Circuit breaker changes using pybreaker #705
Conversation
Signed-off-by: Nikhil Suri <nikhil.suri@databricks.com>
Signed-off-by: Nikhil Suri <nikhil.suri@databricks.com>
Signed-off-by: Nikhil Suri <nikhil.suri@databricks.com>
Signed-off-by: Nikhil Suri <nikhil.suri@databricks.com>
nikhilsuri-db
had a problem deploying
to
azure-prod
GitHub Actions
Failure
nikhilsuri-db
had a problem deploying
to
azure-prod
GitHub Actions
Failure
|
Thanks for your contribution! To satisfy the DCO policy in our contributing guide every commit message must include a sign-off message. One or more of your commits is missing this message. You can reword previous commit messages with an interactive rebase ( |
nikhilsuri-db
temporarily deployed
to
azure-prod
GitHub Actions
Inactive
nikhilsuri-db
had a problem deploying
to
azure-prod
GitHub Actions
Failure
|
Thanks for your contribution! To satisfy the DCO policy in our contributing guide every commit message must include a sign-off message. One or more of your commits is missing this message. You can reword previous commit messages with an interactive rebase ( |
nikhilsuri-db
temporarily deployed
to
azure-prod
GitHub Actions
Inactive
Signed-off-by: Nikhil Suri <nikhil.suri@databricks.com>
Signed-off-by: Nikhil Suri <nikhil.suri@databricks.com>
Signed-off-by: Nikhil Suri <nikhil.suri@databricks.com>
Signed-off-by: Nikhil Suri <nikhil.suri@databricks.com>
Signed-off-by: Nikhil Suri <nikhil.suri@databricks.com>
Signed-off-by: Nikhil Suri <nikhil.suri@databricks.com>
Signed-off-by: Nikhil Suri <nikhil.suri@databricks.com>
Signed-off-by: Nikhil Suri <nikhil.suri@databricks.com>
Signed-off-by: Nikhil Suri <nikhil.suri@databricks.com>
Signed-off-by: Nikhil Suri <nikhil.suri@databricks.com>
nikhilsuri-db
force-pushed
the
PECOBLR-993
branch
from
c83cba7 to
e7e8b4b
Compare
nikhilsuri-db
temporarily deployed
to
azure-prod
GitHub Actions
Inactive
nikhilsuri-db
temporarily deployed
to
azure-prod
GitHub Actions
Inactive
Signed-off-by: Nikhil Suri <nikhil.suri@databricks.com>
nikhilsuri-db
had a problem deploying
to
azure-prod
GitHub Actions
Failure
nikhilsuri-db
temporarily deployed
to
azure-prod
GitHub Actions
Inactive
| ) | ||
|
|
||
|
|
||
| class CircuitBreakerStateListener(CircuitBreakerListener): |
There was a problem hiding this comment.
Only used for logging purposed for now
nikhilsuri-db
had a problem deploying
to
azure-prod
GitHub Actions
Failure
nikhilsuri-db
had a problem deploying
to
azure-prod
GitHub Actions
Failure
Signed-off-by: Nikhil Suri <nikhil.suri@databricks.com>
nikhilsuri-db
had a problem deploying
to
azure-prod
GitHub Actions
Failure
nikhilsuri-db
had a problem deploying
to
azure-prod
GitHub Actions
Failure
nikhilsuri-db
had a problem deploying
to
azure-prod
GitHub Actions
Failure
nikhilsuri-db
had a problem deploying
to
azure-prod
GitHub Actions
Failure
|
Thanks for your contribution! To satisfy the DCO policy in our contributing guide every commit message must include a sign-off message. One or more of your commits is missing this message. You can reword previous commit messages with an interactive rebase ( |
| { version = ">=18.0.0", python = ">=3.13", optional=true } | ||
| ] | ||
| pyjwt = "^2.0.0" | ||
| pybreaker = "^1.0.0" |
There was a problem hiding this comment.
@vikrantpuppala Can we be sure that adding new library won't break any other client usage?
| pool_connections: Optional[int] = None, | ||
| pool_maxsize: Optional[int] = None, | ||
| user_agent: Optional[str] = None, | ||
| telemetry_circuit_breaker_enabled: Optional[bool] = None, |
There was a problem hiding this comment.
Will make it true in next PR post end to end testing
| logger.error("HTTP request failed after retries: %s", e) | ||
| raise RequestError(f"HTTP request failed: {e}") | ||
|
|
||
| # Try to extract HTTP status code from the MaxRetryError |
There was a problem hiding this comment.
setting http_code here which will be used by CircuitBreaker to consider regression in telemetry endpoint
|
|
||
|
|
||
| @dataclass(frozen=True) | ||
| class CircuitBreakerConfig: |
There was a problem hiding this comment.
Single object to store CB config
| return breaker | ||
|
|
||
| @classmethod | ||
| def _create_noop_circuit_breaker(cls) -> CircuitBreaker: |
There was a problem hiding this comment.
In cases where client config setup failed or used by test cases.
Signed-off-by: Nikhil Suri <nikhil.suri@databricks.com>
nikhilsuri-db
force-pushed
the
PECOBLR-993
branch
from
92eee84 to
2b45814
Compare
nikhilsuri-db
had a problem deploying
to
azure-prod
GitHub Actions
Failure
nikhilsuri-db
had a problem deploying
to
azure-prod
GitHub Actions
Failure
Signed-off-by: Nikhil Suri <nikhil.suri@databricks.com>
nikhilsuri-db
had a problem deploying
to
azure-prod
GitHub Actions
Failure
nikhilsuri-db
had a problem deploying
to
azure-prod
GitHub Actions
Failure
Signed-off-by: Nikhil Suri <nikhil.suri@databricks.com>
nikhilsuri-db
had a problem deploying
to
azure-prod
GitHub Actions
Failure
nikhilsuri-db
had a problem deploying
to
azure-prod
GitHub Actions
Failure
Signed-off-by: Nikhil Suri <nikhil.suri@databricks.com>
nikhilsuri-db
had a problem deploying
to
azure-prod
GitHub Actions
Failure
nikhilsuri-db
had a problem deploying
to
azure-prod
GitHub Actions
Failure
nikhilsuri-db
had a problem deploying
to
azure-prod
GitHub Actions
Failure
Signed-off-by: Nikhil Suri <nikhil.suri@databricks.com>
nikhilsuri-db
had a problem deploying
to
azure-prod
GitHub Actions
Failure
nikhilsuri-db
had a problem deploying
to
azure-prod
GitHub Actions
Failure
Signed-off-by: Nikhil Suri <nikhil.suri@databricks.com>
nikhilsuri-db
temporarily deployed
to
azure-prod
GitHub Actions
Inactive
nikhilsuri-db
temporarily deployed
to
azure-prod
GitHub Actions
Inactive
| This allows telemetry to fail silently without raising exceptions. | ||
| """ | ||
| from unittest.mock import Mock |
There was a problem hiding this comment.
umm, using test imports in production code is intended here?
|
|
||
| # Clear any existing state | ||
| CircuitBreakerManager._instances.clear() | ||
| CircuitBreakerManager.initialize(CircuitBreakerConfig()) |
There was a problem hiding this comment.
Do we need to add a similar initialization in main function too?
| self.pool_connections = pool_connections or 10 | ||
| self.pool_maxsize = pool_maxsize or 20 | ||
| self.user_agent = user_agent | ||
| self.telemetry_circuit_breaker_enabled = bool(telemetry_circuit_breaker_enabled) |
There was a problem hiding this comment.
should we not add this to build_client_context too?
| """ | ||
| config = cls._config | ||
| if config is None: | ||
| raise RuntimeError("CircuitBreakerManager not initialized") |
There was a problem hiding this comment.
we shouldn't be throwing errors at all, I suppose?
| # The reason may contain a response object with status | ||
| http_code = getattr(e.reason.response, "status", None) | ||
| elif ( | ||
| hasattr(e, "response") |
There was a problem hiding this comment.
nit : these ~30 lines feels like it would live more happily in a helper
| # Try to extract HTTP status code from the MaxRetryError | ||
| http_code = None | ||
| if ( | ||
| hasattr(e, "reason") |
There was a problem hiding this comment.
great to see the defensive approach with urlLib object structure ! we have had several compatibility issue with this library before (I also remember a sev1 once), also can you double check if this is the expected structure once?
There was a problem hiding this comment.
(I meant across versions. see internal doc for more context on the type of issues we get)
| Returns: | ||
| CircuitBreaker instance for the host | ||
| """ | ||
| if not cls._config: |
There was a problem hiding this comment.
Can we have this inside lock too?
What type of PR is this?
Description
This PR introduces a circuit breaker pattern to the telemetry system to prevent cascading failures and improve system resilience. The implementation uses the pybreaker library to monitor telemetry request failures and automatically open the circuit when failure rates exceed configurable thresholds, blocking further requests to protect downstream services. When the circuit is open, telemetry requests are temporarily blocked until the system recovers, at which point the circuit transitions to half-open for testing and eventually closes when normal operation resumes. The circuit breaker configuration is centralized with immutable settings, includes comprehensive logging for monitoring, and maintains full backward compatibility with existing telemetry functionality.
How is this tested?
Related Tickets & Documents
https://docs.google.com/document/d/1ftRvby9bwDZzE3s1tOb4hJ4Pd9USiXskb9cDw-uQNPM/edit?usp=sharing