debian-mirror-gitlab/doc/ci/resource_groups/index.md
2023-07-09 08:55:56 +05:30

317 lines
12 KiB
Markdown

---
stage: Deploy
group: Environments
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
description: Control the job concurrency in GitLab CI/CD
---
# Resource group **(FREE)**
> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/15536) in GitLab 12.7.
By default, pipelines in GitLab CI/CD run in parallel. The parallelization is an important factor to improve
the feedback loop in merge requests, however, there are some situations that
you may want to limit the concurrency on deployment
jobs to run them one by one.
Use resource groups to strategically control
the concurrency of the jobs for optimizing your continuous deployments workflow with safety.
## Add a resource group
Provided that you have the following pipeline configuration (`.gitlab-ci.yml` file in your repository):
```yaml
build:
stage: build
script: echo "Your build script"
deploy:
stage: deploy
script: echo "Your deployment script"
environment: production
```
Every time you push a new commit to a branch, it runs a new pipeline that has
two jobs `build` and `deploy`. But if you push multiple commits in a short interval, multiple
pipelines start running simultaneously, for example:
- The first pipeline runs the jobs `build` -> `deploy`
- The second pipeline runs the jobs `build` -> `deploy`
In this case, the `deploy` jobs across different pipelines could run concurrently
to the `production` environment. Running multiple deployment scripts to the same
infrastructure could harm/confuse the instance and leave it in a corrupted state in the worst case.
To ensure that a `deploy` job runs once at a time, you can specify
[`resource_group` keyword](../yaml/index.md#resource_group) to the concurrency sensitive job:
```yaml
deploy:
...
resource_group: production
```
With this configuration, the safety on the deployments is assured while you
can still run `build` jobs concurrently for maximizing the pipeline efficiency.
## Prerequisites
- The basic knowledge of the [GitLab CI/CD pipelines](../pipelines/index.md)
- The basic knowledge of the [GitLab Environments and Deployments](../environments/index.md)
- At least the Developer role for the project to configure CI/CD pipelines.
### Limitations
Only one resource can be attached to a resource group.
## Process modes
> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/202186) in GitLab 14.3.
> - [Feature flag `ci_resource_group_process_modes`](https://gitlab.com/gitlab-org/gitlab/-/issues/340380) removed in GitLab 14.4.
> - [Generally available](https://gitlab.com/gitlab-org/gitlab/-/issues/202186) in GitLab 14.4.
You can choose a process mode to strategically control the job concurrency for your deployment preferences.
The following modes are supported:
- **Unordered:** This is the default process mode that limits the concurrency on running jobs.
It's the easiest option to use when you don't care about the execution order
of the jobs. It starts processing the jobs whenever a job ready to run.
- **Oldest first:** This process mode limits the concurrency of the jobs. When a resource is free,
it picks the first job from the list of upcoming jobs (`created`, `scheduled`, or `waiting_for_resource` state)
that are sorted by pipeline ID in ascending order.
This mode is efficient when you want to ensure that the jobs are executed from the oldest pipeline.
It is less efficient compared to the `unordered` mode in terms of the pipeline efficiency,
but safer for continuous deployments.
- **Newest first:** This process mode limits the concurrency of the jobs. When a resource is free,
it picks the first job from the list of upcoming jobs (`created`, `scheduled` or `waiting_for_resource` state)
that are sorted by pipeline ID in descending order.
This mode is efficient when you want to ensure that the jobs are executed from the newest pipeline and
prevent all of the old deploy jobs with the [prevent outdated deployment jobs](../environments/deployment_safety.md#prevent-outdated-deployment-jobs) feature.
This is the most efficient option in terms of the pipeline efficiency, but you must ensure that each deployment job is idempotent.
### Change the process mode
To change the process mode of a resource group, you must use the API and
send a request to [edit an existing resource group](../../api/resource_groups.md#edit-an-existing-resource-group)
by specifying the `process_mode`:
- `unordered`
- `oldest_first`
- `newest_first`
### An example of difference between the process modes
Consider the following `.gitlab-ci.yml`, where we have two jobs `build` and `deploy`
each running in their own stage, and the `deploy` job has a resource group set to
`production`:
```yaml
build:
stage: build
script: echo "Your build script"
deploy:
stage: deploy
script: echo "Your deployment script"
environment: production
resource_group: production
```
If three commits are pushed to the project in a short interval, that means that three
pipelines run almost at the same time:
- The first pipeline runs the jobs `build` -> `deploy`. Let's call this deployment job `deploy-1`.
- The second pipeline runs the jobs `build` -> `deploy`. Let's call this deployment job `deploy-2`.
- The third pipeline runs the jobs `build` -> `deploy`. Let's call this deployment job `deploy-3`.
Depending on the process mode of the resource group:
- If the process mode is set to `unordered`:
- `deploy-1`, `deploy-2`, and `deploy-3` do not run in parallel.
- There is no guarantee on the job execution order, for example, `deploy-1` could run before or after `deploy-3` runs.
- If the process mode is `oldest_first`:
- `deploy-1`, `deploy-2`, and `deploy-3` do not run in parallel.
- `deploy-1` runs first, `deploy-2` runs second, and `deploy-3` runs last.
- If the process mode is `newest_first`:
- `deploy-1`, `deploy-2`, and `deploy-3` do not run in parallel.
- `deploy-3` runs first, `deploy-2` runs second and `deploy-1` runs last.
## Pipeline-level concurrency control with cross-project/parent-child pipelines
> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/39057) in GitLab 13.9.
You can define `resource_group` for downstream pipelines that are sensitive to concurrent
executions. The [`trigger` keyword](../yaml/index.md#trigger) can trigger downstream pipelines and the
[`resource_group` keyword](../yaml/index.md#resource_group) can co-exist with it. `resource_group` is efficient to control the
concurrency of deployment pipelines, while other jobs can continue to run concurrently.
The following example has two pipeline configurations in a project. When a pipeline starts running,
non-sensitive jobs are executed first and aren't affected by concurrent executions in other
pipelines. However, GitLab ensures that there are no other deployment pipelines running before
triggering a deployment (child) pipeline. If other deployment pipelines are running, GitLab waits
until those pipelines finish before running another one.
```yaml
# .gitlab-ci.yml (parent pipeline)
build:
stage: build
script: echo "Building..."
test:
stage: test
script: echo "Testing..."
deploy:
stage: deploy
trigger:
include: deploy.gitlab-ci.yml
strategy: depend
resource_group: AWS-production
```
```yaml
# deploy.gitlab-ci.yml (child pipeline)
stages:
- provision
- deploy
provision:
stage: provision
script: echo "Provisioning..."
deployment:
stage: deploy
script: echo "Deploying..."
environment: production
```
You must define [`strategy: depend`](../yaml/index.md#triggerstrategy)
with the `trigger` keyword. This ensures that the lock isn't released until the downstream pipeline
finishes.
## Related topics
- [API documentation](../../api/resource_groups.md)
- [Log documentation](../../administration/logs/index.md#ci_resource_groups_jsonlog)
- [GitLab for safe deployments](../environments/deployment_safety.md)
## Troubleshooting
### Avoid dead locks in pipeline configurations
Because [`oldest_first` process mode](#process-modes) enforces the jobs to be executed in a pipeline order,
there is a case that it doesn't work well with the other CI features.
For example, when you run [a child pipeline](../pipelines/downstream_pipelines.md#parent-child-pipelines)
that requires the same resource group with the parent pipeline,
a dead lock could happen. Here is an example of a _bad_ setup:
```yaml
# BAD
test:
stage: test
trigger:
include: child-pipeline-requires-production-resource-group.yml
strategy: depend
deploy:
stage: deploy
script: echo
resource_group: production
environment: production
```
In a parent pipeline, it runs the `test` job that subsequently runs a child pipeline,
and the [`strategy: depend` option](../yaml/index.md#triggerstrategy) makes the `test` job wait until the child pipeline has finished.
The parent pipeline runs the `deploy` job in the next stage, that requires a resource from the `production` resource group.
If the process mode is `oldest_first`, it executes the jobs from the oldest pipelines, meaning the `deploy` job is executed next.
However, a child pipeline also requires a resource from the `production` resource group.
Because the child pipeline is newer than the parent pipeline, the child pipeline
waits until the `deploy` job is finished, something that never happens.
In this case, you should specify the `resource_group` keyword in the parent pipeline configuration instead:
```yaml
# GOOD
test:
stage: test
trigger:
include: child-pipeline.yml
strategy: depend
resource_group: production # Specify the resource group in the parent pipeline
deploy:
stage: deploy
script: echo
resource_group: production
environment: production
```
### Jobs get stuck in "Waiting for resource"
Sometimes, a job hangs with the message `Waiting for resource: <resource_group>`. To resolve,
first check that the resource group is working correctly:
1. Go to the job details page.
1. Select **View job currently using resource**.
1. Check the job status:
- If the status is `running` or `pending`, the feature is working correctly. Wait until the job finishes and releases the resource.
- If the status is not `running` or `pending`, the feature might not be working correctly.
[Open a new issue](https://gitlab.com/gitlab-org/gitlab/-/issues/new) with the following information:
- The job ID.
- The job status.
- How often the problem occurs.
- Steps to reproduce the problem.
You can also get job information from the GraphQL API. You should use the GraphQL API if you use pipeline-level concurrency control with cross-project/parent-child pipelines because the trigger jobs are not accessible from the UI.
To get job information from the GraphQL API:
1. Go to the pipeline details page.
1. Select the **Jobs** tab and find the ID of the stuck job.
1. Go to [GraphiQL explorer](../../api/graphql/index.md#graphiql).
1. Run the following query:
```graphql
{
project(fullPath: "<fullpath-to-your-project>") {
name
job(id: "gid://gitlab/Ci::Bridge/<job-id>") {
name
detailedStatus {
action {
path
buttonTitle
}
}
}
}
}
```
The `job.detailedStatus.action.path` field contains the job ID using the resource.
1. Run the following query and check `job.status` field according to the criteria above. You can also visit the pipeline page from `pipeline.path` field.
```graphql
{
project(fullPath: "<fullpath-to-your-project>") {
name
job(id: "gid://gitlab/Ci::Bridge/<job-id-currently-using-the-resource>") {
name
status
pipeline {
path
}
}
}
}
```
If the status is not `running` or `pending`, open a new issue.