Sqlite fixes

[mheon]

Two fixes:

• Ensure that SQLite schema migration happens before we init any part of the database, so we never access a database with a bad schema.
• Fix a flake where we were getting database locked errors due to concurrent read/write of the same table.

NONE

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: mheon

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS [mheon]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[mheon]

@edsantiago This should get rid of the database locked flake, but I haven't been able to reproduce locally so I can't be 100% on that.

[edsantiago]

This is going to conflict with #17867

[vrothberg]

Can we make a mix of #17867 and this PR?

I really think that setting the PRAGMAs as done in #17867 is 1) faster and 2) easier to read.

[vrothberg]

Isn't that effectively excluding all other processes from opening a connection?

[edsantiago]

FWIW, the string "UNIQUE" (case-sensitive, caps) does not appear in the CI logs, nor do any of the following case-insensitive strings:

• "constraint fail"
• "config row"
• "adding db"
• "dbconfig.id"

Timings, with a reminder that this is not equivalent to serious performance benchmarks

type	distro	user	DB	local	remote	container
int	fedora-37	root		30:45	33:11	27:59
int	fedora-37	root	sqlite	30:59	33:33
int	fedora-37	rootless		29:41
int	fedora-37	rootless	sqlite	28:50

[edsantiago]

System test runs in #17831 are done. Saw lots of "database is locked", but no "unique etc" errors.

[mheon]

I have pulled in #17867 from @vrothberg

[mheon]

Marking as WIP: I'm going to perf test max connections vs transaction locking.

[mheon]

@edsantiago Did you pull in Valentin's earlier PR, and if so did it resolve the database locked issue?

[edsantiago]

@mheon yes I made an earlier run of #17831 using @vrothberg's fixes, and saw no instances of the "is locked" bug. I'm now rerebasing on this PR, and will resubmit in a few seconds.

[mheon]

Benchmark 1: /home/mheon/code/podman/bin/podman --db-backend=sqlite ps -a
  Time (mean ± σ):      21.7 ms ±   1.0 ms    [User: 27.1 ms, System: 11.8 ms]
  Range (min … max):    19.1 ms …  24.1 ms    100 runs
 
Benchmark 2: /home/mheon/code/podman/bin/podman_maxcons --db-backend=sqlite ps -a
  Time (mean ± σ):      22.2 ms ±   1.2 ms    [User: 28.8 ms, System: 11.9 ms]
  Range (min … max):    19.5 ms …  26.4 ms    100 runs
 
Summary
  '/home/mheon/code/podman/bin/podman --db-backend=sqlite ps -a' ran
    1.03 ± 0.08 times faster than '/home/mheon/code/podman/bin/podman_maxcons --db-backend=sqlite ps -a'

[mheon]

Maxcons is definitely slowing us down somewhat, at least at high container counts (that was 500)

[mheon]

It goes down to ~1% slower at lower container counts

[mheon]

Based on current numbers, the tx lock seems slightly faster. I'm going to remove the connection count limit.

[mheon]

Re-pushed. Max connections logic is gone. Removing WIP. Going to switch to sqlite vs bolt perf comparisons.

[edsantiago]

Followup: I did not see UNIQUE constraint nor 'database is locked` in system tests, yay, but I do see one new failure I've never seen before, in f37 rootless sqlite:

  stop podman.service
  ...
  Execing /var/tmp/go/src/github.com/containers/podman/bin/podman --root /tmp/podman_test2489001336/server_root inspect --format={{.State.Running}} top_ccwvMutB
  Error: inspecting object: no such object: "top_ccwvMutB"

What's really curious is that this is an e2e test that says Execing, whereas usually they say "Running". And the "Execing" line does not include the --db-backend or any of the other long list of options usually shown in "Running" log lines. Is this some weird different way of running podman?

Worth pointing out that this PR is being run on a system with /etc/containers/containers.conf force-modified to use sqlite, so this is different from the current CI situation in which testing is happening via command-line --db-backend options.

[edsantiago]

@mheon @vrothberg I'm sorry to report that f37 rootless sqlite had one failure in my PR:

$ podman [options] ps -q
Error: adding DB config row: UNIQUE constraint failed: DBConfig.ID

(where "my PR" is #17831 rebased against 0c313b6e5)

[mheon]

Damn. Alright, have to add even more validation there, I guess.

[vrothberg]

Damn. Alright, have to add even more validation there, I guess.

I think there's a race condition in creating the table. Checking for the table existence should be part of the transaction:

diff --git a/libpod/sqlite_state.go b/libpod/sqlite_state.go
index e1007dbc3709..9df98dc4b465 100644
--- a/libpod/sqlite_state.go
+++ b/libpod/sqlite_state.go
@@ -336,23 +336,21 @@ func (s *SQLiteState) ValidateDBConfig(runtime *Runtime) (defErr error) {
 		runtimeGraphDriver = storeOpts.GraphDriverName
 	}
 
-	row := s.conn.QueryRow("SELECT Os, StaticDir, TmpDir, GraphRoot, RunRoot, GraphDriver, VolumeDir FROM DBConfig;")
-
+	tx, err := s.conn.Begin()
+	if err != nil {
+		return fmt.Errorf("beginning DB config transaction: %w", err)
+	}
+	defer func() {
+		if defErr != nil {
+			if err := tx.Rollback(); err != nil {
+				logrus.Errorf("Rolling back transaction to create DB config: %v", err)
+			}
+		}
+	}()
+	row := tx.QueryRow("SELECT Os, StaticDir, TmpDir, GraphRoot, RunRoot, GraphDriver, VolumeDir FROM DBConfig;")
 	if err := row.Scan(&os, &staticDir, &tmpDir, &graphRoot, &runRoot, &graphDriver, &volumePath); err != nil {
 		if errors.Is(err, sql.ErrNoRows) {
 			// Need to create runtime config info in DB
-			tx, err := s.conn.Begin()
-			if err != nil {
-				return fmt.Errorf("beginning DB config transaction: %w", err)
-			}
-			defer func() {
-				if defErr != nil {
-					if err := tx.Rollback(); err != nil {
-						logrus.Errorf("Rolling back transaction to create DB config: %v", err)
-					}
-				}
-			}()
-
 			if _, err := tx.Exec(createRow, 1, schemaVersion, runtimeOS,
 				runtimeStaticDir, runtimeTmpDir, runtimeGraphRoot,
 				runtimeRunRoot, runtimeGraphDriver, runtimeVolumePath); err != nil {

[vrothberg]

@edsantiago, could you apply the upper diff to your PR and see whether it fixes the flake?

[edsantiago]

@vrothberg done, run is in progress. Quick note that this flake is rare: it did not happen at all on my last CI rerun, and it did not happen in this PR's most recent run. (As in: I downloaded all the logs and grep'ed them for even single failures). I will of course continue to download-and-grep all logs for this and my PR and report my findings.

[edsantiago]

Well, doesn't look good. Didn't even make it past the image fetch:

Caching quay.io/libpod/cirros:latest at /tmp/quay.io-libpod-cirros-latest.tar...
$ podman [options] pull quay.io/libpod/cirros:latest
Error: beginning refresh transaction: database is locked

[vrothberg]

LGTM
I vote for merging this PR as is. It's already an improvement and we can tackle the remaining flake(s) separately.

[vrothberg]

Well, doesn't look good. Didn't even make it past the image fetch:

Caching quay.io/libpod/cirros:latest at /tmp/quay.io-libpod-cirros-latest.tar...
$ podman [options] pull quay.io/libpod/cirros:latest
Error: beginning refresh transaction: database is locked

This error is really weird. @mheon, shouldn't Podman just busy-wait until the DB is unlocked by another thread/process?

[edsantiago]

Incremental progress is totally fine with me.

/lgtm
/hold

[baude]

/hold cancel