Skip to content

fix: prevent buildkit corruption on sticky disk commit #1393

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
adityamaru wants to merge 214 commits into from
Closed

fix: prevent buildkit corruption on sticky disk commit #1393

adityamaru wants to merge 214 commits into from

Conversation

@adityamaru
Copy link

@adityamaru adityamaru commented Jul 31, 2025

Summary

  • Adds graceful shutdown validation to prevent committing corrupted buildkit state
  • Implements multiple sync operations to ensure database writes are flushed
  • Adds state validation before committing sticky disk

Problem

We've been seeing buildkit database corruption issues manifesting as:

  1. BoltDB panic: "assertion failed: Page expected to be: 188, but self identifies as 0"
  2. Overlayfs errors: "failed to rename: file exists"

These indicate buildkitd isn't properly flushing its database writes before the Ceph volume is committed.

Solution

  1. Graceful Shutdown Enforcement: Fail if buildkitd doesn't shutdown cleanly within timeout
  2. Critical Sync After Shutdown: Add sync immediately after buildkitd terminates to flush all database writes
  3. State Validation: Validate buildkit state before committing (no processes, no lock files, non-zero db files)
  4. No Commit on Failure: Don't commit sticky disk if build fails or validation fails
  5. Multiple Syncs: Add multiple sync operations before unmounting

Changes

  • Modified shutdownBuildkitd() to track graceful shutdown and fail if timeout
  • Added validateBuildkitState() to check for corruption indicators
  • Added sync operations at critical points
  • Prevention of sticky disk commit on any failure condition

Testing

  • Test with normal successful builds
  • Test with builds that fail
  • Test with buildkitd that doesn't shutdown gracefully
  • Monitor for corruption issues in staging

🤖 Generated with Claude Code

adityamaru and others added 30 commits September 11, 2024 20:08
@adityamaru
*: basic scaffolding for build-push-action
29a5593 
1. Checks we have buildx installed
2. Configures a remote builder if we get an address back
3. Uses the already configured builder if we don't get an address back

This change does not plumb the dockerfile path through as the entity,
and does not differentiate a failed build from a succesful to report
to anvil in the post step yet.
@adityamaru
src: add logic to report differently on success and failure
fca077e
@aayushshah15
plumb through the dockerfile path when creating a build_task
cb250fe
@aayushshah15
configure a local builder using the docker-container driver as a fa…
595f5a7 
…llback
@aayushshah15
Merge pull request #1 from useblacksmith/wireup-remote-docker-build
c2b089e 
*: basic scaffolding for build-push-action
@aayushshah15
log specific warning when no builder instances are available (#2)
79167f5
@aayushshah15
point to anvil staging environment (#3)
fd041da
@aayushshah15
log anvil url (#4)
ea26987
@aayushshah15
npm run build (#5)
d135977
@aayushshah15
point to fly staging (#6)
84699d1
@aayushshah15
add a fallback input (#7)
294f759
@aayushshah15
fix typo (#8)
30b096e
@aayushshah15
log the submitted build task id
2d18077
@aayushshah15
additional logging
242068a
@aayushshah15
retry ephemeral anvil errors
bd6be25
@aayushshah15
misc cleanup
f261a98
@aayushshah15
improve error logs
b15cec1
@aayushshah15
log abandonment url
2b966d1
@aayushshah15
plumb task id through to abandon call
828fa88
@aayushshah15
include e2e builder launch time the complete request payload (#9)
cb07435
@aayushshah15
normalize dockerfile paths
5158225
@aayushshah15
log the prefix task id since its more user readable
c675e14
@aayushshah15
revert back to logging task id
717de04
@aayushshah15
retry on ephemeral http errors (#10)
2fe866c
@aayushshah15
only retry build task submission on ephemeral server errors (#11)
9c81a9e
@aayushshah15
improve error logging
6960b24
@aayushshah15
tls (#12)
3f6698f 
* tls

* set up tls while creating the remote builder
@aayushshah15
rely on GITHUB_REPOSITORY to get the repo name
6f17c30
@aayushshah15
point staging runs to staging anvil
6f9ad79
@adityamaru
*: teach action to hot load sticky disks
3b1df39 
This change teaches the build push action to request a stickydisk
every time it runs. Once the SD is hotloaded the VM will mount
the buildkit root dir and starts buildkitd.
adityamaru and others added 28 commits April 15, 2025 21:37
@adityamaru
Merge pull request #109 from useblacksmith/use-port-env
49f6d18 
src: use port from env
@adityamaru
src: move buildkit prune to cleanup stage and invoke it inline
c801859 
Previously, we were firing off an async buildkit prune to clean
up layers unused in 14 days. This changes that to cleanup layers
unused in 7 days and fires it off inline on cleanup. It just seems
easier to reason about that way.
@adityamaru
Merge pull request #110 from useblacksmith/move-prune
550edf2 
src: move buildkit prune to cleanup stage and invoke it inline
@adityamaru
.github: update bump_tags_to_master.yaml
5646913 
Signed-off-by: Aditya Maru <[email protected]>
@adityamaru
src: only commit stickydisk in post step if in setup-only
296109d 
Firstly this was a bug where we were trying to commit in the post
step even if we had already committed at the end of the main step in
a non-setup-only invocation.

Secondly, if the action is canceled before the exposeID is set in the main
process, we don't want to send a commit request with an empty exposeID.
@adityamaru
Merge pull request #111 from useblacksmith/fix-unnecessary-commti
7af3b3a 
src: only commit stickydisk in post step if in setup-only
@adityamaru
src: print the port bpa is trying to hit
41a36ac
@adityamaru
Merge pull request #112 from useblacksmith/debug-port
5501e3f 
src: print the port bpa is trying to hit
@adityamaru
src: more debug logs
e84bc1a
@adityamaru
Merge pull request #113 from useblacksmith/newlogs
f0d8aee 
src: more debug logs
@adityamaru
src: add ping before get stickydisk
1868624
@adityamaru
Merge pull request #114 from useblacksmith/add-up-ping
198ccc9 
src: add ping before get stickydisk
@adityamaru
src: add a retry with backoff to combat 429s when downloading buildkit
9dbab7f
@adityamaru
Merge pull request #115 from useblacksmith/buildx-ratelimit
e09a088 
src: add a retry with backoff to combat 429s when downloading buildkit
@adityamaru
*: allow users to pass in a buildx version
28c2447
@adityamaru
Merge pull request #116 from useblacksmith/bump-buildkitd
68105fc 
*: allow users to pass in a buildx version
@adityamaru
action: add missing option string
d2acb06
@adityamaru
Merge pull request #117 from useblacksmith/add-missing-option
6fe3b1c 
action: add missing option string
@adityamaru @claude
fix: use correct platform when creating remote buildx builder
a7fa33c 
The remote builder was hardcoded to use --platform linux/amd64
regardless of user input or runner architecture. This caused
performance issues on ARM runners and cache inefficiencies.

Now properly uses the platforms input or detects host architecture
to avoid unnecessary QEMU emulation and improve build performance.

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <[email protected]>
@adityamaru @claude
test: fix platform test to work on both ARM and AMD runners
616bee0 
The test was hardcoded to expect arm64 platform, causing failures
on AMD runners. Now checks actual host architecture dynamically.

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <[email protected]>
@adityamaru
.github: add docker workflow
51bef8c
@adityamaru
Merge pull request #118 from useblacksmith/builder-misconfig
4fac798 
fix: use correct platform when creating remote buildx builder
@adityamaru
.github: add v1.2 to bump_tags_to_master.yaml
574eb0e 
Signed-off-by: Aditya Maru <[email protected]>
@adityamaru
src: use BLACKSMITH prefixed VM ID env var
a037e6f
@adityamaru
Merge pull request #120 from useblacksmith/change-env
4e97fd3 
src: use BLACKSMITH prefixed VM ID env var
@adityamaru
src: only prune if buildkitd was spun up
f9f71c9
@adityamaru
Merge pull request #119 from useblacksmith/grpc-fallbakc
ac765fe 
src: only prune if buildkitd was spun up
@adityamaru @claude
fix: prevent buildkit corruption on sticky disk commit
afff3d4 
- Add graceful shutdown validation - fail if buildkitd doesn't shutdown cleanly
- Add sync after buildkitd termination to flush database writes
- Add buildkit state validation before committing sticky disk
- Prevent sticky disk commit on build failures
- Add multiple sync operations before unmounting
- Add buildkit validation utilities to check database integrity

This should prevent the BoltDB corruption issues we've been seeing.

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <[email protected]>
@adityamaru adityamaru closed this Jul 31, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@adityamaru adityamaru

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@adityamaru @aayushshah15 @claude