Failed power off/status for multiple nodes within a SM15K chassis

Can you please also attach clusterd.log/regiond.log?

Sure...

Um, regiond is 70MB, so log rotation should have been enforced, shouldn't it?

/var/log/maas/regiond.log {
 rotate 5
 weekly
 compress
 missingok
 # copytruncate may lose log messages at the moment of rotation, but
 # there is no better way to integrate twistd and logrotate.
 copytruncate
 # The logs are all owned by the `maas` user, so drop privs.
 su maas maas
 # Don't rotate unless the log is at least 10MB.
 minsize 10M
 # Force rotation if the log grows beyond 50MB.
 maxsize 50M
}

I can confirm that nodes are indeed powered off, but MAAS doesn't update the status. Looking at TCP traffic, I can see that MAAS does talk to the power management.

> Um, regiond is 70MB, so log rotation should have been enforced, shouldn't it?

I'm going to ask Andres to confirm but I think this depends how often logrotate is configured to run (AFAIK, it's *daily* by default). Logrotate runs every so often, it's not constantly monitoring the log file.

The power actions times out after 5 minutes.

There is no artificial contention done by MAAS when powering off a large number of nodes using the same chassis. In other words, MAAS will literally hammer the chassis when performing a power action on a vast number of nodes.

Reading the code in src/provisioningserver/drivers/hardware/seamicro.py I see:
            # Chance that multiple login's are at once, the api
            # only supports one at a time. So lets try again after
            # a second, up to max retry count.

This makes me think that we end up in a deadlock because we have many sessions in parallel.

If this is indeed the problem, we could serialize the power actions at the driver level.

Here is a patch that will serialize (using a file lock) access to the API to verify the hypothesis explained above: http://paste.ubuntu.com/11798657/.

After some debugging I found a couple of problems:

- MAAS uses various timeouts to limit the time it takes to check the power state of nodes. The seamicro chassis sometimes takes as much as 35 seconds to reply to a power query and MAAS has a 15s timeout when the check is performed using the UI (using the "Check now" link). We should make the timeout bigger.

- The main problem that's happening when releasing a large number of nodes is that power.py:power_state_update ends up in a deadlock (thread starvation). After releasing 64 nodes I could see that the 10 threads allowed per region where busy (stuck in epoll_wait) waiting for something and the queue was growing and growing. Increasing the number of threads per region (to 20) solved the problem instantly. Conclusion: there is a deadlock in the code.

Some more debugging and it's now clear that it's the `deallocate_static_ip_addresses` (called as part of releasing) that's stuck, waiting for a thread.

The two branches that I landed improved the situation a bit but this bug is far from being completely fixed. We can't have an unbounded number of threads because it will make MAAS hit the maximum number of DB connections. Conversely, a very limited number of threads leads to deadlocks as explained above.
Two (non-exclusive) options here:
- go through each asynchronous task that MAAS runs and make sure no task being run in a thread requires another thread to complete (i.e. remove all the potential deadlocks).
- implement an intelligent thread pool which "detects" deadlock situations and allocates more threads when it has to (without going above a certain limit).

Here's another datapoint...

If, instead of releasing all nodes, I mark all nodes as broken, they all power off just fine.