Make config updates and other parts safe with concurrency#19
Merged
Conversation
Hold the exclusive flock across the whole read-modify-write so concurrent processes can't lose each other's updates. Add update/update_with for read-modify-write, create for write-once, and lock_vm for serializing whole lifecycle commands on one VM name. write remains a thin internal shim until all callers migrate.
Add vm::create (write-once, fails if the VM already exists) and vm::update (delta closure applied under the lock), the metadata-side counterparts to the StateStore primitives. vm::save stays as a shim until its callers migrate.
Route allocate/allocate_single/release through StateStore::update(_with) so the find-free-block-and-insert runs under one lock. Closes the double-allocation race where two concurrent vm creates could claim the same /30 block.
Add registry::update and migrate pull/build/rename/remove to it so concurrent image commands can't lose each other's registry entries. Drop ImageRegistry::save; the rename path's storage work stays outside the lock and dependent VM records are updated via vm::update.
Migrate every lifecycle command to vm::create / vm::update / store::create / store::update, take the per-VM operation lock for the whole command (fixing the create TOCTOU and double-start), download kernels outside the config lock, and make 'ember init' fail rather than clobber an initialized store. Drop the now-unused vm::save.
All mutations now go through update/update_with/create, which hold the lock across the whole transaction. Remove the public write so an unlocked read-then-write can't reintroduce the lost-update window.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.