Transient error handling and concurrency limit for postgres based indexed storage (#3184)

* Transient error handling and concurrency limit for postgres based indexed storage

* Format

Author: vigoo

golem-debugging-service/config/debug-worker-executor.sample.env

@@ -67,6 +67,11 @@ GOLEM__OPLOG__OPLOG_RATE_LIMIT_ENABLED=false
 GOLEM__OPLOG__PLUGIN_MAX_COMMIT_COUNT=3
 GOLEM__OPLOG__PLUGIN_MAX_ELAPSED_TIME="5s"
 GOLEM__OPLOG__DEFAULT_SNAPSHOTTING__TYPE="Disabled"
+GOLEM__OPLOG__INDEXED_STORAGE_RETRY__MAX_ATTEMPTS=3
+GOLEM__OPLOG__INDEXED_STORAGE_RETRY__MAX_DELAY="1s"
+GOLEM__OPLOG__INDEXED_STORAGE_RETRY__MAX_JITTER_FACTOR=0.15
+GOLEM__OPLOG__INDEXED_STORAGE_RETRY__MIN_DELAY="100ms"
+GOLEM__OPLOG__INDEXED_STORAGE_RETRY__MULTIPLIER=3.0
 GOLEM__OPLOG__OPLOG_PROCESSOR_SNAPSHOTTING__TYPE="EveryNInvocation"
 GOLEM__OPLOG__OPLOG_PROCESSOR_SNAPSHOTTING__CONFIG__COUNT=10
 GOLEM__PUBLIC_WORKER_API__CONNECT_TIMEOUT="10s"
@@ -219,6 +224,11 @@ GOLEM__OPLOG__OPLOG_RATE_LIMIT_ENABLED=false
 GOLEM__OPLOG__PLUGIN_MAX_COMMIT_COUNT=3
 GOLEM__OPLOG__PLUGIN_MAX_ELAPSED_TIME="5s"
 GOLEM__OPLOG__DEFAULT_SNAPSHOTTING__TYPE="Disabled"
+GOLEM__OPLOG__INDEXED_STORAGE_RETRY__MAX_ATTEMPTS=3
+GOLEM__OPLOG__INDEXED_STORAGE_RETRY__MAX_DELAY="1s"
+GOLEM__OPLOG__INDEXED_STORAGE_RETRY__MAX_JITTER_FACTOR=0.15
+GOLEM__OPLOG__INDEXED_STORAGE_RETRY__MIN_DELAY="100ms"
+GOLEM__OPLOG__INDEXED_STORAGE_RETRY__MULTIPLIER=3.0
 GOLEM__OPLOG__OPLOG_PROCESSOR_SNAPSHOTTING__TYPE="EveryNInvocation"
 GOLEM__OPLOG__OPLOG_PROCESSOR_SNAPSHOTTING__CONFIG__COUNT=10
 GOLEM__PUBLIC_WORKER_API__CONNECT_TIMEOUT="10s"

golem-debugging-service/config/debug-worker-executor.toml

@@ -107,6 +107,13 @@ plugin_max_elapsed_time = "5s"
 [oplog.default_snapshotting]
 type = "Disabled"
 
+[oplog.indexed_storage_retry]
+max_attempts = 3
+max_delay = "1s"
+max_jitter_factor = 0.15
+min_delay = "100ms"
+multiplier = 3.0
+
 [oplog.oplog_processor_snapshotting]
 type = "EveryNInvocation"
 
@@ -342,6 +349,13 @@ without_time = false
 # [oplog.default_snapshotting]
 # type = "Disabled"
 # 
+# [oplog.indexed_storage_retry]
+# max_attempts = 3
+# max_delay = "1s"
+# max_jitter_factor = 0.15
+# min_delay = "100ms"
+# multiplier = 3.0
+# 
 # [oplog.oplog_processor_snapshotting]
 # type = "EveryNInvocation"
 # 

golem-service-base/src/repo/mod.rs

@@ -37,6 +37,19 @@ impl RepoError {
     pub fn is_unique_violation(&self) -> bool {
         matches!(self, RepoError::UniqueViolation(_))
     }
+
+    pub fn is_transient(&self) -> bool {
+        match self {
+            RepoError::InternalError(err) => {
+                if let Some(sqlx_err) = err.downcast_ref::<sqlx::Error>() {
+                    matches!(sqlx_err, sqlx::Error::PoolTimedOut | sqlx::Error::Io(_))
+                } else {
+                    false
+                }
+            }
+            RepoError::UniqueViolation(_) => false,
+        }
+    }
 }
 
 error_forwarding!(RepoError);

golem-worker-executor/config/worker-executor.sample.env

@@ -83,6 +83,11 @@ GOLEM__OPLOG__OPLOG_RATE_LIMIT_ENABLED=false
 GOLEM__OPLOG__PLUGIN_MAX_COMMIT_COUNT=3
 GOLEM__OPLOG__PLUGIN_MAX_ELAPSED_TIME="5s"
 GOLEM__OPLOG__DEFAULT_SNAPSHOTTING__TYPE="Disabled"
+GOLEM__OPLOG__INDEXED_STORAGE_RETRY__MAX_ATTEMPTS=3
+GOLEM__OPLOG__INDEXED_STORAGE_RETRY__MAX_DELAY="1s"
+GOLEM__OPLOG__INDEXED_STORAGE_RETRY__MAX_JITTER_FACTOR=0.15
+GOLEM__OPLOG__INDEXED_STORAGE_RETRY__MIN_DELAY="100ms"
+GOLEM__OPLOG__INDEXED_STORAGE_RETRY__MULTIPLIER=3.0
 GOLEM__OPLOG__OPLOG_PROCESSOR_SNAPSHOTTING__TYPE="EveryNInvocation"
 GOLEM__OPLOG__OPLOG_PROCESSOR_SNAPSHOTTING__CONFIG__COUNT=10
 GOLEM__PUBLIC_WORKER_API__CONNECT_TIMEOUT="10s"
@@ -283,6 +288,11 @@ GOLEM__OPLOG__OPLOG_RATE_LIMIT_ENABLED=false
 GOLEM__OPLOG__PLUGIN_MAX_COMMIT_COUNT=3
 GOLEM__OPLOG__PLUGIN_MAX_ELAPSED_TIME="5s"
 GOLEM__OPLOG__DEFAULT_SNAPSHOTTING__TYPE="Disabled"
+GOLEM__OPLOG__INDEXED_STORAGE_RETRY__MAX_ATTEMPTS=3
+GOLEM__OPLOG__INDEXED_STORAGE_RETRY__MAX_DELAY="1s"
+GOLEM__OPLOG__INDEXED_STORAGE_RETRY__MAX_JITTER_FACTOR=0.15
+GOLEM__OPLOG__INDEXED_STORAGE_RETRY__MIN_DELAY="100ms"
+GOLEM__OPLOG__INDEXED_STORAGE_RETRY__MULTIPLIER=3.0
 GOLEM__OPLOG__OPLOG_PROCESSOR_SNAPSHOTTING__TYPE="EveryNInvocation"
 GOLEM__OPLOG__OPLOG_PROCESSOR_SNAPSHOTTING__CONFIG__COUNT=10
 GOLEM__PUBLIC_WORKER_API__CONNECT_TIMEOUT="10s"
@@ -453,6 +463,11 @@ GOLEM__OPLOG__OPLOG_RATE_LIMIT_ENABLED=false
 GOLEM__OPLOG__PLUGIN_MAX_COMMIT_COUNT=3
 GOLEM__OPLOG__PLUGIN_MAX_ELAPSED_TIME="5s"
 GOLEM__OPLOG__DEFAULT_SNAPSHOTTING__TYPE="Disabled"
+GOLEM__OPLOG__INDEXED_STORAGE_RETRY__MAX_ATTEMPTS=3
+GOLEM__OPLOG__INDEXED_STORAGE_RETRY__MAX_DELAY="1s"
+GOLEM__OPLOG__INDEXED_STORAGE_RETRY__MAX_JITTER_FACTOR=0.15
+GOLEM__OPLOG__INDEXED_STORAGE_RETRY__MIN_DELAY="100ms"
+GOLEM__OPLOG__INDEXED_STORAGE_RETRY__MULTIPLIER=3.0
 GOLEM__OPLOG__OPLOG_PROCESSOR_SNAPSHOTTING__TYPE="EveryNInvocation"
 GOLEM__OPLOG__OPLOG_PROCESSOR_SNAPSHOTTING__CONFIG__COUNT=10
 GOLEM__PUBLIC_WORKER_API__CONNECT_TIMEOUT="10s"

golem-worker-executor/config/worker-executor.toml

@@ -135,6 +135,13 @@ plugin_max_elapsed_time = "5s"
 [oplog.default_snapshotting]
 type = "Disabled"
 
+[oplog.indexed_storage_retry]
+max_attempts = 3
+max_delay = "1s"
+max_jitter_factor = 0.15
+min_delay = "100ms"
+multiplier = 3.0
+
 [oplog.oplog_processor_snapshotting]
 type = "EveryNInvocation"
 
@@ -441,6 +448,13 @@ without_time = false
 # [oplog.default_snapshotting]
 # type = "Disabled"
 # 
+# [oplog.indexed_storage_retry]
+# max_attempts = 3
+# max_delay = "1s"
+# max_jitter_factor = 0.15
+# min_delay = "100ms"
+# multiplier = 3.0
+# 
 # [oplog.oplog_processor_snapshotting]
 # type = "EveryNInvocation"
 # 
@@ -717,6 +731,13 @@ without_time = false
 # [oplog.default_snapshotting]
 # type = "Disabled"
 # 
+# [oplog.indexed_storage_retry]
+# max_attempts = 3
+# max_delay = "1s"
+# max_jitter_factor = 0.15
+# min_delay = "100ms"
+# multiplier = 3.0
+# 
 # [oplog.oplog_processor_snapshotting]
 # type = "EveryNInvocation"
 # 

golem-worker-executor/src/lib.rs

@@ -699,6 +699,7 @@ pub async fn create_worker_executor_impl<
         let svc: Arc<dyn OplogArchiveService> = Arc::new(CompressedOplogArchiveService::new(
             indexed_storage.clone(),
             idx,
+            golem_config.oplog.indexed_storage_retry.clone(),
         ));
         oplog_archives.push(svc);
     }
@@ -717,6 +718,7 @@ pub async fn create_worker_executor_impl<
                 golem_config.oplog.max_operations_before_commit,
                 golem_config.oplog.max_operations_before_commit_ephemeral,
                 golem_config.oplog.max_payload_size,
+                golem_config.oplog.indexed_storage_retry.clone(),
             )
             .await,
         ),
@@ -728,6 +730,7 @@ pub async fn create_worker_executor_impl<
                     golem_config.oplog.max_operations_before_commit,
                     golem_config.oplog.max_operations_before_commit_ephemeral,
                     golem_config.oplog.max_payload_size,
+                    golem_config.oplog.indexed_storage_retry.clone(),
                 )
                 .await,
             );

golem-worker-executor/src/metrics.rs

@@ -303,6 +303,12 @@ pub mod oplog {
             &["account_id", "environment_id"]
         )
         .unwrap();
+        static ref OPLOG_STORAGE_RETRY_TOTAL: CounterVec = register_counter_vec!(
+            "oplog_storage_retry_total",
+            "Number of oplog storage operation retries due to transient errors",
+            &["op"]
+        )
+        .unwrap();
     }
 
     pub fn record_oplog_call(api_name: &'static str) {
@@ -315,6 +321,12 @@ pub mod oplog {
             .inc();
     }
 
+    pub fn record_oplog_storage_retry(op_name: &str) {
+        OPLOG_STORAGE_RETRY_TOTAL
+            .with_label_values(&[op_name])
+            .inc();
+    }
+
     pub fn record_scheduled_archive(duration: std::time::Duration, has_more: bool) {
         SCHEDULED_ARCHIVE_TIME
             .with_label_values(if has_more {

golem-worker-executor/src/services/golem_config.rs

@@ -502,6 +502,10 @@ pub struct OplogConfig {
     /// (`oplog_writes_per_second`). Defaults to false (disabled).
     #[serde(default)]
     pub oplog_rate_limit_enabled: bool,
+    /// Retry configuration for transient indexed-storage errors (pool exhaustion,
+    /// connection resets). Defaults to 3 attempts, 100 ms–1 s exponential backoff.
+    #[serde(default = "default_oplog_indexed_storage_retry")]
+    pub indexed_storage_retry: RetryConfig,
 }
 
 impl SafeDisplay for OplogConfig {
@@ -557,10 +561,19 @@ impl SafeDisplay for OplogConfig {
             "oplog rate limit enabled: {}",
             self.oplog_rate_limit_enabled
         );
+        let _ = writeln!(
+            &mut result,
+            "indexed storage retry: {:?}",
+            self.indexed_storage_retry
+        );
         result
     }
 }
 
+fn default_oplog_indexed_storage_retry() -> RetryConfig {
+    RetryConfig::max_attempts_3()
+}
+
 #[derive(Clone, Debug, Serialize, Deserialize)]
 #[serde(tag = "type", content = "config")]
 pub enum KeyValueStorageConfig {
@@ -812,6 +825,8 @@ pub struct IndexedStoragePostgresConfig {
     pub postgres: DbPostgresConfig,
     #[serde(default = "default_indexed_storage_postgres_drop_prefix_delete_batch_size")]
     pub drop_prefix_delete_batch_size: u64,
+    #[serde(default)]
+    pub max_concurrent_ops: Option<u32>,
 }
 
 impl SafeDisplay for IndexedStoragePostgresConfig {
@@ -823,6 +838,11 @@ impl SafeDisplay for IndexedStoragePostgresConfig {
             "drop prefix delete batch size: {}",
             self.drop_prefix_delete_batch_size
         );
+        let _ = writeln!(
+            &mut result,
+            "max concurrent ops: {:?}",
+            self.max_concurrent_ops
+        );
         result
     }
 }
@@ -1330,6 +1350,7 @@ impl Default for OplogConfig {
             plugin_max_commit_count: 3,
             plugin_max_elapsed_time: Duration::from_secs(5),
             oplog_rate_limit_enabled: false,
+            indexed_storage_retry: default_oplog_indexed_storage_retry(),
         }
     }
 }