Add retries to notification calls #125
There are no files selected for viewing
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -166,16 +166,9 @@ func (me *AndroidNotificationServer) SendNotification(msg *PushNotification) Pus | |
| }, | ||
| } | ||
|
|
||
| me.logger.Infof("Sending android push notification for device=%v type=%v ackId=%v", me.AndroidPushSettings.Type, msg.Type, msg.AckID) | ||
|
|
||
| err := me.SendNotificationWithRetry(fcmMsg, 0) | ||
|
|
||
| if err != nil { | ||
| me.logger.Errorf("Failed to send FCM push sid=%v did=%v err=%v type=%v", msg.ServerID, msg.DeviceID, err, me.AndroidPushSettings.Type) | ||
|
|
@@ -220,3 +213,33 @@ func (me *AndroidNotificationServer) SendNotification(msg *PushNotification) Pus | |
| } | ||
| return NewOkPushResponse() | ||
| } | ||
|
|
||
| func isRetriableError(err error) bool { | ||
| // Any error that is not a known error, but the Internal error | ||
| return !(messaging.IsUnregistered(err) || | ||
| messaging.IsInvalidArgument(err) || | ||
| messaging.IsQuotaExceeded(err) || | ||
| messaging.IsSenderIDMismatch(err) || | ||
| messaging.IsThirdPartyAuthError(err)) | ||
| } | ||
|
|
||
| func (me *AndroidNotificationServer) SendNotificationWithRetry(fcmMsg *messaging.Message, retry int) error { | ||
| ctx, cancel := context.WithTimeout(context.Background(), me.sendTimeout) | ||
| defer cancel() | ||
|
|
||
| start := time.Now() | ||
| _, err := me.client.Send(ctx, fcmMsg) | ||
| if me.metrics != nil { | ||
| me.metrics.observerNotificationResponse(PushNotifyAndroid, time.Since(start).Seconds()) | ||
|
There was a problem hiding this comment. Should we add in the metrics the rety attempt? I don't see the counter being added to the metrics There was a problem hiding this comment. The counter would go after all the retries. No need to mark it as a failure if we are retrying. We could add some different metric for that though. 0/5 There was a problem hiding this comment. Yes I think we should add a metrics/ligs at least to have some idea that is indeed happening and why, that way it would allows us to narrow down what could be causing future double notifications etc... |
||
| } | ||
|
|
||
| if isRetriableError(err) { | ||
| me.logger.Errorf("Failed to send android push did=%v retry=%v error=%v", fcmMsg.Token, retry, err) | ||
| if nextIteration := retry + 1; nextIteration < MAX_RETRIES { | ||
| return me.SendNotificationWithRetry(fcmMsg, nextIteration) | ||
|
There was a problem hiding this comment. Should we add a wait here before immediately retrying? In the server we do exponential backoff times to give it some time if it's a network hiccup or some sort before continuously retrying - see https://github.com/mattermost/mattermost/blob/master/server/channels/utils/backoff.go#L14-L15 Also in the CWS we use a backoff library that is the same concept https://github.com/mattermost/customer-web-server/blob/master/app/cloud.go#L204 |
||
| } | ||
|
There was a problem hiding this comment. Should we add a metric or log showing that the max retries was reached? There was a problem hiding this comment. Yes, we probably should. |
||
| me.logger.Errorf("Max retries reached did=%v", fcmMsg.Token) | ||
| } | ||
|
|
||
| return err | ||
| } | ||
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
For Android, retries are already built-in to the HTTP client: https://github.com/firebase/firebase-admin-go/blob/6a28190d0d30fe0134648566c7e89f8635a51672/messaging/messaging.go#L892.
There is no need to do anything. In future, please feel free to ask me for review or take a deeper look at the documentation. :)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I missed that. Thank you for pointing it out!
That being said, the reason we are retrying is, among others, because FCM may return a "internal server error", which looking around the web, seems to be a fluke in their system, and that we just have to retry.
Looking at the internals, I see that only
serviceUnavailablestatus is retried, so other problems (like the context timing out, or this internal server error) won't get retried. Am I right?If that is so, how would you approach this?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I would trust on the implementation to be correct on which status codes to retry on. Also, any network errors like timeouts are also retried.
So the only missing thing is to retry on additional status codes. I'd want to see some metrics on the distribution of errors we are getting from FCM and then take a call.
For context, overriding the retry policy from the user side is difficult: firebase/firebase-admin-go#579.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Right now I don't see FCM errors on the metrics, but @marianunez spotted a few some time ago.
For iOS we recently have found a couple regarding context timeout and others, so that is why we are adding the retry for both.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
For example, in the last 7 days, there has been 54 instances of FCM push failures:
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@marianunez The library doesn't expose the error codes. It has a few util functions to distinguish the errors, and that is what we are doing in the PR.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@larkox - casting is exactly what we want :)
@marianunez - thanks for the link. It's clear that we should retry on 5xx. However, from the logs, it's not clear if the ones with internal error were logged after a retry with 503, or they were logged from some other non-503 error which wasn't retried. That's what I am trying to find out here.
In any case, the library is poorly written and makes it such that the user cannot choose to override the retry policy inspite of the fact that the client clearly takes a retry policy struct as a parameter. There isn't even a way to bypass retrying so that we can copy over just the retry code.
So in worst case, we have to fork the repo and move out some packages out of internal, so that they can be imported and overridden from the client.
But before that, I wanted some metrics on the distribution of the status codes. If we see that out of all 34 internal errors, all were actually 503, then I think we could leave this alone. But if we see other non-503 status codes, then we have a decision in our hand to make.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@agnivade Just to understand your ask.
You want a first change to surface the status code of the response, let it simmer for a while so we get new data, verify what kind of 5xx error it is, and then decide whether this PR makes sense or not. Am I right?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@agnivade I may have missed this in the thread above, but why don't we want to retry for a 503?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@larkox - Yep, exactly.
@marianunez - To clarify: we, ourselves, don't want to retry for 503, because the client already does by default. My objective here is to figure out if the internal failures are all 503 or not. If it is, then we know that those were already retried and still failed. If it's something other than 503, then yes we definitely need to do something ourselves.