Skip to content

Reduce nonce redemption flake by giving WFE time to mark SubConns READY #8442

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
aarongable merged 2 commits into from
Oct 15, 2025
Merged

Reduce nonce redemption flake by giving WFE time to mark SubConns READY #8442

aarongable merged 2 commits into from
Oct 15, 2025

Conversation

@aarongable
Copy link
Contributor

@aarongable aarongable commented Oct 10, 2025
edited
Loading

In noncebalancer, add documentation and change names to make the roles played by each type clearer. Unexport the pickerBuilder and picker types, since they aren't directly referenced anywhere outside of the package's init function.

In the WFE, move the nonceWellFormed error message upwards into validNonce, alongside the other errors returned by that function. Change that same error message to say "malformed" rather than "invalid", to differentiate it from redemption failures and to match the corresponding metric label. Replace the JWSInvalidNonce metric label with two more-specific metric labels JWSNoBackendNonce and JWSExpiredNonce, for better insight into whether nonce redemption failures are due to backends shutting down or due to backends expiring old nonces.

Finally, in the python integration tests, increase how long we wait between retries from 10ms to (up to) 600ms. This gives the WFE's NonceRedeemer gRPC client enough time to move its SubConns from the CONNECTING state to the READY state, and in practice seems to eliminate flaky nonce redemption errors in CI.

Fixes #8385

@aarongable aarongable marked this pull request as ready for review October 10, 2025 19:05
@aarongable aarongable requested a review from a team as a code owner October 10, 2025 19:05
@aarongable aarongable requested review from beautifulentropy, jprenken and jsha and removed request for jprenken October 10, 2025 19:05
jsha
jsha approved these changes Oct 14, 2025
View reviewed changes
Copy link
Contributor

@jsha jsha left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Other than a question, this looks good to me to land as-is. During standup we discussed some additional changes to add internal logging of more details on error. I think that can land as a followup if you prefer, or as part of this PR.

@aarongable aarongable merged commit 29b3b06 into main Oct 15, 2025
12 checks passed
@aarongable aarongable deleted the nonce-flake branch October 15, 2025 16:25
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jsha jsha jsha approved these changes

@beautifulentropy beautifulentropy beautifulentropy approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

"unacceptable anti-replay nonce" integration test flake on main

4 participants

@aarongable @jsha @beautifulentropy