unicorn.git  about / heads / tags
Rack HTTP server for Unix and fast clients
blob 561a1ccc74a6359c756eb97762627ac8b747f664 3017 bytes (raw)
$ git show ccc-tcp:Application_Timeouts	# shows this blob on the CLI

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
 
= Application Timeouts

This article focuses on _application_ setup for Rack applications, but
can be expanded to all applications that connect to external resources
and expect short response times.

This article is not specific to unicorn, but exists to discourage
the overuse of the built-in
{timeout}[link:Unicorn/Configurator.html#method-i-timeout] directive
in unicorn.

== ALL External Resources Are Considered Unreliable

Network reliability can _never_ be guaranteed.  Network failures cannot
be detected reliably by the client (Rack application) in a reasonable
timeframe, not even on a LAN.

Thus, application authors must configure timeouts when interacting with
external resources.

Most database adapters allow configurable timeouts.

Net::HTTP and Net::SMTP in the Ruby standard library allow
configurable timeouts.

Even for things as fast as {memcached}[http://memcached.org/],
{dalli}[http://rubygems.org/gems/dalli],
{memcached}[http://rubygems.org/gems/memcached] and
{memcache-client}[http://rubygems.org/gems/memcache-client] RubyGems all
offer configurable timeouts.

Consult the relevant documentation for the libraries you use on
how to configure these timeouts.

== Rolling Your Own Socket Code

Use non-blocking I/O and IO.select with a timeout to wait on sockets.

== Timeout module in the Ruby standard library

Ruby offers a Timeout module in its standard library.  It has several
caveats and is not always reliable:

* /Some/ Ruby C extensions are not interrupted/timed-out gracefully by
  this module (report these bugs to extension authors, please) but
  pure-Ruby components should be.

* Long-running tasks may run inside `ensure' clauses after timeout
  fires, causing the timeout to be ineffective.

The Timeout module is a second-to-last-resort solution, timeouts using
IO.select (or similar) are more reliable.  If you depend on libraries
that do not offer timeouts when connecting to external resources, kindly
ask those library authors to provide configurable timeouts.

=== A Note About Filesystems

Most operations to regular files on POSIX filesystems are NOT
interruptable.  Thus, the "timeout" module in the Ruby standard library
can not reliably timeout systems with massive amounts of iowait.

If your app relies on the filesystem, ensure all the data your
application works with is small enough to fit in the kernel page cache.
Otherwise increase the amount of physical memory you have to match, or
employ a fast, low-latency storage system (solid state).

Volumes mounted over NFS (and thus a potentially unreliable network)
must be mounted with timeouts and applications must be prepared to
handle network/server failures.

== The Last Line Of Defense

The {timeout}[link:Unicorn/Configurator.html#method-i-timeout] mechanism
in unicorn is an extreme solution that should be avoided whenever
possible.  It will help catch bugs in your application where and when
your application forgets to use timeouts, but it is expensive as it
kills and respawns a worker process.

git clone https://yhbt.net/unicorn.git