I have a handwritten job server (think a very limited equivalent of something like Gearman) that uses AMQP and RabbitMQ as its messaging broker. I use Rabbit 3 and can upgrade as necessary. I run many instances of this server, most of which consume from the same work queue.
There is a large class of work that the server needs to do that absolutely can't be repeated. There's also an idempotent (i.e. messages can be re-run if need be) mode of execution that acks only after successful execution, but there are no issues with that part.
In non-repeatable mode message processing on a client looks like this (assuming that it's consuming the appropriate queue):
- Receive a messsage.
- Unpack/parse/verify the message contents.
- Ack the message.
- Do the operation requested by the message.
- GOTO step 1.
The requirement that work be non-repeatable is so important that the inherent risks of the above scenario (messages get dropped on the floor if a job server is killed between steps 3 and 4) are acceptable.
Sometimes, step 4 takes a very long time. Since the AMQP client has already acked its only message (assuming a qos of 1), RabbitMQ pushes it another if one exists, and that message then stays in unacked status until the job server finishes execution of its current message. This is very bad, because the work being done is very high-priority and should be done ASAP, and there are almost always available consumers who are not in the middle of doing work that can perform requested operations immediately.
Hence, my question:
While remaining a consumer on a queue, how do I guarantee that a message will only be processed once, without consuming/unacking any other messages during the processing phase?
1. The first thing Itried was setting the QoS (sometimes called prefetch size, but that's a misnomer since there's no 'fetching' involved, just server pushes) to 1 or 0. Setting it to 1 reduces the severity of this problem, but doesn't solve it, since one message can still be made to wait for a previous message's processing to finish. Setting QoS to 0 unlimits the local buffer size, which makes the problem much worse.
2. I played with breaking up work queues to be separate per job server instance, but that damages scalability, since I have to add objects to the broker every time I need a new instance. I need to be able to increase the amount of work that could be done in parallel just by starting new instances of the server, no messaging topology changes required.
3. The naive solution of writing a record to some central state every time a message starts running (i.e. reimplementing message locking) is far too slow.
4. I tried cancelling the consume immediately after acking the message, nacking everything in the local buffer, and re-establishing the consume for the next message. This was very slow on the clients, generated a whole lot more network traffic, and (worst of all), made the Rabbit server experience very high load and progressively slower performance. The management API/UI also became sluggish and difficult to use, my federation exchanges began hanging, and HA started falling out of sync.
5. I thought about a complicated topological solution: First, I'd ensure that all messages had a routing key of a unique identifier (I could use headers exchanges and the message_id AMQP field later, but this is a simpler implementation). All messages would be published to a topic exchange xA, whose alternate exchange is xB. xB would be a direct exchange, and bind directly to qC, the work queue. I'd also create qD, which would only contain work that failed to process or was rejected due to a crash on a job server instance. Then, I could start a specialized daemon/constantly-running program somewhere that loops through the entire contents of qC, acks them all, and manually re-publishes each one to xA. All messages enter the system through xA anyway, and in the default state they end up in qC regardless of their routing keys.
The message lifecycle on each client would then look like:
- Receive a messsage.
- Unpack/parse/verify the message contents.
- If a message has the redelivered bit set:
- Ack the message.
- Republish it as-is to
xA.
- Wait for confirmation.
- Remove binding from
xA to qD with the routing key of the message received (a UID).
- Else:
- Add binding from
xA to qD with the routing key of the message received (a UID).
- Do the operation requested by the message.
- Ack message.
- GOTO 1.
That way, if a message failed during its "do work" phase and was implicitly rejected with requeue=1, the redelivered bit would be set. The next job server instance to receive that redelivered message would ack it and republish it to xA, which would route it to qD. After the publish was confirmed (the message landed in qD), the binding would be eliminated.
That solution would solve the problem better than any of the other theories I've had. However, I think that the huge number of bindings that could potentially be created (and the add/remove binding requests/second rate) would very probably severely impact Rabbit's performance. This discussion thread seems to corroborate that theory. Ideally, I'd like a solution that doesn't send more network traffic to and from the rabbit server than it absolutely needs to, and doesn't create more persistent objects (temp messages, queues, bindings, etc) on the server than it absolutely needs to.
https://stackoverflow.com/questions/20976356
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
Russian