CNJR-2412: Set database connection pool size based on worker thread count

CHANGELOG.md

@@ -9,24 +9,27 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
 - Nothing should go in this section, please add to the latest unreleased version
   (and update the corresponding date), or add a new version.
 
-### Fixed
-- Support plural syntax for revoke and deny 
-  [CONJSE-1783](https://ca-il-jira.il.cyber-ark.com:8443/browse/CONJSE-1783)
-
 ## [1.20.0] - 2023-07-11
 
 ### Added
 - Telemetry support
   [cyberark/conjur#2854](https://github.com/cyberark/conjur/pull/2854)
-
-### Added
 - New flag to `conjurctl server` command called `--no-migrate` which allows for skipping
   the database migration step when starting the server.
   [cyberark/conjur#2895](https://github.com/cyberark/conjur/pull/2895)
 
+### Changed
+- The database thread pool max connection size is now based on the number of
+  web worker threads per process, rather than an arbitrary fixed number. This
+  mitigates the possibility of a web worker becoming starved while waiting for
+  a connection to become available.
+  [cyberark/conjur#2875](https://github.com/cyberark/conjur/pull/2875)
+
 ### Fixed
 - Support Authn-IAM regional requests when host value is missing from signed headers.
   [cyberark/conjur#2827](https://github.com/cyberark/conjur/pull/2827)
+- Support plural syntax for revoke and deny
+  [CONJSE-1783](https://ca-il-jira.il.cyber-ark.com:8443/browse/CONJSE-1783)
 
 ## [1.19.5] - 2023-06-29
 

config/application.rb

@@ -43,26 +43,9 @@ class Application < Rails::Application
 
     config.autoload_paths << Rails.root.join('lib')
 
-    config.sequel.after_connect = proc do
-      Sequel.extension(:core_extensions, :postgres_schemata)
-      Sequel::Model.db.extension(:pg_array, :pg_inet)
-    end
-
-    #The default connection pool does not support closing connections.
-    # We must be able to close connections on demand to clear the connection cache
-    # after policy loads [cyberark/conjur#2584](https://github.com/cyberark/conjur/pull/2584)
-    # The [ShardedThreadedConnectionPool](https://www.rubydoc.info/github/jeremyevans/sequel/Sequel/ShardedThreadedConnectionPool) does support closing connections on-demand.
-    # Sequel is configured to use the ShardedThreadedConnectionPool by setting the servers configuration on
-    # the database connection [docs](https://www.rubydoc.info/github/jeremyevans/sequel/Sequel%2FShardedThreadedConnectionPool:servers)
-    config.sequel.servers = {}
-
     config.encoding = "utf-8"
     config.active_support.escape_html_entities_in_json = true
 
-    # Whether to dump the schema after successful migrations.
-    # Defaults to false in production and test, true otherwise.
-    config.sequel.schema_dump = false
-
     # Sets all the blank Environment Variables to nil. This ensures that nil
     # checks are sufficient to verify the usage of an environment variable.
     ENV.each_pair do |(k, v)|

config/initializers/sequel.rb

@@ -10,3 +10,46 @@ def write_id_to_json response, field
     response[field] = value if value
   end
 end
+
+Rails.application.configure do
+  config.sequel.after_connect = proc do
+    Sequel.extension(:core_extensions, :postgres_schemata)
+    Sequel::Model.db.extension(:pg_array, :pg_inet)
+  end
+
+  # The default connection pool does not support closing connections.
+  # We must be able to close connections on demand to clear the connection cache
+  # after policy loads [cyberark/conjur#2584](https://github.com/cyberark/conjur/pull/2584)
+  # The [ShardedThreadedConnectionPool](https://www.rubydoc.info/github/jeremyevans/sequel/Sequel/ShardedThreadedConnectionPool) does support closing connections on-demand.
+  # Sequel is configured to use the ShardedThreadedConnectionPool by setting the servers configuration on
+  # the database connection [docs](https://www.rubydoc.info/github/jeremyevans/sequel/Sequel%2FShardedThreadedConnectionPool:servers)
+  config.sequel.servers = {}
+
+  # Whether to dump the schema after successful migrations.
+  # Defaults to false in production and test, true otherwise.
+  config.sequel.schema_dump = false
+
+  # Max Postgres connections should be no less than the number of threads
+  # available to the web worker to avoid pool timeouts.
+  begin
+    threads_count = Integer(ENV['RAILS_MAX_THREADS'] || 16)
+  rescue ArgumentError
+    raise(
+      "Invalid value for RAILS_MAX_THREADS environment variable: " \
+      "'#{ENV['RAILS_MAX_THREADS']}'. " \
+      "Value must be a positive integer (default is 16)."
+    )
+  end
+
+  begin
+    connections_per_thread = Float(ENV['DATABASE_CONNECTIONS_PER_THREAD'] || 1.2)
+  rescue ArgumentError
+    raise(
+      "Invalid value for DATABASE_CONNECTIONS_PER_THREAD environment variable: " \
+      "'#{ENV['DATABASE_CONNECTIONS_PER_THREAD']}'. " \
+      "Value must be a positive decimal (default is 1.2)."
+    )
+  end
+
+  config.sequel.max_connections = (threads_count * connections_per_thread).ceil
+end

config/puma.rb

@@ -1,7 +1,24 @@
 # frozen_string_literal: true
 
-workers Integer(ENV['WEB_CONCURRENCY'] || 2)
-threads_count = Integer(ENV['RAILS_MAX_THREADS'] || 5)
+begin
+  workers Integer(ENV['WEB_CONCURRENCY'] || 2)
+rescue ArgumentError
+  raise(
+    "Invalid value for WEB_CONCURRENCY environment variable: " \
+    "'#{ENV['WEB_CONCURRENCY']}'. " \
+    "Value must be a positive integer (default is 2)."
+  )
+end
+
+begin
+  threads_count = Integer(ENV['RAILS_MAX_THREADS'] || 5)
+rescue ArgumentError
+  raise(
+    "Invalid value for RAILS_MAX_THREADS environment variable: " \
+    "'#{ENV['RAILS_MAX_THREADS']}'. " \
+    "Value must be a positive integer (default is 5)."
+  )
+end
 threads threads_count, threads_count
 
 # The tag is displayed in the Puma process description, for example:

distrib/conjur/etc/possum.conf

@@ -1,4 +1,2 @@
-PUMA_THREAD_MIN=0
-PUMA_THREAD_MAX=16
+RAILS_MAX_THREADS=16
 PORT=5000
-