From c2bdeb9e7d4585cc843d7936b986d7850054e003 Mon Sep 17 00:00:00 2001 From: Nick Cabatoff Date: Tue, 19 Jan 2021 17:51:41 -0500 Subject: [PATCH] Minimal change to ensure that the bulky leaseEntry isn't kept in memory. (#10726) --- changelog/10726.txt | 3 +++ vault/expiration.go | 23 ++++++++++++----------- 2 files changed, 15 insertions(+), 11 deletions(-) create mode 100644 changelog/10726.txt diff --git a/changelog/10726.txt b/changelog/10726.txt new file mode 100644 index 000000000..e8de0771e --- /dev/null +++ b/changelog/10726.txt @@ -0,0 +1,3 @@ +```release-note:improvement +core: reduce memory used by leases +``` diff --git a/vault/expiration.go b/vault/expiration.go index eb68ff35a..03c827ed4 100644 --- a/vault/expiration.go +++ b/vault/expiration.go @@ -116,10 +116,10 @@ type ExpirationManager struct { testRegisterAuthFailure uberAtomic.Bool } -type ExpireLeaseStrategy func(context.Context, *ExpirationManager, *leaseEntry) +type ExpireLeaseStrategy func(context.Context, *ExpirationManager, string, *namespace.Namespace) // revokeIDFunc is invoked when a given ID is expired -func expireLeaseStrategyRevoke(ctx context.Context, m *ExpirationManager, le *leaseEntry) { +func expireLeaseStrategyRevoke(ctx context.Context, m *ExpirationManager, leaseID string, ns *namespace.Namespace) { for attempt := uint(0); attempt < maxRevokeAttempts; attempt++ { releasePermit := func() {} if m.revokePermitPool != nil { @@ -129,10 +129,10 @@ func expireLeaseStrategyRevoke(ctx context.Context, m *ExpirationManager, le *le m.logger.Trace("expiring lease; got permit pool") } - metrics.IncrCounterWithLabels([]string{"expire", "lease_expiration"}, 1, []metrics.Label{{"namespace", le.namespace.ID}}) + metrics.IncrCounterWithLabels([]string{"expire", "lease_expiration"}, 1, []metrics.Label{{"namespace", ns.ID}}) revokeCtx, cancel := context.WithTimeout(ctx, DefaultMaxRequestDuration) - revokeCtx = namespace.ContextWithNamespace(revokeCtx, le.namespace) + revokeCtx = namespace.ContextWithNamespace(revokeCtx, ns) go func() { select { @@ -145,12 +145,12 @@ func expireLeaseStrategyRevoke(ctx context.Context, m *ExpirationManager, le *le select { case <-m.quitCh: - m.logger.Error("shutting down, not attempting further revocation of lease", "lease_id", le.LeaseID) + m.logger.Error("shutting down, not attempting further revocation of lease", "lease_id", leaseID) releasePermit() cancel() return case <-m.quitContext.Done(): - m.logger.Error("core context canceled, not attempting further revocation of lease", "lease_id", le.LeaseID) + m.logger.Error("core context canceled, not attempting further revocation of lease", "lease_id", leaseID) releasePermit() cancel() return @@ -158,7 +158,7 @@ func expireLeaseStrategyRevoke(ctx context.Context, m *ExpirationManager, le *le } m.coreStateLock.RLock() - err := m.Revoke(revokeCtx, le.LeaseID) + err := m.Revoke(revokeCtx, leaseID) m.coreStateLock.RUnlock() releasePermit() cancel() @@ -166,12 +166,12 @@ func expireLeaseStrategyRevoke(ctx context.Context, m *ExpirationManager, le *le return } - metrics.IncrCounterWithLabels([]string{"expire", "lease_expiration", "error"}, 1, []metrics.Label{{"namespace", le.namespace.ID}}) + metrics.IncrCounterWithLabels([]string{"expire", "lease_expiration", "error"}, 1, []metrics.Label{{"namespace", ns.ID}}) - m.logger.Error("failed to revoke lease", "lease_id", le.LeaseID, "error", err) + m.logger.Error("failed to revoke lease", "lease_id", leaseID, "error", err) time.Sleep((1 << attempt) * revokeRetryBase) } - m.logger.Error("maximum revoke attempts reached", "lease_id", le.LeaseID) + m.logger.Error("maximum revoke attempts reached", "lease_id", leaseID) } // NewExpirationManager creates a new ExpirationManager that is backed @@ -1524,9 +1524,10 @@ func (m *ExpirationManager) updatePendingInternal(le *leaseEntry) { pending.timer.Reset(leaseTotal) // No change to lease count in this case } else { + leaseID, namespace := le.LeaseID, le.namespace // Extend the timer by the lease total timer := time.AfterFunc(leaseTotal, func() { - m.expireFunc(m.quitContext, m, le) + m.expireFunc(m.quitContext, m, leaseID, namespace) }) pending = pendingInfo{ timer: timer,