Redshift Serverless Data Sharing Query aborted due to read failure on a perm block

May 1, 2024 adminLeave a comment

Here is an interesting error that we recently encountered with one of our Redshift Serverless and Redshift Provisioned clusters. We have a data sharing setup where the serverless DB is the producer cluster of certain key tables. We share these tables to a provisioned Redshift cluster via data sharing.

When querying this particular table on the provisioned cluster through the data share with python(psycopg2) and airflow we received the following error.

2024-04-29 18:06:25,073 - ERROR -   | Query aborted due to read failure on a perm block.
  | HINT:  Please try again.
2024-04-29 18:06:25,073 - ERROR -   | Stacktrace:
2024-04-29 18:06:25,073 - ERROR -   | Traceback (most recent call last):
  |   File "/usr/local/airflow/.local/lib/python3.10/site-packages/soda/execution/query/query.py", line 122, in fetchone
  |     cursor.execute(self.sql)
  | psycopg2.errors.IoError: Query aborted due to read failure on a perm block.
  | HINT:  Please try again.

2024-04-29 18:06:25,073 - ERROR - | Query aborted due to read failure on a perm block.

| HINT: Please try again.

2024-04-29 18:06:25,073 - ERROR - | Stacktrace:

2024-04-29 18:06:25,073 - ERROR - | Traceback (most recent call last):

| File "/usr/local/airflow/.local/lib/python3.10/site-packages/soda/execution/query/query.py", line 122, in fetchone

| cursor.execute(self.sql)

| psycopg2.errors.IoError: Query aborted due to read failure on a perm block.

| HINT: Please try again.

We opened a support case with AWS and was informed that this is due to a meta data mismatch that can be resolved by running an update against the shared table on the producer side. After running this update we were back in business and things operated as normal.

The following query can be executed on the producer cluster as a mitigation: “UPDATE SET = 1 WHERE false;” where TABLE_NAME is the name of the table on which queries are failing and COLUMN_NAME is the name of any column in this table. This query will not result in any actual change to the producer’s data, but will result in synchronizing the metadata pertaining to TABLE_NAME on the consumer and thus letting subsequent datasharing queries go through successfully.

"UPDATE <TABLE_NAME> SET <COLUMN_NAME> = 1 WHERE false;"

1	"UPDATE <TABLE_NAME> SET <COLUMN_NAME> = 1 WHERE false;"

— Jason Ralph

Redshift Serverless Find Largest Tables

February 17, 2024February 20, 2024 adminLeave a comment

You can use the below SQL on redshift serverless to find the top largest tables. You can return the results in 1MB data blocks or convert to TB. You can obviously change the limit N to whatever you want to change the number of results returned.

1MB data blocks:

(wg-redshift) admin@redshift-sl-prod=# select *, size size_in_1_MB_data_blocks from svv_table_info order by pct_used desc limit 1; 
-[ RECORD 1 ]------------+----------------------------------------
database                 | redshift-sl-prod
schema                   | qa
table_id                 | 1791319
table                    | transactions
encoded                  | Y, AUTO(ENCODE)
diststyle                | AUTO(EVEN)
sortkey1                 | AUTO(SORTKEY)
max_varchar              | 16383
sortkey1_enc             | 
sortkey_num              | 0
size                     | 9102740
pct_used                 | 0.4444
empty                    | 0
unsorted                 | 
stats_off                | 0.00
tbl_rows                 | 91509652251
skew_sortkey1            | 
skew_rows                | 
estimated_visible_rows   | 91509653504
risk_event               | 
vacuum_sort_benefit      | 
create_time              | 2023-11-15 01:53:19.524329
size_in_1_mb_data_blocks | 9102740

Time: 6995.168 ms (00:06.995)

(wg-redshift) admin@redshift-sl-prod=# select *, size size_in_1_MB_data_blocks from svv_table_info order by pct_used desc limit 1;

-[ RECORD 1 ]------------+----------------------------------------

database | redshift-sl-prod

schema | qa

table_id | 1791319

table | transactions

encoded | Y, AUTO(ENCODE)

diststyle | AUTO(EVEN)

sortkey1 | AUTO(SORTKEY)

max_varchar | 16383

sortkey1_enc |

sortkey_num | 0

size | 9102740

pct_used | 0.4444

empty | 0

unsorted |

stats_off | 0.00

tbl_rows | 91509652251

skew_sortkey1 |

skew_rows |

estimated_visible_rows | 91509653504

risk_event |

vacuum_sort_benefit |

create_time | 2023-11-15 01:53:19.524329

size_in_1_mb_data_blocks | 9102740

Time: 6995.168 ms (00:06.995)

Size In TB:

(wg-redshift) admin@redshift-sl-prod=# select *, size/(1024*1024) size_in_tb from svv_table_info order by pct_used desc limit 1; 
-[ RECORD 1 ]----------+----------------------------------------
database               | redshift-sl-prod
schema                 | qa
table_id               | 1791319
table                  | transactions
encoded                | Y, AUTO(ENCODE)
diststyle              | AUTO(EVEN)
sortkey1               | AUTO(SORTKEY)
max_varchar            | 16383
sortkey1_enc           | 
sortkey_num            | 0
size                   | 9102740
pct_used               | 0.4444
empty                  | 0
unsorted               | 
stats_off              | 0.00
tbl_rows               | 91509652251
skew_sortkey1          | 
skew_rows              | 
estimated_visible_rows | 91509653504
risk_event             | 
vacuum_sort_benefit    | 
create_time            | 2023-11-15 01:53:19.524329
size_in_tb             | 8

Time: 6763.316 ms (00:06.763)

(wg-redshift) admin@redshift-sl-prod=# select *, size/(1024*1024) size_in_tb from svv_table_info order by pct_used desc limit 1;

-[ RECORD 1 ]----------+----------------------------------------

database | redshift-sl-prod

schema | qa

table_id | 1791319

table | transactions

encoded | Y, AUTO(ENCODE)

diststyle | AUTO(EVEN)

sortkey1 | AUTO(SORTKEY)

max_varchar | 16383

sortkey1_enc |

sortkey_num | 0

size | 9102740

pct_used | 0.4444

empty | 0

unsorted |

stats_off | 0.00

tbl_rows | 91509652251

skew_sortkey1 |

skew_rows |

estimated_visible_rows | 91509653504

risk_event |

vacuum_sort_benefit |

create_time | 2023-11-15 01:53:19.524329

size_in_tb | 8

Time: 6763.316 ms (00:06.763)

Specific Fields:

(wg-redshift) admin@redshift-sl-prod=# select database, schema, "table", size size_in_mb, tbl_rows, size/(1024*1024) size_in_tb from svv_table_info order by pct_used desc limit 1;
-[ RECORD 1 ]---------------------------------------
database   | redshift-sl-prod
schema     | seamqa
table      | transactions
size_in_mb | 9102740
tbl_rows   | 91509652251
size_in_tb | 8

Time: 6202.359 ms (00:06.202)

(wg-redshift) admin@redshift-sl-prod=# select database, schema, "table", size size_in_mb, tbl_rows, size/(1024*1024) size_in_tb from svv_table_info order by pct_used desc limit 1;

-[ RECORD 1 ]---------------------------------------

database | redshift-sl-prod

schema | seamqa

table | transactions

size_in_mb | 9102740

tbl_rows | 91509652251

size_in_tb | 8

Time: 6202.359 ms (00:06.202)

botocore.exceptions.ReadTimeoutError: Read timeout on endpoint URL: https://lambda.us-east-1.amazonaws.com

January 17, 2024January 17, 2024 admin2 Comments

Recently while working on one of our EMR projects that uses lambdas and airflow, I ran into the following timeout issue:

botocore.exceptions.ReadTimeoutError: Read timeout on endpoint URL: "https://lambda.us-east-1.amazonaws.com/2015-03-31/functions/infrastructure-lambda-incoming/invocations"

1	botocore.exceptions.ReadTimeoutError: Read timeout on endpoint URL: "https://lambda.us-east-1.amazonaws.com/2015-03-31/functions/infrastructure-lambda-incoming/invocations"

We have a lambda that was invoked from boto3 in a Airflow step that would update dynamo db with values needed for our pipeline. This function worked in previous tests with no issues. We did add to the lambda function which was causing it to take longer than normal. When we tested the lambda from the console, the function worked fine, albeit it took a bit longer than the previous version. When calling from Airflow we would continually run into the timeout issue, causing the function to be executed multiple times during retries.

I thought to test this function from the awscli and it revealed the issue, the default boto3 timeout is 60 seconds, this was longer than our lambda was taking. So even though we set the lambda timeout to 4 minutes, boto was timing out at 1 minute, never getting the response back from lambda. The way we fixed this was to have boto3 setup a lambda_config that had a longer timeout.

lambda_config = config.Config(
    read_timeout=900,
    connect_timeout=900,
    retries={"max_attempts": 0}
)

lambda_config = config.Config(

read_timeout=900,

connect_timeout=900,

retries={"max_attempts": 0}

)

def call_lambda(**kwargs):
    lambda_client = boto3.client('lambda', region_name=REGION, config=lambda_config)
    payload = {--snipped--}
    # invoke the lambda and wait for it to complete
    response = lambda_client.invoke(
        FunctionName=lambda_name,
        InvocationType="RequestResponse",
        Payload=json.dumps(payload),
    )
    if response["StatusCode"] != 200:
        raise AirflowException("Preprocess lambda has failed")

def call_lambda(**kwargs):

lambda_client = boto3.client('lambda', region_name=REGION, config=lambda_config)

payload = {--snipped--}

# invoke the lambda and wait for it to complete

response = lambda_client.invoke(

FunctionName=lambda_name,

InvocationType="RequestResponse",

Payload=json.dumps(payload),

)

if response["StatusCode"] != 200:

raise AirflowException("Preprocess lambda has failed")

Upgrade Rocky Linux 8 to 9 CLI

May 18, 2023May 18, 2023 admin2 Comments

I thought I would share my version of how I updated the server that runs this blog from Rocky 8 to Rocky 9 without a clean install. I want to mention this is a do at your own risk post, this is not officially supported.

!!!Do not attempt this if you do not have backups and a way to fully recover your system.!!!

The first step I took was go to the rocky download site and make sure I grabbed the latest GPG, RELEASE and REPOS:

https://download.rockylinux.org/pub/rocky/9/BaseOS/x86_64/os/Packages/r/

You will need to modify the below command to match the version you find in the above site, once that is complete you can run it.

[root@rocky-us-east-jasonralph ~]# dnf install -y https://download.rockylinux.org/pub/rocky/9/BaseOS/x86_64/os/Packages/r/{rocky-gpg-keys-9.2-1.4.el9.noarch.rpm,rocky-release-9.2-1.4.el9.noarch.rpm,rocky-repos-9.2-1.4.el9.noarch.rpm}

1	[root@rocky-us-east-jasonralph ~]# dnf install -y https://download.rockylinux.org/pub/rocky/9/BaseOS/x86_64/os/Packages/r/{rocky-gpg-keys-9.2-1.4.el9.noarch.rpm,rocky-release-9.2-1.4.el9.noarch.rpm,rocky-repos-9.2-1.4.el9.noarch.rpm}

One road block was dnf did not like that I had remi and epel release 8, so I removed them and it went fine.

[root@rocky-us-east-jasonralph ~]# dnf install -y https://download.rockylinux.org/pub/rocky/9/BaseOS/x86_64/os/Packages/r/{rocky-gpg-keys-9.2-1.4.el9.noarch.rpm,rocky-release-9.2-1.4.el9.noarch.rpm,rocky-repos-9.2-1.4.el9.noarch.rpm}
Last metadata expiration check: 0:20:38 ago on Thu 18 May 2023 10:27:24 PM UTC.
rocky-gpg-keys-9.2-1.4.el9.noarch.rpm                                                                                                                                                                                                   169 kB/s |  12 kB     00:00    
rocky-release-9.2-1.4.el9.noarch.rpm                                                                                                                                                                                                    403 kB/s |  23 kB     00:00    
rocky-repos-9.2-1.4.el9.noarch.rpm                                                                                                                                                                                                      298 kB/s |  12 kB     00:00    
Error: 
 Problem: problem with installed package remi-release-8.7-2.el8.remi.noarch
  - package remi-release-8.7-2.el8.remi.noarch requires system-release(releasever) = 8, but none of the providers can be installed
  - package remi-release-8.4-1.el8.remi.noarch requires system-release(releasever) = 8, but none of the providers can be installed
  - package remi-release-8.5-2.el8.remi.noarch requires system-release(releasever) = 8, but none of the providers can be installed
  - package remi-release-8.5-3.el8.remi.noarch requires system-release(releasever) = 8, but none of the providers can be installed
  - package remi-release-8.6-1.el8.remi.noarch requires system-release(releasever) = 8, but none of the providers can be installed
  - cannot install both rocky-release-9.2-1.4.el9.noarch and rocky-release-8.7-1.2.el8.noarch
  - conflicting requests
(try to add '--allowerasing' to command line to replace conflicting packages or '--skip-broken' to skip uninstallable packages or '--nobest' to use not only best candidate packages)

[root@rocky-us-east-jasonralph ~]# dnf install -y https://download.rockylinux.org/pub/rocky/9/BaseOS/x86_64/os/Packages/r/{rocky-gpg-keys-9.2-1.4.el9.noarch.rpm,rocky-release-9.2-1.4.el9.noarch.rpm,rocky-repos-9.2-1.4.el9.noarch.rpm}

Last metadata expiration check: 0:20:38 ago on Thu 18 May 2023 10:27:24 PM UTC.

rocky-gpg-keys-9.2-1.4.el9.noarch.rpm 169 kB/s | 12 kB 00:00

rocky-release-9.2-1.4.el9.noarch.rpm 403 kB/s | 23 kB 00:00

rocky-repos-9.2-1.4.el9.noarch.rpm 298 kB/s | 12 kB 00:00

Error:

Problem: problem with installed package remi-release-8.7-2.el8.remi.noarch

- package remi-release-8.7-2.el8.remi.noarch requires system-release(releasever) = 8, but none of the providers can be installed

- package remi-release-8.4-1.el8.remi.noarch requires system-release(releasever) = 8, but none of the providers can be installed

- package remi-release-8.5-2.el8.remi.noarch requires system-release(releasever) = 8, but none of the providers can be installed

- package remi-release-8.5-3.el8.remi.noarch requires system-release(releasever) = 8, but none of the providers can be installed

- package remi-release-8.6-1.el8.remi.noarch requires system-release(releasever) = 8, but none of the providers can be installed

- cannot install both rocky-release-9.2-1.4.el9.noarch and rocky-release-8.7-1.2.el8.noarch

- conflicting requests

(try to add '--allowerasing' to command line to replace conflicting packages or '--skip-broken' to skip uninstallable packages or '--nobest' to use not only best candidate packages)

Find the epel and remi release rpms:

[root@rocky-us-east-jasonralph ~]# rpm -qa| grep release
remi-release-8.7-2.el8.remi.noarch
epel-release-8-19.el8.noarch
rocky-release-8.7-1.2.el8.noarch

[root@rocky-us-east-jasonralph ~]# rpm -qa| grep release

remi-release-8.7-2.el8.remi.noarch

epel-release-8-19.el8.noarch

rocky-release-8.7-1.2.el8.noarch

Remove them:

[root@rocky-us-east-jasonralph ~]# yum remove epel-release-8-19.el8.noarch remi-release-8.7-2.el8.remi.noarch

1	[root@rocky-us-east-jasonralph ~]# yum remove epel-release-8-19.el8.noarch remi-release-8.7-2.el8.remi.noarch

Upgrade your system to 9 from 8:

[root@rocky-us-east-jasonralph ~]# dnf install -y https://download.rockylinux.org/pub/rocky/9/BaseOS/x86_64/os/Packages/r/{rocky-gpg-keys-9.2-1.4.el9.noarch.rpm,rocky-release-9.2-1.4.el9.noarch.rpm,rocky-repos-9.2-1.4.el9.noarch.rpm}

1	[root@rocky-us-east-jasonralph ~]# dnf install -y https://download.rockylinux.org/pub/rocky/9/BaseOS/x86_64/os/Packages/r/{rocky-gpg-keys-9.2-1.4.el9.noarch.rpm,rocky-release-9.2-1.4.el9.noarch.rpm,rocky-repos-9.2-1.4.el9.noarch.rpm}

I ignored this error, it seems like its just a GPG error:

  Running scriptlet: rocky-gpg-keys-8.7-1.2.el8.noarch                                                                                                                                                                                                              6/6 
Line is not an assignment at '/usr/lib/sysctl.d/50-redhat.conf:8': (null)
Couldn't write '1' to 'net/ipv4/conf/*/rp_filter', ignoring: No such file or directory
warning: %transfiletriggerin(systemd-239-68.el8_7.4.x86_64) scriptlet failed, exit status 1

Error in <unknown> scriptlet in rpm package rocky-gpg-keys

Running scriptlet: rocky-gpg-keys-8.7-1.2.el8.noarch 6/6

Line is not an assignment at '/usr/lib/sysctl.d/50-redhat.conf:8': (null)

Couldn't write '1' to 'net/ipv4/conf/*/rp_filter', ignoring: No such file or directory

warning: %transfiletriggerin(systemd-239-68.el8_7.4.x86_64) scriptlet failed, exit status 1

Error in <unknown> scriptlet in rpm package rocky-gpg-keys

Verify:

[root@rocky-us-east-jasonralph ~]# cat /etc/rocky-release
Rocky Linux release 9.2 (Blue Onyx)

1 2	[root@rocky-us-east-jasonralph ~]# cat /etc/rocky-release Rocky Linux release 9.2 (Blue Onyx)

Rebuild the RPM database to now use SQLITE:

[root@rocky-us-east-jasonralph ~]# rpm --rebuilddb

1	[root@rocky-us-east-jasonralph ~]# rpm --rebuilddb

Thats it, reboot:

[root@rocky-us-east-jasonralph ~]# reboot

1	[root@rocky-us-east-jasonralph ~]# reboot

I did have some issues with dnf where I needed to reset some modules.

[root@rocky-us-east-jasonralph ~]#  dnf check
Modular dependency problems:

 Problem 1: conflicting requests
  - nothing provides module(platform:el8) needed by module httpd:2.4:8070020230406163027:3b9f49c4.x86_64
 Problem 2: conflicting requests
  - nothing provides module(platform:el8) needed by module mariadb:10.3:8060020220913075833:d63f516d.x86_64
 Problem 3: conflicting requests
  - nothing provides module(platform:el8) needed by module mysql:8.0:8060020221025174942:d63f516d.x86_64
 Problem 4: conflicting requests
  - nothing provides module(platform:el8) needed by module nginx:1.14:8040020210610090123:9f9e2e7e.x86_64

[root@rocky-us-east-jasonralph ~]# dnf check

Modular dependency problems:

Problem 1: conflicting requests

- nothing provides module(platform:el8) needed by module httpd:2.4:8070020230406163027:3b9f49c4.x86_64

Problem 2: conflicting requests

- nothing provides module(platform:el8) needed by module mariadb:10.3:8060020220913075833:d63f516d.x86_64

Problem 3: conflicting requests

- nothing provides module(platform:el8) needed by module mysql:8.0:8060020221025174942:d63f516d.x86_64

Problem 4: conflicting requests

- nothing provides module(platform:el8) needed by module nginx:1.14:8040020210610090123:9f9e2e7e.x86_64

I needed to reset the modules one by one, there may be more on your system:

[root@rocky-us-east-jasonralph ~]# dnf module reset httpd:2.4 mariadb:10.3 mysql:8.0 nginx:1.14

1	[root@rocky-us-east-jasonralph ~]# dnf module reset httpd:2.4 mariadb:10.3 mysql:8.0 nginx:1.14

That seemed to fix it, good luck.

AttributeError: module ‘cryptography.utils’ has no attribute ‘register_interface’

September 7, 2022September 8, 2022 admin6 Comments

I just recently came across an issue when we were bootstrapping one of our EMR clusters, looks like when trying to import pgpy we failed with the following traceback:

Traceback (most recent call last):
  File "/mnt/var/lib/hadoop/steps/s-B2LJDDVVD5Y1/./aws_s3_decrypt.py", line 18, in <module>
    import pgpy
  File "/usr/local/lib/python3.7/site-packages/pgpy/__init__.py", line 4, in <module>
    from .pgp import PGPKey
  File "/usr/local/lib/python3.7/site-packages/pgpy/pgp.py", line 27, in <module>
    from .constants import CompressionAlgorithm
  File "/usr/local/lib/python3.7/site-packages/pgpy/constants.py", line 23, in <module>
    from ._curves import BrainpoolP256R1, BrainpoolP384R1, BrainpoolP512R1, X25519, Ed25519
  File "/usr/local/lib/python3.7/site-packages/pgpy/_curves.py", line 37, in <module>
    @utils.register_interface(ec.EllipticCurve)
AttributeError: module 'cryptography.utils' has no attribute 'register_interface'
Command exiting with ret '1'

Traceback (most recent call last):

File "/mnt/var/lib/hadoop/steps/s-B2LJDDVVD5Y1/./aws_s3_decrypt.py", line 18, in <module>

import pgpy

File "/usr/local/lib/python3.7/site-packages/pgpy/__init__.py", line 4, in <module>

from .pgp import PGPKey

File "/usr/local/lib/python3.7/site-packages/pgpy/pgp.py", line 27, in <module>

from .constants import CompressionAlgorithm

File "/usr/local/lib/python3.7/site-packages/pgpy/constants.py", line 23, in <module>

from ._curves import BrainpoolP256R1, BrainpoolP384R1, BrainpoolP512R1, X25519, Ed25519

File "/usr/local/lib/python3.7/site-packages/pgpy/_curves.py", line 37, in <module>

@utils.register_interface(ec.EllipticCurve)

AttributeError: module 'cryptography.utils' has no attribute 'register_interface'

Command exiting with ret '1'

Apparently the cryptography team released a new version on September 7th 2022 that broke the pgpy library.
https://pypi.org/project/cryptography/38.0.1/

We needed to downgrade our version to get things working again. I figured I would post this to see if others run into this, according to the pgpy github page, they are working on a fix.

https://github.com/SecurityInnovation/PGPy/issues/402

Here is how I solved it in the meantime, I needed to downgrade the cryptography library.

sudo python3 -m pip install PGPy
sudo python3 -m pip uninstall -y cryptography
sudo python3 -m pip install cryptography==37.0.4

sudo python3 -m pip install PGPy

sudo python3 -m pip uninstall -y cryptography

sudo python3 -m pip install cryptography==37.0.4

Python Linux Find Files With Pattern Accessed Older Than N Days And Remove

July 7, 2022July 14, 2022 adminLeave a comment

This is a neat utility that you can use to keep in your sysadmin bag of tricks, it walks the directory you define recursively and grabs all the file access times and stores them into a list, it then compares them against a command line parameter for days ago. If its older than N days it will remove the file. What’s really nice about this utility is it has a debug mode, this way you can see what will be deleted before you remove debug and execute it.

#!/usr/bin/env python3

import argparse
import fnmatch
import os
import sys
from datetime import datetime, timedelta
from pathlib import Path

# set date now.
now = datetime.today()

# setup dir to clean
home = str(Path.home())
target_dir = '/home/jasonr' # CHANGE TO WHERE YOU WANT TO SEARCH

# dir to clean
dirs_to_clean = target_dir

# setup cli arguments.
parser = argparse.ArgumentParser(
    description='''
[--days_ago 60] will keep 60 days worth of files.
[--debug yes] will print out statements with no actions.''',
    formatter_class=argparse.RawTextHelpFormatter)
parser.add_argument('--days_ago',
                    help='[--days_ago NN]')
parser.add_argument('--debug',
                    help='[--debug (yes|no)')
args = parser.parse_args()

# allowed arguments from cli.
accepted_cli_args = ['yes', 'no']

# sanity check, assign days to keep on system.
if args.days_ago is None:
    days = 60
else:
    days = args.days_ago

# define a list of patterns
patterns = ['*.csv', '*.txt'] # YOU CAN ADD ANY PATTERN TO LIST

# sanity check, assign debug true or false
if args.debug in accepted_cli_args:
    if args.debug == 'yes':
        debug = True
    else:
        debug = False
else:
    print("{0}: Wrong parameter --debug (yes or no): [{1}]"
          .format(now, args.debug))
    sys.exit(1)


def find_files(dir_to_clean):
    file_list = []
    days_ago = datetime.now() - timedelta(days=int(days))
    for root, dirs, files in os.walk(dir_to_clean):
        for pattern in patterns:
            for filename in fnmatch.filter(files, pattern):
                file_list.append(os.path.join(root, filename))
                file_list.sort()

    for file in file_list:
        try:
            file_atime = datetime.fromtimestamp(os.path.getatime(file))
        except Exception as e:
            print("{0}: File Access Time Get Failed: [{1}]"
                  .format(now, e))
        if file_atime < days_ago:
            if os.path.isfile(file):
                try:
                    if not debug:
                        print("{0}: Removing file: [{1}]"
                              .format(now, file))
                        os.remove(file)
                    else:
                        print("{0}: DEBUG: Removing file: [{1}]"
                              .format(now, file))
                except OSError as e:
                    print("{0}: File Clean Up Failed: [{1}]"
                          .format(now, e))
                    sys.exit(1)


# main function.
def main():
    find_files(dirs_to_clean)


if __name__ == "__main__":
    main()

#!/usr/bin/env python3

import argparse

import fnmatch

import os

import sys

from datetime import datetime, timedelta

from pathlib import Path

# set date now.

now = datetime.today()

# setup dir to clean

home = str(Path.home())

target_dir = '/home/jasonr' # CHANGE TO WHERE YOU WANT TO SEARCH

# dir to clean

dirs_to_clean = target_dir

# setup cli arguments.

parser = argparse.ArgumentParser(

description='''

[--days_ago 60] will keep 60 days worth of files.

[--debug yes] will print out statements with no actions.''',

formatter_class=argparse.RawTextHelpFormatter)

parser.add_argument('--days_ago',

help='[--days_ago NN]')

parser.add_argument('--debug',

help='[--debug (yes|no)')

args = parser.parse_args()

# allowed arguments from cli.

accepted_cli_args = ['yes', 'no']

# sanity check, assign days to keep on system.

if args.days_ago is None:

days = 60

else:

days = args.days_ago

# define a list of patterns

patterns = ['*.csv', '*.txt'] # YOU CAN ADD ANY PATTERN TO LIST

# sanity check, assign debug true or false

if args.debug in accepted_cli_args:

if args.debug == 'yes':

debug = True

else:

debug = False

else:

print("{0}: Wrong parameter --debug (yes or no): [{1}]"

.format(now, args.debug))

sys.exit(1)

def find_files(dir_to_clean):

file_list = []

days_ago = datetime.now() - timedelta(days=int(days))

for root, dirs, files in os.walk(dir_to_clean):

for pattern in patterns:

for filename in fnmatch.filter(files, pattern):

file_list.append(os.path.join(root, filename))

file_list.sort()

for file in file_list:

try:

file_atime = datetime.fromtimestamp(os.path.getatime(file))

except Exception as e:

print("{0}: File Access Time Get Failed: [{1}]"

.format(now, e))

if file_atime < days_ago:

if os.path.isfile(file):

try:

if not debug:

print("{0}: Removing file: [{1}]"

.format(now, file))

os.remove(file)

else:

print("{0}: DEBUG: Removing file: [{1}]"

.format(now, file))

except OSError as e:

print("{0}: File Clean Up Failed: [{1}]"

.format(now, e))

sys.exit(1)

# main function.

def main():

find_files(dirs_to_clean)

if __name__ == "__main__":

main()

[jasonr@sb-jralph-8 ~]$ python3 finder.py --days_ago 90 --debug yes
2022-07-07 11:22:57.524454: DEBUG: Removing file: [/home/jasonr/aws/dist/awscli/examples/emr/create-cluster-synopsis.txt]
2022-07-07 11:22:57.524454: DEBUG: Removing file: [/home/jasonr/aws/dist/cryptography-3.3.2-py3.8.egg-info/top_level.txt]
2022-07-07 11:22:57.524454: DEBUG: Removing file: [/home/jasonr/aws/dist/docutils/parsers/rst/include/README.txt]
2022-07-07 11:22:57.524454: DEBUG: Removing file: [/home/jasonr/aws/dist/docutils/parsers/rst/include/isoamsa.txt]
2022-07-07 11:22:57.524454: DEBUG: Removing file: [/home/jasonr/aws/dist/docutils/parsers/rst/include/isoamsb.txt]
2022-07-07 11:22:57.524454: DEBUG: Removing file: [/home/jasonr/aws/dist/docutils/parsers/rst/include/isoamsc.txt]

[jasonr@sb-jralph-8 ~]$ python3 finder.py --days_ago 90 --debug yes

2022-07-07 11:22:57.524454: DEBUG: Removing file: [/home/jasonr/aws/dist/awscli/examples/emr/create-cluster-synopsis.txt]

2022-07-07 11:22:57.524454: DEBUG: Removing file: [/home/jasonr/aws/dist/cryptography-3.3.2-py3.8.egg-info/top_level.txt]

2022-07-07 11:22:57.524454: DEBUG: Removing file: [/home/jasonr/aws/dist/docutils/parsers/rst/include/README.txt]

2022-07-07 11:22:57.524454: DEBUG: Removing file: [/home/jasonr/aws/dist/docutils/parsers/rst/include/isoamsa.txt]

2022-07-07 11:22:57.524454: DEBUG: Removing file: [/home/jasonr/aws/dist/docutils/parsers/rst/include/isoamsb.txt]

2022-07-07 11:22:57.524454: DEBUG: Removing file: [/home/jasonr/aws/dist/docutils/parsers/rst/include/isoamsc.txt]

AWS EMR ImportError: this version of pandas is incompatible with numpy < 1.17.3

May 10, 2022August 5, 2022 admin7 Comments

I found another one that I thought was worth writing a quick blog post about. We use AWS Elastic Map Reduce with transient clusters, so in order to get the python libraries installed, we need to use the bootstrap feature. We ran into many issues trying the standard bootstrap script which looked something like this:

[09:43:14] jason@jralph-mbp14:~ $ cat bootstrap.sh
aws s3 cp s3://bucket1-us-east-1/EMR/requirements.txt .
sudo python3 -m pip install -r requirements.txt

[09:43:14] jason@jralph-mbp14:~ $ cat bootstrap.sh

aws s3 cp s3://bucket1-us-east-1/EMR/requirements.txt .

sudo python3 -m pip install -r requirements.txt

The contents of requirements.txt looked like this:

[09:43:14] jason@jralph-mbp14:~ $ cat requirements.txt
boto3
botocore
awscli
requests
scikit-learn
numpy
pandas

[09:43:14] jason@jralph-mbp14:~ $ cat requirements.txt

boto3

botocore

awscli

requests

scikit-learn

numpy

pandas

We would get all the nodes in the cluster to bootstrap properly however the logs showed the following:

Traceback (most recent call last):
  File "analysis.py", line 6, in <module>
    import pandas as pd
  File "/usr/local/lib64/python3.7/site-packages/pandas/__init__.py", line 22, in <module>
    from pandas.compat import (
  File "/usr/local/lib64/python3.7/site-packages/pandas/compat/__init__.py", line 15, in <module>
    from pandas.compat.numpy import (
  File "/usr/local/lib64/python3.7/site-packages/pandas/compat/numpy/__init__.py", line 27, in <module>
    f"this version of pandas is incompatible with numpy < {_min_numpy_ver}\n"
ImportError: this version of pandas is incompatible with numpy < 1.17.3
your numpy version is 1.16.5.
Please upgrade numpy to >= 1.17.3 to use this pandas version

Traceback (most recent call last):

File "analysis.py", line 6, in <module>

import pandas as pd

File "/usr/local/lib64/python3.7/site-packages/pandas/__init__.py", line 22, in <module>

from pandas.compat import (

File "/usr/local/lib64/python3.7/site-packages/pandas/compat/__init__.py", line 15, in <module>

from pandas.compat.numpy import (

File "/usr/local/lib64/python3.7/site-packages/pandas/compat/numpy/__init__.py", line 27, in <module>

f"this version of pandas is incompatible with numpy < {_min_numpy_ver}\n"

ImportError: this version of pandas is incompatible with numpy < 1.17.3

your numpy version is 1.16.5.

Please upgrade numpy to >= 1.17.3 to use this pandas version

And when trying to import from pyspark, we saw this:

Traceback (most recent call last):
  File "analysis.py", line 6, in <module>
    import pandas as pd
ModuleNotFoundError: No module named 'pandas'

Traceback (most recent call last):

File "analysis.py", line 6, in <module>

import pandas as pd

ModuleNotFoundError: No module named 'pandas'

After speaking with AWS support, it turns out this was a known issue. When a cluster is launched, EMR first provisions the EC2 instances, after that it runs the bootstrap actions. Thus, when the bootstrap action runs, it installs the desired version. However, since the applications are installed after the bootstrap action, these applications override the custom installation for the Python packages. In order to get around the issue of the version being overridden, the workaround is to make use of a Bootstrap Action that delays the installation of the packages until the nodes are fully up and running. This will resolve the conflict that we have been seeing with pandas and numpy. Here is what our final working bootstrap.sh looks like, hope this helps, it was a tough one to solve:

#!/bin/bash
set -x

cat > /var/tmp/fix-bootstap.sh <<'EOF'
#!/bin/bash
set -x

while true; do
    NODEPROVISIONSTATE=`sed -n '/localInstance [{]/,/[}]/{
    /nodeProvisionCheckinRecord [{]/,/[}]/ {
    /status: / { p }
    /[}]/a
    }
    /[}]/a
    }' /emr/instance-controller/lib/info/job-flow-state.txt | awk ' { print $2 }'`

    if [ "$NODEPROVISIONSTATE" == "SUCCESSFUL" ]; then
        echo "Running my post provision bootstrap"
        # Enter your code here
        sudo python3 -m pip install --upgrade pip
        sudo python3 -m pip install boto3
        sudo python3 -m pip install botocore
        sudo python3 -m pip install sklearn
        sudo python3 -m pip install requests
        sudo python3 -m pip install numpy
        sudo python3 -m pip install pandas
        echo '-------BOOTSTRAP COMPLETE-------' 

        exit
    else
        echo "Sleeping Till Node is Provisioned"
        sleep 10
    fi
done

EOF

chmod +x /var/tmp/fix-bootstap.sh
nohup /var/tmp/fix-bootstap.sh  2>&1 &

#!/bin/bash

set -x

cat > /var/tmp/fix-bootstap.sh <<'EOF'

#!/bin/bash

set -x

while true; do

NODEPROVISIONSTATE=`sed -n '/localInstance [{]/,/[}]/{

/nodeProvisionCheckinRecord [{]/,/[}]/ {

/status: / { p }

/[}]/a

}

/[}]/a

}' /emr/instance-controller/lib/info/job-flow-state.txt | awk ' { print $2 }'`

if [ "$NODEPROVISIONSTATE" == "SUCCESSFUL" ]; then

echo "Running my post provision bootstrap"

# Enter your code here

sudo python3 -m pip install --upgrade pip

sudo python3 -m pip install boto3

sudo python3 -m pip install botocore

sudo python3 -m pip install sklearn

sudo python3 -m pip install requests

sudo python3 -m pip install numpy

sudo python3 -m pip install pandas

echo '-------BOOTSTRAP COMPLETE-------'

exit

else

echo "Sleeping Till Node is Provisioned"

sleep 10

done

EOF

chmod +x /var/tmp/fix-bootstap.sh

nohup /var/tmp/fix-bootstap.sh 2>&1 &

10 Year Anniversary: www.jasonralph.org

April 18, 2022April 18, 2022 adminLeave a comment

I had not posted too much lately, lots of stuff going on with my work and personal life, my wife and I moved into a new house in 2022, and for work we have been grinding on a large migration. I looked at my blog this morning and noticed that I have had this spare time project running for 10 years.

So for 10 years I have had jasonralph.org up and continuously available, with analytics, it started in my apartment on an old IBM stand alone server, it now runs on a single Rocky Linux 8 VM from linode for 10 dollars a month. I hope to have some new content soon, but for now, I am happy for the 10 year anniversary.

AWS Apache Managed Airflow EMR ModuleNotFoundError: No module named ‘requests’ Bootstrap

November 2, 2021November 9, 2021 adminLeave a comment

I came across another fun one the other day, we are in the process of migrating our on premise elastic map reduce system into the cloud. We are using AWS EMR and have AWS Managed Airflow as the executor (DAG). We came across an odd situation with a pyspark application. When using Airflow with a SparkSubmitHook, the job would bootstrap looking just fine according to the run logs, however it would fail with No module named 'requests' when the application tried to import it. This was very odd since we have this application running from spark-submit just fine when calling it from the master node command line.

I decided to investigate the differences, our bootstrap script for installing python modules via pip which we call from the EMR API RunJobFlow call looks like this:

#!/bin/bash
pip_bin=pip3
${pip_bin} install --user -U pip
${pip_bin} install --user boto3
${pip_bin} install --user boto
${pip_bin} install --user requests
${pip_bin} install --user psycopg2-binary

#!/bin/bash

pip_bin=pip3

${pip_bin} install --user -U pip

${pip_bin} install --user boto3

${pip_bin} install --user boto

${pip_bin} install --user requests

${pip_bin} install --user psycopg2-binary

This is very basic, all it does is upgrade PIP and run PIP install to install each of the modules. When checking the bootstrap log I can see that PIP upgrades and goes out to the repo and installs the packages just fine. So why were we getting the No module named 'requests' error when executing through airflow. After a ton of googling and research I have found the issue and applied a solution that worked. Turns out airflow will run as the root user when bootstrapping, so if you notice we use the --user argument in pip. This will instruct the packages to be installed in the calling users home directory, the kicker is the code is run by the hadoop user on the EMR cluster nodes after executing from airflow. So turns out, the hadoop user is unable to access the requests module since root installed it with --user. I changed the bootstrap script to the following and it all started working, by removing --user and prefixing with sudo, the packages now get installed in a globally available area for all users. I am sure there are better ways to do this, I am still learning and researching, but if you run into this, the change below with get you out of the woods.

#!/bin/bash
sudo python3 -m pip install \
                        boto3 \
	                    boto \
		                requests \
                        psycopg2-binary

#!/bin/bash

sudo python3 -m pip install \

boto3 \

boto \

requests \

psycopg2-binary

After some further research, and testing we decided to utilize a requirements.txt file to be called by the bootstrap shell script in the RunJobFlow call, first create a requirements.txt file, I like to hardcode the versions so nothing changes unexpectedly as you bootstrap a new cluster and it reaches out to PyPy to get the packages.

https://docs.aws.amazon.com/emr/latest/APIReference/API_RunJobFlow.html

Add your desired packages and version numbers to a file called requirements.txt like below:

boto3==1.17.54
boto==2.49.0
requests==2.18.4
psycopg2-binary==2.8.6

boto3==1.17.54

boto==2.49.0

requests==2.18.4

psycopg2-binary==2.8.6

Then you will need to copy this file into a bucket you have access to:

aws s3 cp requirements.txt s3://YOUR_S3_BUCKET_NAME/requirements.txt

1	aws s3 cp requirements.txt s3://YOUR_S3_BUCKET_NAME/requirements.txt

Then create a shell script that has the following, call it bootstrap.sh:

#!/bin/bash

set -x 

echo '-----------RUNNING BOOTSTRAP------------------------'

echo '-----------COPYING REQUIREMENTS FILE LOCALLY--------'

aws s3 cp s3://YOUR_S3_BUCKET_NAME/requirements.txt .

echo '-----------INSTALLING REQUIREMENTS------------------'

sudo python3 -m pip install -r requirements.txt

echo '-----------DONE BOOTSTRAP---------------------------'

#!/bin/bash

set -x

echo '-----------RUNNING BOOTSTRAP------------------------'

echo '-----------COPYING REQUIREMENTS FILE LOCALLY--------'

aws s3 cp s3://YOUR_S3_BUCKET_NAME/requirements.txt .

echo '-----------INSTALLING REQUIREMENTS------------------'

sudo python3 -m pip install -r requirements.txt

echo '-----------DONE BOOTSTRAP---------------------------'

Copy that shell script to your bucket:

aws s3 cp bootstrap.sh s3://YOUR_S3_BUCKET_NAME/bootstrap.sh

1	aws s3 cp bootstrap.sh s3://YOUR_S3_BUCKET_NAME/bootstrap.sh

And execute it via the bootstrap actions in the RunJobFlow EMR API call:

"BootstrapActions": [
    {
      "Name": "string",
      "ScriptBootstrapAction": {
        "Path": "s3://YOUR_S3_BUCKET_NAME/bootstrap.sh"
      }
    }
  ],

"BootstrapActions": [

{

"Name": "string",

"ScriptBootstrapAction": {

"Path": "s3://YOUR_S3_BUCKET_NAME/bootstrap.sh"

}

As you can see the shell script will be executed which will copy the requirements.txt file locally and then run pip -r against it which will install all the packages. If you want to see the log on a running cluster, you can ssh to the master node and view the logs here to see the bootstrapping take place:

/emr/instance-controller/log/bootstrap-actions

1	/emr/instance-controller/log/bootstrap-actions

You should see the stdout log as so:

-----------RUNNING BOOTSTRAP------------------
-----------COPYING REQUIREMENTS FILE LOCALLY--------
Completed 67 Bytes/67 Bytes (629 Bytes/s) with 1 file(s) remaining
download: s3://YOUR_S3_BUCKET_NAME/requirements.txt to ./requirements.txt
-----------INSTALLING REQUIREMENTS------------------
Collecting boto==2.48.0
  Downloading boto-2.48.0-py2.py3-none-any.whl (1.4 MB)
Collecting boto3==1.6.15
  Downloading boto3-1.6.15-py2.py3-none-any.whl (128 kB)
Collecting requests==2.18.4
  Downloading requests-2.18.4-py2.py3-none-any.whl (88 kB)
Collecting psycopg2-binary==2.8.6
  Downloading psycopg2_binary-2.8.6-cp37-cp37m-manylinux1_x86_64.whl (3.0 MB)
Collecting botocore<1.10.0,>=1.9.15
  Downloading botocore-1.9.23-py2.py3-none-any.whl (4.1 MB)
Collecting s3transfer<0.2.0,>=0.1.10
  Downloading s3transfer-0.1.13-py2.py3-none-any.whl (59 kB)
Requirement already satisfied: jmespath<1.0.0,>=0.7.1 in /usr/local/lib/python3.7/site-packages (from boto3==1.6.15->-r jason_requirements.txt (line 2)) (0.10.0)
Collecting urllib3<1.23,>=1.21.1
  Downloading urllib3-1.22-py2.py3-none-any.whl (132 kB)
Collecting certifi>=2017.4.17
  Downloading certifi-2021.10.8-py2.py3-none-any.whl (149 kB)
Collecting idna<2.7,>=2.5
  Downloading idna-2.6-py2.py3-none-any.whl (56 kB)
Collecting chardet<3.1.0,>=3.0.2
  Downloading chardet-3.0.4-py2.py3-none-any.whl (133 kB)
Requirement already satisfied: docutils>=0.10 in /usr/lib/python3.7/site-packages (from botocore<1.10.0,>=1.9.15->boto3==1.6.15->-r jason_requirements.txt (line 2)) (0.14)
Collecting python-dateutil<2.7.0,>=2.1
  Downloading python_dateutil-2.6.1-py2.py3-none-any.whl (194 kB)
Requirement already satisfied: six>=1.5 in /usr/local/lib/python3.7/site-packages (from python-dateutil<2.7.0,>=2.1->botocore<1.10.0,>=1.9.15->boto3==1.6.15->-r jason_requirements.txt (line 2)) (1.13.0)
Installing collected packages: boto, python-dateutil, botocore, s3transfer, boto3, urllib3, certifi, idna, chardet, requests, psycopg2-binary
  Attempting uninstall: boto
    Found existing installation: boto 2.49.0
    Uninstalling boto-2.49.0:
      Successfully uninstalled boto-2.49.0
Successfully installed boto-2.48.0 boto3-1.6.15 botocore-1.9.23 certifi-2021.10.8 chardet-3.0.4 idna-2.6 psycopg2-binary-2.8.6 python-dateutil-2.6.1 requests-2.18.4 s3transfer-0.1.13 urllib3-1.22
-----------DONE BOOTSTRAP---------------------

-----------RUNNING BOOTSTRAP------------------

-----------COPYING REQUIREMENTS FILE LOCALLY--------

Completed 67 Bytes/67 Bytes (629 Bytes/s) with 1 file(s) remaining

download: s3://YOUR_S3_BUCKET_NAME/requirements.txt to ./requirements.txt

-----------INSTALLING REQUIREMENTS------------------

Collecting boto==2.48.0

Downloading boto-2.48.0-py2.py3-none-any.whl (1.4 MB)

Collecting boto3==1.6.15

Downloading boto3-1.6.15-py2.py3-none-any.whl (128 kB)

Collecting requests==2.18.4

Downloading requests-2.18.4-py2.py3-none-any.whl (88 kB)

Collecting psycopg2-binary==2.8.6

Downloading psycopg2_binary-2.8.6-cp37-cp37m-manylinux1_x86_64.whl (3.0 MB)

Collecting botocore<1.10.0,>=1.9.15

Downloading botocore-1.9.23-py2.py3-none-any.whl (4.1 MB)

Collecting s3transfer<0.2.0,>=0.1.10

Downloading s3transfer-0.1.13-py2.py3-none-any.whl (59 kB)

Requirement already satisfied: jmespath<1.0.0,>=0.7.1 in /usr/local/lib/python3.7/site-packages (from boto3==1.6.15->-r jason_requirements.txt (line 2)) (0.10.0)

Collecting urllib3<1.23,>=1.21.1

Downloading urllib3-1.22-py2.py3-none-any.whl (132 kB)

Collecting certifi>=2017.4.17

Downloading certifi-2021.10.8-py2.py3-none-any.whl (149 kB)

Collecting idna<2.7,>=2.5

Downloading idna-2.6-py2.py3-none-any.whl (56 kB)

Collecting chardet<3.1.0,>=3.0.2

Downloading chardet-3.0.4-py2.py3-none-any.whl (133 kB)

Requirement already satisfied: docutils>=0.10 in /usr/lib/python3.7/site-packages (from botocore<1.10.0,>=1.9.15->boto3==1.6.15->-r jason_requirements.txt (line 2)) (0.14)

Collecting python-dateutil<2.7.0,>=2.1

Downloading python_dateutil-2.6.1-py2.py3-none-any.whl (194 kB)

Requirement already satisfied: six>=1.5 in /usr/local/lib/python3.7/site-packages (from python-dateutil<2.7.0,>=2.1->botocore<1.10.0,>=1.9.15->boto3==1.6.15->-r jason_requirements.txt (line 2)) (1.13.0)

Installing collected packages: boto, python-dateutil, botocore, s3transfer, boto3, urllib3, certifi, idna, chardet, requests, psycopg2-binary

Attempting uninstall: boto

Found existing installation: boto 2.49.0

Uninstalling boto-2.49.0:

Successfully uninstalled boto-2.49.0

Successfully installed boto-2.48.0 boto3-1.6.15 botocore-1.9.23 certifi-2021.10.8 chardet-3.0.4 idna-2.6 psycopg2-binary-2.8.6 python-dateutil-2.6.1 requests-2.18.4 s3transfer-0.1.13 urllib3-1.22

-----------DONE BOOTSTRAP---------------------

Hope this helps.

Node Application Stopped Sending Updates To Slack – can’t identify protocol

June 24, 2021 adminLeave a comment

I wanted to share my experience with a node application that I support. This particular application is an API, it happens to log each and every request it receives to a internal slack channel. Our team uses this channel for many things, to verify when the API is in maintenance, to check that requests are processing, to see status on the overall health of the API etc..

Once in a while out of nowhere we would stop receiving these updates to slack. I set out to troubleshoot why this may be happening, at first we thought that we were hitting the slack rate limits, which is clearly defined here:

https://api.slack.com/docs/rate-limits

However after reading the linked doc, I was skeptical. The API does serve a lot of requests, but not enough to hit their limit. We have 2 servers that send slack messages and process the API requests and when they stopped sending it would be both servers, not just one. Also we have run into this before and restarting the service fixed the issue, so I was sure we did not hit the rate limit. Also trying to send a manual slack update using curl would not work! I knew this had to be something with the linux OS itself, and not the Slack service.

I tried to use netstat to see if we were hitting some type of OS limit, and all looked well. Next I tried one of my favorite tools, LSOF, at first I grepped for deleted to see if something was being held and not released. I did not see anything that stood out, next I grepped for node and low and behold I saw this:

[root@ip-172-x-x-x ~]# lsof | grep node
--SNIP--
node       1794 nodeuser   19u     sock                0,6       0t0     651101 can't identify protocol
node       1794 nodeuser   20w      REG              202,1 209793922     294970 /opt/afs/mc_api_logs/debug.log
node       1794 nodeuser   21w      REG              202,1   2409554     274199 /opt/afs/mc_api_logs/exceptions.log
node       1794 nodeuser   22w      REG              202,1    572278     294971 /opt/afs/mc_api_logs/error.log
node       1794 nodeuser   23w      REG              202,1   2409554     274199 /opt/afs/mc_api_logs/exceptions.log
node       1794 nodeuser   24w      REG              202,1   2258649     294980 /opt/afs/mc_api_logs/warn.log
node       1794 nodeuser   25w      REG              202,1   2409554     274199 /opt/afs/mc_api_logs/exceptions.log
node       1794 nodeuser   26w      REG              202,1         0     294989 /opt/afs/mc_api_logs/info.log
node       1794 nodeuser   27w      REG              202,1   2409554     274199 /opt/afs/mc_api_logs/exceptions.log
node       1794 nodeuser   28u     IPv4              13731       0t0        TCP *:pcsync-https (LISTEN)
node       1794 nodeuser   29u     sock                0,6       0t0     512828 can't identify protocol
node       1794 nodeuser   30u     sock                0,6       0t0      14507 can't identify protocol
node       1794 nodeuser   31u     sock                0,6       0t0      14028 can't identify protocol
node       1794 nodeuser   32u     sock                0,6       0t0      15183 can't identify protocol
node       1794 nodeuser   33u     sock                0,6       0t0      15628 can't identify protocol
node       1794 nodeuser   34u     sock                0,6       0t0      16346 can't identify protocol
node       1794 nodeuser   35u     sock                0,6       0t0      15778 can't identify protocol
node       1794 nodeuser   36u     sock                0,6       0t0      16847 can't identify protocol
node       1794 nodeuser   37u     sock                0,6       0t0      17512 can't identify protocol
node       1794 nodeuser   38u     sock                0,6       0t0      25572 can't identify protocol
node       1794 nodeuser   39u     sock                0,6       0t0      18437 can't identify protocol
--SNIP--

[root@ip-172-x-x-x ~]# lsof | grep node

--SNIP--

node 1794 nodeuser 19u sock 0,6 0t0 651101 can't identify protocol

node 1794 nodeuser 20w REG 202,1 209793922 294970 /opt/afs/mc_api_logs/debug.log

node 1794 nodeuser 21w REG 202,1 2409554 274199 /opt/afs/mc_api_logs/exceptions.log

node 1794 nodeuser 22w REG 202,1 572278 294971 /opt/afs/mc_api_logs/error.log

node 1794 nodeuser 23w REG 202,1 2409554 274199 /opt/afs/mc_api_logs/exceptions.log

node 1794 nodeuser 24w REG 202,1 2258649 294980 /opt/afs/mc_api_logs/warn.log

node 1794 nodeuser 25w REG 202,1 2409554 274199 /opt/afs/mc_api_logs/exceptions.log

node 1794 nodeuser 26w REG 202,1 0 294989 /opt/afs/mc_api_logs/info.log

node 1794 nodeuser 27w REG 202,1 2409554 274199 /opt/afs/mc_api_logs/exceptions.log

node 1794 nodeuser 28u IPv4 13731 0t0 TCP *:pcsync-https (LISTEN)

node 1794 nodeuser 29u sock 0,6 0t0 512828 can't identify protocol

node 1794 nodeuser 30u sock 0,6 0t0 14507 can't identify protocol

node 1794 nodeuser 31u sock 0,6 0t0 14028 can't identify protocol

node 1794 nodeuser 32u sock 0,6 0t0 15183 can't identify protocol

node 1794 nodeuser 33u sock 0,6 0t0 15628 can't identify protocol

node 1794 nodeuser 34u sock 0,6 0t0 16346 can't identify protocol

node 1794 nodeuser 35u sock 0,6 0t0 15778 can't identify protocol

node 1794 nodeuser 36u sock 0,6 0t0 16847 can't identify protocol

node 1794 nodeuser 37u sock 0,6 0t0 17512 can't identify protocol

node 1794 nodeuser 38u sock 0,6 0t0 25572 can't identify protocol

node 1794 nodeuser 39u sock 0,6 0t0 18437 can't identify protocol

--SNIP--

My eyes went right to the “can’t identify protocol”, I opened up a browser and started to research, first hit when searching “can’t identify protocol” was a stack overflow article with the solution.

https://stackoverflow.com/questions/7911840/seeing-too-many-lsof-cant-identify-protocol

When lsof prints “Can’t identify protocol”, this usually relates to sockets (it should also say ‘sock’ in the relevant output lines).

So, somewhere in your code you are probably connecting sockets and not closing them properly (perhaps you need a finally block).

I suggest you step through your code with a debugger (easiest to use your IDE, potentially with a remote debugger, if necesssary), while running lsof side-by-side. You should eventually be able to see which thread / line of code is creating these File Descriptors.

Turns out that the node application was opening file descriptors / sockets and not closing them properly, this caused the system to hit the hard limit on open files / file descriptors. You can view the hard and soft limit like so, switch to the user that application is running as and run:

[nodeuser@ip-172-x-x-x ~]$ ulimit -Hn
4096
[nodeuser@ip-172-x-x-x ~]$ ulimit -Sn
1024

[nodeuser@ip-172-x-x-x ~]$ ulimit -Hn

4096

[nodeuser@ip-172-x-x-x ~]$ ulimit -Sn

1024

So you can see that the nodeuser has a hard limit of 4096 open files, which due to the application not properly closing them, we hit the ceiling. This explains why restarting the server or the process fixed it. It would release the open file descriptors and the system was able to open sockets again. I spoke with the developer and we researched, looks like one of the modules we were using was the cause of the issue, perhaps we were using it wrong? I found this out from this article:
https://stackoverflow.com/questions/24922745/node-js-winston-how-to-safely-drain-a-logger

Question:

I have experimented with instantiating and closing winston loggers as (half) described on https://github.com/flatiron/winston#instantiating-your-own-logger, to no avail. I run into trouble closing file transports of Winston’s – walking through it’s source code, I found that the proper way to close off a logger would seem to be the close method. I expected this to take care of closing the transport file used by the logger – however that turned out to be not so.

Varying in frequency according to node.js server load, winston would still hold on to many transport files, infinitely long after the close method had been called for them, indefinitely long after no new writes were being initiated to them. I observed that through the node.js process file descriptors table (lsof -p). Even though close has been called for a Winston logger, it would indefinitely keep the file descriptor of the log file “in use”, i.e. the log file never gets really closed. Thus leaking file descriptors and eventually making the node.js process bump into the ulimit (-n) limit after my application has been up for long.

Should there be a specific programming pattern for draining a Winston logger such that it can be eventually closed?

Answer:

Create only one logger instance and then derive children from it. In this case, winston will hold only one open file handler. Might also be better for performance.

So that was it, the developers agreed and set out to create a patch, problem solved.

Jason R. Ralph

Linux All Day Everyday

Category: General Code

Redshift Serverless Find Largest Tables

botocore.exceptions.ReadTimeoutError: Read timeout on endpoint URL: https://lambda.us-east-1.amazonaws.com

Upgrade Rocky Linux 8 to 9 CLI

AttributeError: module ‘cryptography.utils’ has no attribute ‘register_interface’

Python Linux Find Files With Pattern Accessed Older Than N Days And Remove

AWS EMR ImportError: this version of pandas is incompatible with numpy < 1.17.3

10 Year Anniversary: www.jasonralph.org

AWS Apache Managed Airflow EMR ModuleNotFoundError: No module named ‘requests’ Bootstrap

Node Application Stopped Sending Updates To Slack – can’t identify protocol