Deleting existing sessions

jimlambrt · December 14, 2017, 3:50pm

We’re running a POC trying to prove out a specific use case using cockroachdb. Everything has been going well until today.

I have some runaway sessions. I’ve deleted the user they are using… but that didn’t cause them to stop sending requests. I’m guessing that has to do with privs and existing sessions. I would prefer to just delete the offending sessions… all 650+ of them.

Is there anyway to delete/disconnect/rm existing sessions?

Thanks,
Jim
jim_lambert@bose.com

jordan · December 14, 2017, 4:04pm

Hi @jimlambrt,

Sorry to hear you’re experiencing this difficulty.

Can you please provide more details on what you mean by runaway sessions? Are the clients that created the sessions still sending requests, or have they stopped sending requests? Are the existing requests stalled?

Additionally, are the existing clients creating new sessions under that user?

I’m not aware of any functionality that we’ve built to forcibly terminate existing user sessions.

I’ve confirmed that dropping a user does not disconnect existing user sessions for that user, which is somewhat surprising.

If you REVOKE'd all permissions from that user, though, the user’s session should be pretty well locked down - any operation that the user tries to perform on the cluster that touches actual tables will fail.

To actually drop the sessions, I think you’d need to get the clients to close their connections. You could also reboot the gateway node, but that might be undesirable if you have other traffic on the cluster, of course.

Jordan

jimlambrt · December 14, 2017, 4:17pm

I can’t control the clients. They are on another kube cluster. I have reached out to that group… radio silence so far. It appears they kicked off some load tests using Locust and it has an UPDATE to one specific row. At this point there are 10k updates waiting to execute and more coming all the time. If I could kill the sessions, then they would be forced to reconnect and my revocation of the their user perms would stop the insanity.

jordan · December 14, 2017, 4:24pm

User privileges get revoked immediately, not upon session reconnect. If you revoked the user’s privileges, the existing sessions shouldn’t be causing any actual DB load.

Are you running in secure or insecure mode?

jimlambrt · December 14, 2017, 4:33pm

we are running in insecure mode.

jimlambrt · December 14, 2017, 8:17pm

Hi Jordan,

Any chance you’d consider adding the ability to terminate sessions?

j.

jordan · December 14, 2017, 8:21pm

There’s an open RFC about session and transaction cancellation you can take a look at here: https://github.com/cockroachdb/cockroach/pull/17252

As you can see, it’s undergone quite a bit of debate. We’re definitely interested in implementing that feature.

In the meantime, you could always try to terminate the client connections using iptables if this is a real blocker for you!

Jordan