This is probably inconsistent, not thought out, maybe even wrong. Use this information with care.
I wanted to share a complexity of executing a rsyslog ruleset in non-SIMD mode, which means one message is processed after each other. This posting is kind of a think tank and may also later be useful for others to understand design and design decisions. Note, however, that I do not guarantee that anything will be implemented as described here.
- transaction is begun
- messages are feed to the action
- transaction is stopped
This plays very well with the current SIMD engine, which advances processing one statement after the other, and then processed the batch as whole. That means all three steps are done at one instance when the relevant statement is processed. This permits the engine to read the final result before advancing state to the next action.
- if execIfPreviousIsSuspended is specified, the statement in front of it must be forced to commit after each message (which costs quite a lot of performance, but at least only if the users turns on that feature)
- To mitigate the performance loss of those auto-commits, we could add a new syntax which explicitly permits to specify failover actions. These could be linked to the primary statement and NOT be executed during regular rule engine execution. We would still need to buffer (message pointers) for the case they are to be executed, but that's probably better. Most importantly, there would be no other conditional logic supported, which makes processing them rather quickly.
- The message object must support a kind of "copy on write" (which would even be very useful with the v7 engine, which also permits more updates than any pre-v8 engine ever was designed for...). This could be done by splitting the (traditional) immutable part of the message structure from things like variables. Message modification modules modifying the "immutable" part would need to do a full copy, others not (the usual case). Of course, this copy on update can make variable operations rather costly.
- Output modules could be forced to perform a kind of "retry commit" -- but this is a bad option because it a) puts (repetitive) burden on the output (in essence, the output faces exactly the same problems like the core engine, EXCEPT probably that it knows better which exact data items it needs -- easy for traditional template based interface). b) it removes from the engine the ability to re-try parts of the transaction. So this is not very appealing.
- In any case, the actual "action retry handling" should probably be applied to the commit interface, far less than the usual submit interface.
To solve these issues, a two-step execution inside the rule system seems desireable:
- execution phase
- commit phase
In any case, using action queues to perform these two steps seems very natural and desirable. Unfortunately, there is still considerate overhead attached to this (mutex operations, required context switches), which makes this very unattractive. The end result if taking this path probably would be a reduced overall processing speed, something we really don't like to see. Also, failover processing would not work if following that path.
- advance message state - message modification (mm) modules must be called immediately
- "shuffle" msgs to actions - the main concern here is to make sure that the action sees an immutable action object, at least in regard to what it needs from it (we may need to add an entry point to ask the action to extract whatever it actually needs and return a pointer to that - not necessary for simple strings, for a prominent example).
Note that doAction is never called for non mm-modules.
For each action with data, we submit the data to its action, performing all three steps. This way, we can easily keep track of the state advancement and action errors. It would be easy to implement dedicated failover processing at this stage (but this probably requires larger state info if the failover action is different from the primary one).
This two-phase approach somewhat resembles the original batching/SIMD idea of the pre-v8 engine. So it looks like this design was well up to the point of what we need to do. I am still a bit undecided if doing these engine changes are really worth it, but so far code clarity seem to be much better. Performance possibly as well, as the SIMD needed to carry a lot of state around as well.
I will now probably do a test implementation of the two-phase approach, albeit only for the traditional string interface.
Some ideas/results from the test implementation:
- The structure used to store messages could -LATER- be made the structure that is actually queued in action queues, enabling for faster performance (in-memory) and unified code.
- Note: an advantage on storing the result string template vs. the message object between phases is of advantage as we do not need to keep the message immutable for this reason. It needs to be seen, though, if that really is an advantage from the overall picture (the question is can we get to a point where we actually do NOT need to do copy-on-write -- obviously this would be the case if one string templates are used).