Fix critical ingest processor issues: lock mechanism, timeout coordination, and error handling

crocodilestick · crocodilestick · commit 6921e268c1f3 · 2025-09-23T11:50:08.000+02:00
Problems Identified: - Issue crocodilestick#652: Broken lock files causing "Failed to queue upload for processing" - Issue crocodilestick#654: lsof hanging with high file descriptor limits - Issue crocodilestick#656: Timeout mismatches preventing file ingestion - Race conditions in lock acquisition and cleanup - Database connection leaks without proper context management - Permission errors crashing upload process Changes Made: 1. Implemented robust ProcessLock class with PID tracking - Added fcntl-based file locking with proper acquisition/release - Implemented stale lock detection and cleanup with process validation - Fixed race conditions in lock file management - Added proper error handling for lock operations 2. Created cwa-process-recovery startup service - Cleans up stale lock files and orphaned processes on container start - Removes temporary files older than 1 hour - Resets stuck processing status automatically - Ensures clean slate after container restarts 3. Fixed timeout coordination between service and processor - Service uses safety timeout (3x configured timeout) as last resort - Processor handles internal timeout logic independently - Coordinated timeout values prevent conflicts - Added proper timeout error handling and file backup 4. Upgraded lsof to version 4.99.5 compiled from source - Resolves hanging issues with high file descriptor limits - Ensures reliable file-in-use detection for large systems 5. Enhanced database connection management - All SQLite connections now use context managers (with statements) - Automatic connection cleanup prevents resource leaks - Added 30-second timeouts to prevent deadlocks 6. Improved error handling and permission management - Fixed permission errors in ingest directory creation - Added graceful fallback for network share environments - Enhanced main() function argument validation - Comprehensive try-finally blocks ensure cleanup 7. Fixed bash syntax in process recovery service - Corrected file counting logic with proper conditionals - Improved error handling in cleanup operations Why These Changes Matter: - Eliminates the primary causes of failed upload processing - Prevents resource leaks and orphaned processes - Provides automatic recovery from stuck states - Ensures reliable operation in containerized environments - Maintains backward compatibility while fixing critical issues These fixes address the root causes of upload failures and provide a robust, self-healing ingest system that can recover from various failure scenarios.
diff --git a/CONTRIBUTORS b/CONTRIBUTORS
@@ -1,7 +1,7 @@
 CONTRIBUTORS
 
 This file is automatically generated. DO NOT EDIT MANUALLY.
-Generated on: 2025-09-23T07:36:59.860977Z
+Generated on: 2025-09-23T09:50:10.069578Z
 
 Upstream project: https://github.com/janeczku/calibre-web
 Fork project (Calibre-Web Automated, since 2024): https://github.com/crocodilestick/calibre-web-automated
diff --git a/cps/editbooks.py b/cps/editbooks.py
@@ -319,11 +319,13 @@ def _get_ingest_path(uploaded_file, prefix_parts=None):
         if not nsm:
             # Set ownership to abc:abc (uid=1000, gid=1000)
             os.chown(ingest_dir, 1000, 1000)
-    except OSError as e:
-        logger.log.warning('Failed to set ownership of ingest directory %s: %s', ingest_dir, e)
-    except Exception:
-        # Silently ignore any other permission-related errors
-        pass
+    except (OSError, PermissionError) as e:
+        # Log warning but don't crash the upload process
+        log.warning('Failed to set ownership of ingest directory %s: %s', ingest_dir, e)
+        log.warning("If you're using a network share, consider setting NETWORK_SHARE_MODE=true in your environment variables to skip this step.")
+    except Exception as e:
+        # Silently ignore any other permission-related errors but log for debugging
+        log.debug('Other permission error setting ingest directory ownership: %s', e)
     
     base_name = secure_filename(uploaded_file.filename)
     # CWA change: use timestamp for more predictable sorting vs uuid
diff --git a/root/etc/s6-overlay/s6-rc.d/cwa-ingest-service/run b/root/etc/s6-overlay/s6-rc.d/cwa-ingest-service/run
@@ -94,8 +94,9 @@ process_retry_queue() {
                 while IFS= read -r queued_file; do
                         if [ -f "$queued_file" ]; then
                                 echo "[cwa-ingest-service] Retrying: $queued_file"
-                                local timeout=$(get_timeout_from_db)  # Get timeout from database
-                                timeout $timeout python3 /app/calibre-web-automated/scripts/ingest_processor.py "$queued_file"
+                                local configured_timeout=$(get_timeout_from_db)  # Get configured timeout from database
+                                local safety_timeout=$((configured_timeout * 3))  # Safety timeout is 3x the configured timeout
+                                timeout $safety_timeout python3 /app/calibre-web-automated/scripts/ingest_processor.py "$queued_file"
                                 local retry_exit=$?
                                 
                                 if [ $retry_exit -eq 2 ]; then
@@ -128,7 +129,8 @@ process_retry_queue() {
 
 handle_event() {
         local filepath="$1"
-        local timeout=$(get_timeout_from_db)  # Get timeout from database
+        local configured_timeout=$(get_timeout_from_db)  # Get configured timeout from database
+        local safety_timeout=$((configured_timeout * 3))  # Safety timeout is 3x the configured timeout
         local filename=$(basename "$filepath")
         
         # temp suffixes
@@ -141,19 +143,21 @@ handle_event() {
         fi
         
         echo "[cwa-ingest-service] New file detected - $filepath - Starting Ingest Processor..."
+        echo "[cwa-ingest-service] Configured timeout: ${configured_timeout}s, Safety timeout: ${safety_timeout}s"
         echo "processing:$filename:$(date '+%Y-%m-%d %H:%M:%S')" > "$STATUS_FILE"
         
-        # Add timeout protection to prevent hanging processes
-        timeout $timeout python3 /app/calibre-web-automated/scripts/ingest_processor.py "$filepath"
+        # Use safety timeout as last resort - processor should handle its own timeout internally
+        timeout $safety_timeout python3 /app/calibre-web-automated/scripts/ingest_processor.py "$filepath"
         local exit_code=$?
         
         if [ $exit_code -eq 124 ]; then
-                echo "[cwa-ingest-service] TIMEOUT: $filepath took longer than ${timeout} seconds"
-                echo "timeout:$filename:$(date '+%Y-%m-%d %H:%M:%S')" > "$STATUS_FILE"
+                echo "[cwa-ingest-service] SAFETY TIMEOUT: $filepath took longer than safety timeout of ${safety_timeout} seconds"
+                echo "[cwa-ingest-service] This indicates a serious issue - processor should have timed out internally at ${configured_timeout} seconds"
+                echo "safety_timeout:$filename:$(date '+%Y-%m-%d %H:%M:%S')" > "$STATUS_FILE"
                 # Move problematic file to failed backup with timestamp
                 if [ -d "/config/processed_books/failed" ]; then
                         local timestamp=$(date '+%Y%m%d_%H%M%S')
-                        local failed_filename="${timestamp}_timeout_${filename}"
+                        local failed_filename="${timestamp}_safety_timeout_${filename}"
                         echo "[cwa-ingest-service] Moving $filename to failed backup as $failed_filename"
                         cp "$filepath" "/config/processed_books/failed/$failed_filename" 2>/dev/null || true
                 fi
diff --git a/root/etc/s6-overlay/s6-rc.d/cwa-process-recovery/dependencies.d/cwa-init b/root/etc/s6-overlay/s6-rc.d/cwa-process-recovery/dependencies.d/cwa-init
@@ -0,0 +1 @@
+cwa-init
diff --git a/root/etc/s6-overlay/s6-rc.d/cwa-process-recovery/run b/root/etc/s6-overlay/s6-rc.d/cwa-process-recovery/run
@@ -0,0 +1,187 @@
+#!/usr/bin/with-contenv bash
+
+echo "[cwa-process-recovery] Starting process recovery and cleanup..."
+
+# Function to check if a process is running
+is_process_running() {
+    local pid="$1"
+    [ -n "$pid" ] && kill -0 "$pid" 2>/dev/null
+}
+
+# Function to safely kill a process
+safe_kill_process() {
+    local pid="$1"
+    local name="$2"
+    
+    if is_process_running "$pid"; then
+        echo "[cwa-process-recovery] Killing stale process $name (PID: $pid)"
+        
+        # Try SIGTERM first
+        kill -TERM "$pid" 2>/dev/null || true
+        sleep 2
+        
+        # If still running, use SIGKILL
+        if is_process_running "$pid"; then
+            echo "[cwa-process-recovery] Process $pid didn't respond to SIGTERM, using SIGKILL"
+            kill -KILL "$pid" 2>/dev/null || true
+        fi
+        
+        echo "[cwa-process-recovery] Process $name (PID: $pid) terminated"
+        return 0
+    else
+        echo "[cwa-process-recovery] Process $name (PID: $pid) is not running"
+        return 1
+    fi
+}
+
+# Clean up stale lock files and associated processes
+cleanup_stale_locks() {
+    echo "[cwa-process-recovery] Checking for stale lock files and processes..."
+    
+    local lock_files=(
+        "/tmp/ingest_processor.lock"
+        "/tmp/convert_library.lock" 
+        "/tmp/cover_enforcer.lock"
+        "/tmp/kindle_epub_fixer.lock"
+    )
+    
+    local cleaned_count=0
+    
+    for lock_file in "${lock_files[@]}"; do
+        if [ -f "$lock_file" ]; then
+            local lock_name=$(basename "$lock_file" .lock)
+            echo "[cwa-process-recovery] Found stale lock file: $lock_file"
+            
+            # Try to read PID from lock file
+            local pid=""
+            if [ -r "$lock_file" ]; then
+                pid=$(cat "$lock_file" 2>/dev/null | head -1 | tr -d '\n' | grep -E '^[0-9]+$' || true)
+            fi
+            
+            if [ -n "$pid" ]; then
+                # Kill the process if it's still running
+                safe_kill_process "$pid" "$lock_name"
+            fi
+            
+            # Remove the lock file
+            rm -f "$lock_file"
+            echo "[cwa-process-recovery] Removed stale lock file: $lock_file"
+            ((cleaned_count++))
+        fi
+    done
+    
+    if [ $cleaned_count -eq 0 ]; then
+        echo "[cwa-process-recovery] No stale lock files found"
+    else
+        echo "[cwa-process-recovery] Cleaned up $cleaned_count stale lock file(s)"
+    fi
+}
+
+# Clean up stale temporary processing files
+cleanup_temp_files() {
+    echo "[cwa-process-recovery] Cleaning up stale temporary files..."
+    
+    local temp_dirs=(
+        "/config/.cwa_conversion_tmp"
+        "/tmp"
+    )
+    
+    local cleaned_count=0
+    
+    for temp_dir in "${temp_dirs[@]}"; do
+        if [ -d "$temp_dir" ]; then
+            # Clean up old staging directories (older than 1 hour)
+            if find "$temp_dir" -name "staging*" -type d -mmin +60 -exec rm -rf {} + 2>/dev/null; then
+                ((cleaned_count++))
+            fi
+            
+            # Clean up old conversion temp files (older than 1 hour)
+            if find "$temp_dir" -name "*.tmp" -mmin +60 -delete 2>/dev/null; then
+                ((cleaned_count++))
+            fi
+            if find "$temp_dir" -name "*_converting_*" -mmin +60 -delete 2>/dev/null; then
+                ((cleaned_count++))
+            fi
+        fi
+    done
+    
+    if [ $cleaned_count -eq 0 ]; then
+        echo "[cwa-process-recovery] No stale temporary files found"
+    else
+        echo "[cwa-process-recovery] Cleaned up $cleaned_count stale temporary file(s)"
+    fi
+}
+
+# Reset processing status if stuck
+reset_processing_status() {
+    echo "[cwa-process-recovery] Checking processing status..."
+    
+    local status_file="/config/cwa_ingest_status"
+    
+    if [ -f "$status_file" ]; then
+        local status_content=$(cat "$status_file" 2>/dev/null || echo "unknown")
+        
+        # Check if status indicates processing but no processor is running
+        if [[ "$status_content" == processing:* ]]; then
+            # Extract the timestamp from the status
+            local timestamp=$(echo "$status_content" | cut -d':' -f3- 2>/dev/null || echo "")
+            
+            if [ -n "$timestamp" ]; then
+                # Convert timestamp to epoch for comparison
+                local status_epoch=$(date -d "$timestamp" +%s 2>/dev/null || echo "0")
+                local current_epoch=$(date +%s)
+                local age_minutes=$(( (current_epoch - status_epoch) / 60 ))
+                
+                # If processing status is older than 30 minutes, reset it
+                if [ $age_minutes -gt 30 ]; then
+                    echo "[cwa-process-recovery] Processing status is $age_minutes minutes old, resetting to idle"
+                    echo "idle" > "$status_file"
+                else
+                    echo "[cwa-process-recovery] Processing status is $age_minutes minutes old, keeping as-is"
+                fi
+            else
+                echo "[cwa-process-recovery] Invalid processing status timestamp, resetting to idle"
+                echo "idle" > "$status_file"
+            fi
+        else
+            echo "[cwa-process-recovery] Processing status is: $status_content"
+        fi
+    else
+        echo "[cwa-process-recovery] No processing status file found, creating with idle status"
+        echo "idle" > "$status_file"
+    fi
+}
+
+# Check for orphaned processes that might be related to CWA
+cleanup_orphaned_processes() {
+    echo "[cwa-process-recovery] Checking for orphaned CWA processes..."
+    
+    # Look for Python processes running CWA scripts
+    local cwa_processes=$(pgrep -f "python.*ingest_processor.py\|python.*convert_library.py\|python.*kindle_epub_fixer.py" 2>/dev/null || true)
+    
+    if [ -n "$cwa_processes" ]; then
+        echo "[cwa-process-recovery] Found potential orphaned CWA processes:"
+        echo "$cwa_processes" | while read -r pid; do
+            if [ -n "$pid" ]; then
+                local cmd=$(ps -p "$pid" -o args= 2>/dev/null || echo "unknown")
+                echo "[cwa-process-recovery] PID $pid: $cmd"
+                
+                # For now, just log them - we could add logic to kill very old ones
+                # safe_kill_process "$pid" "orphaned-cwa-process"
+            fi
+        done
+    else
+        echo "[cwa-process-recovery] No orphaned CWA processes found"
+    fi
+}
+
+# Main recovery sequence
+echo "[cwa-process-recovery] ========== Starting Recovery Sequence =========="
+
+cleanup_stale_locks
+cleanup_temp_files  
+reset_processing_status
+cleanup_orphaned_processes
+
+echo "[cwa-process-recovery] ========== Recovery Sequence Complete =========="
+echo "[cwa-process-recovery] Process recovery service finished successfully"
diff --git a/root/etc/s6-overlay/s6-rc.d/cwa-process-recovery/type b/root/etc/s6-overlay/s6-rc.d/cwa-process-recovery/type
@@ -0,0 +1 @@
+oneshot
diff --git a/root/etc/s6-overlay/s6-rc.d/user/contents.d/cwa-process-recovery b/root/etc/s6-overlay/s6-rc.d/user/contents.d/cwa-process-recovery
@@ -0,0 +1 @@
+cwa-process-recovery
diff --git a/scripts/ingest_processor.py b/scripts/ingest_processor.py
