterministic run scheduling Change By: Reid Vandewiele

h2. Problem One of the most-viewed articles in Open Source Puppet Assist between September of 2020 and March of 2021 was [determine a thundering herd condition in Puppet|https://ospassist.puppet.com/hc/en-us/articles/360040327753-determine-a-thundering-herd-condition-in-puppet-] (OSPA-21). Thundering herds have been an out-of-box problem in Puppet for more than a decade, and for users "in the know", there is a clear, bulletproof solution: use splayed, deterministic run start times to evenly distribute agent checkins. Problematically, this doesn't work with our daemonized agent. Customers must instead disable the agent, and use OS schedulers such as Cron (Posix) and Scheduled Tasks (Windows). See [this module|https://forge.puppet.com/modules/reidmv/puppet_run_scheduler] for full automation of the configuration. h2. Desired Solution The Puppet agent should provide a deterministic run scheduling mode which evenly distributes agent runs automatically, and eliminates the possibility of thundering herds developing. This mode should become the new default mode. Characteristics: * Scheduled run start times should be based on computed wall clock times. Not on variable-time events such as previous run end times. * An agent's individual run start time should include a random offset element, seeded on the agent's certname setting * The agent should schedule and perform a first-start run quickly (immediately, or splayed if splay is configured) on daemon startup, after which subsequent run starts should adhere to the computed wall-clock schedule On startup, an agent might schedule runs thusly. # Schedule a startup run for {{now() + $splay}} # Schedule the first regular daemon run for {{now() + ((($run_interval - (now() % $run_interval)) + fqdn_rand($certname)) % $run_interval)}} # Every subsequent run should be scheduled exactly {{$run_interval}} after of the previously scheduled run

* Optionally, a provision can be made to skip a scheduled run if the previous scheduled run completed too soon within a configured proximity. This may happen after the special startup run, for example, or if a scheduled run entered into a backoff/retry loop based on server 503 responses and so did not start/complete for much longer than expected

We advise our largest customers to achieve this scheduling algorithm today in order to better distribute load, and to prevent thundering herds. We should eliminate the onerous workaround by incorporating it into our product, and in so doing deliver the same benefits to all Puppet users, as well as eliminate one of our most common troubleshooting exasperations.

Add Comment

[Reid Vandewiele (Jira)]

Reid Vandewiele updated an issue

Puppet / PUP-11163 Prevent thundering herd via deterministic run scheduling Change By: Reid Vandewiele

h2. Problem One of the most-viewed articles in Open Source Puppet Assist between September of 2020 and March of 2021 was [determine a thundering herd condition in Puppet|https://ospassist.puppet.com/hc/en-us/articles/360040327753-determine-a-thundering-herd-condition-in-puppet-] (OSPA-21). Thundering herds have been an out-of-box problem in Puppet for more than a decade, and for users "in the know", there is a clear, bulletproof solution: use splayed, deterministic run start times to evenly distribute agent checkins. Problematically, this doesn't work with our daemonized agent. Customers must instead disable the agent, and use OS schedulers such as Cron (Posix) and Scheduled Tasks (Windows). See [this module|https://forge.puppet.com/modules/reidmv/puppet_run_scheduler] for full automation of the configuration. h2. Desired Solution The Puppet agent should provide a deterministic run scheduling mode which evenly distributes agent runs automatically, and eliminates the possibility of thundering herds developing. This mode should become the new default mode. Characteristics: * Scheduled run start times should be based on computed wall clock times. Not on variable-time events such as previous run end times. * An agent's individual run start time should include a random offset element, seeded on the agent's certname setting * The agent should schedule and perform a first-start run quickly (immediately, or splayed if splay is configured) on daemon startup, after which subsequent run starts should adhere to the computed wall-clock schedule On startup, an agent might schedule runs thusly. # Schedule a startup run for {{now() + $splay}} # Schedule the first regular daemon run for {{now() + ((($run_interval - (now() % $run_interval)) + fqdn_rand($certname)) % $run_interval)}} # Every subsequent run should be scheduled exactly {{$run_interval}} after of the previously scheduled run

* Optionally, a provision can be made to skip a scheduled run if the previous scheduled run completed too soon within a configured proximity. This may happen after the special startup run, for example, or if a previously scheduled run entered into a backoff/retry loop based on server 503 responses and so did not start/complete for much longer than expected

We advise our largest customers to achieve this scheduling algorithm today in order to better distribute load, and to prevent thundering herds. We should eliminate the onerous workaround by incorporating it into our product, and in so doing deliver the same benefits to all Puppet users, as well as eliminate one of our most common troubleshooting exasperations.

Add Comment

[Ciprian Badescu (Jira)]

Ciprian Badescu assigned an issue to Beth Glenfield

Puppet / PUP-11163 Prevent thundering herd via deterministic run scheduling

Change By: Ciprian Badescu Assignee: Beth Glenfield

Add Comment

[Reid Vandewiele (Jira)]

Reid Vandewiele commented on PUP-11163

Re: Prevent thundering herd via deterministic run scheduling Beth Glenfield what information is needed for this ticket? (asking based on ticket status change, I may just not understand what that status means in the workflow)

Add Comment

[Beth Glenfield (Jira)]

Beth Glenfield commented on PUP-11163

Re: Prevent thundering herd via deterministic run scheduling

Hi Reid Vandewiele, I was on PTO for a couple of weeks so only getting around to this now. The team assign tickets to myself when they require some Product input, or if we need to gather requirements   When do we advise our largest customers on steps to mitigate this, is it during initial setup? Also cc/ Josh Cooper into this for some engineering expertise.

Add Comment

[Charlie Sharpsteen (Jira)]

Charlie Sharpsteen assigned an issue to Unassigned

Puppet / PUP-11163

Prevent thundering herd via deterministic run scheduling

Change By: Charlie Sharpsteen Assignee: Beth Glenfield

Add Comment

[Ciprian Badescu (Jira)]

Ciprian Badescu assigned an issue to Yasmin Rajabi

Puppet / PUP-11163 Prevent thundering herd via deterministic run scheduling

Change By: Ciprian Badescu Assignee: Yasmin Rajabi

Add Comment

[Yasmin Rajabi (Jira)]

Yasmin Rajabi commented on PUP-11163

Re: Prevent thundering herd via deterministic run scheduling Reid Vandewiele Charlie Sharpsteen how often is this coming up? trying to balance this with the rest of the tickets - if you were to guess what % of customers run into it?

Add Comment

[Reid Vandewiele (Jira)]

Reid Vandewiele commented on PUP-11163

Re: Prevent thundering herd via deterministic run scheduling

100% of customers run into the problem. A lesser percentage notice it. If the customer is small (say, less than a thousand nodes), the available Puppet compute power will eclipse the total agent workload enough to make the thundering herd issue not a problem. Small herd, small thunder. The issue becomes a problem when the available compute power starts to become more evenly matched to the workload. Charlie Sharpsteen would have to speak to the percentage of customers that Support needs to advise on enabling our special configuration max-queued-requests option, which is the first tier workaround used to mitigate the issue. For our largest customers, say >10,000 nodes (at a guess) we pretty universally have to talk about max-queued-requests at a minimum up front, and for most we end up evolving into suggesting the second tier workaround, which is reidmv-puppet_run_scheduler or similar—basically, stop using the service, and use cron/scheduled-tasks to run the agent instead. That strategy, even as a pre-implemented module, is uncomfortable because all customers would rather run services daemons than cron/scheduled-tasks. The big ones grumpily end up sacrificing that in exchange for stable performance.

Add Comment

[Reid Vandewiele (Jira)]

Reid Vandewiele updated an issue

Puppet / PUP-11163

Prevent thundering herd via deterministic run scheduling

Change By: Reid Vandewiele

h2. Problem One of the most-viewed articles in Open Source Puppet Assist between September of 2020 and March of 2021 was [determine a thundering herd condition in Puppet|https://ospassist.puppet.com/hc/en-us/articles/360040327753-determine-a-thundering-herd-condition-in-puppet-] (OSPA-21). Thundering herds have been an out-of-box problem in Puppet for more than a decade, and for users "in the know", there is a clear, bulletproof solution: use splayed, deterministic run start times to evenly distribute agent checkins. Problematically, this doesn't work with our daemonized agent. Customers must instead disable the agent, and use OS schedulers such as Cron (Posix) and Scheduled Tasks (Windows). See [this module|https://forge.puppet.com/modules/reidmv/puppet_run_scheduler] for full automation of the configuration. h2. Desired Solution The Puppet agent should provide a deterministic run scheduling mode which evenly distributes agent runs automatically, and eliminates the possibility of thundering herds developing. This mode should become the new default mode. Characteristics: * Scheduled run start times should be based on computed wall clock times. Not on variable-time events such as previous run end times.

* An agent's individual run start time should include a random offset element, seeded on the agent's certname setting _+ a random seed.†_

* The agent should schedule and perform a first-start run quickly (immediately, or splayed if splay is configured) on daemon startup, after which subsequent run starts should adhere to the computed wall-clock schedule On startup, an agent might schedule runs thusly. # Schedule a startup run for {{now() + $splay}} # Schedule the first regular daemon run for {{now() + ((($run_interval - (now() % $run_interval)) + fqdn_rand($certname)) % $run_interval)}} # Every subsequent run should be scheduled exactly {{$run_interval}} after of the previously scheduled run * Optionally, a provision can be made to skip a scheduled run if the previous scheduled run completed too soon within a configured proximity. This may happen after the special startup run, for example, or if a previously scheduled run entered into a backoff/retry loop based on server 503 responses and so did not start/complete for much longer than expected     We advise our largest customers to achieve this scheduling algorithm today in order to better distribute load, and to prevent thundering herds. We should eliminate the onerous workaround by incorporating it into our product, and in so doing deliver the same benefits to all Puppet users, as well as eliminate one of our most common troubleshooting exasperations.

---- † It is not important for a given agent to always select the same wall-clock start times; only for agents to have different, evenly spread start times, and for subsequent runs to be +consistently+ spaced.

Add Comment

[Reid Vandewiele (Jira)]

† It is not important for a given agent to always select the same wall-clock start times; only for agents to have different, evenly spread start times, and for subsequent runs to be +consistently+ spaced. Including a random seed element permits the (unusual, not recommended) use of the same certificate by multiple agents.

Add Comment

[Reid Vandewiele (Jira)]

† It is not important for a given agent to always select the same wall-clock start times; only for agents to have different, evenly spread start times, and for subsequent runs to be +consistently+ spaced. Including a random seed element permits the (unusual, not recommended) use of the same certificate by multiple agents. Including the certname accounts for the possibility of running on a system which cannot generate true random seeds.

Add Comment

[Nick Walker (Jira)]

Nick Walker commented on PUP-11163

Re: Prevent thundering herd via deterministic run scheduling I think this is basically the same request I made in the past via PUP-4212.

Add Comment

[Reid Vandewiele (Jira)]

Reid Vandewiele commented on PUP-11163

Re: Prevent thundering herd via deterministic run scheduling

Possibly. There are definitely similarities. If there's any difference, I think it would be that this ticket is more "smooth workload distribution is something I want; thundering herds shouldn't be possible", while 4212 may have taking the slightly different focus of "fix the acute problem / symptom thundering herds by breaking them up when they occur". The tighter you get to workload tolerances at scale, the less tolerable it is to have herds in the first place.

Add Comment

[Ciprian Badescu (Jira)]

Ciprian Badescu commented on PUP-11163

Re: Prevent thundering herd via deterministic run scheduling

Reid Vandewiele, what are the benefits of randomizing first daemon run? Does adding the startup randomization to the first daemon run randomization gives better results? Could implementing something like this be enough? first puppet-agent run: now() + $splay, if there is a collision, }}{{do 3 subsequent puppet-agent runs: each $run_interval, if there is a collision, 3, otherwise reset backoff_multiplier collisions handling (based on server 503) increment backoff_multiplier sleep for backoff_multiplier * (retry-after || fixed default) reset run interval to now() and retry daemon run OP1: is the value of retry-after fixed (I assumed this and that's why I proposed the backoff_multiplier) OP2: is there any soft means to detect "Thundering herds" other than HTTP 503 response?

Add Comment