fix: add backpressure, lower memory default to 64MB, fix except syntax

- Replace immediate 503 rejection with 30s backpressure wait using
  asyncio.Condition (prevents ES snapshot failures)
- Lower default memory limit from 128MB to 64MB everywhere
- Fix Python 2 except syntax (except X, Y → except (X, Y)) in 4 files
- Fix envsubst replacing runtime bash vars in esrally-job.yaml

Author: ServerSideHannes

README.md

@@ -120,7 +120,7 @@ Master Key → KEK (derived via SHA-256)
 | `redis-ha.enabled` | `true` | Deploy embedded Redis HA |
 | `gateway.enabled` | `false` | Create gateway service |
 | `ingress.enabled` | `false` | Enable ingress |
-| `performance.memoryLimitMb` | `128` | Memory budget for streaming concurrency |
+| `performance.memoryLimitMb` | `64` | Memory budget for streaming concurrency |
 
 See [chart/README.md](chart/README.md) for all options.
 

chart/README.md

@@ -21,7 +21,7 @@ helm install s3proxy oci://ghcr.io/serversidehannes/s3proxy-python/charts/s3prox
 | `s3.region` | `us-east-1` | AWS region |
 | `server.port` | `4433` | Proxy listen port |
 | `server.noTls` | `true` | Disable TLS (in-cluster only) |
-| `performance.memoryLimitMb` | `128` | Memory budget for streaming |
+| `performance.memoryLimitMb` | `64` | Memory budget for streaming |
 | `logLevel` | `DEBUG` | Log level |
 | `secrets.encryptKey` | `""` | AES-256 encryption key |
 | `secrets.awsAccessKeyId` | `""` | AWS access key |

chart/values.yaml

@@ -16,7 +16,7 @@ server:
   noTls: true
 
 performance:
-  memoryLimitMb: 128
+  memoryLimitMb: 64
 
 externalRedis:
   url: ""

e2e/docker-compose.yml

@@ -416,7 +416,7 @@ services:
           --set secrets.awsAccessKeyId="minioadmin" \
           --set secrets.awsSecretAccessKey="minioadmin" \
           --set logLevel="DEBUG" \
-          --set performance.memoryLimitMb=128 \
+          --set performance.memoryLimitMb=64 \
           --set gateway.enabled=true \
           --set ingress.enabled=true \
           --set 'ingress.annotations.nginx\.ingress\.kubernetes\.io/proxy-body-size=256m' \

e2e/elasticsearch/test.sh

@@ -92,7 +92,7 @@ kubectl wait --namespace "$NAMESPACE" \
 
 # Start esrally job NOW - it will do apt-get + pip install while ES is still starting
 log_info "Starting esrally loader job..."
-envsubst < "${SCRIPT_DIR}/templates/esrally-job.yaml" | kubectl apply -n "$NAMESPACE" -f -
+envsubst '$CLUSTER_NAME' < "${SCRIPT_DIR}/templates/esrally-job.yaml" | kubectl apply -n "$NAMESPACE" -f -
 
 # Follow esrally logs in background
 kubectl wait --namespace "$NAMESPACE" --for=condition=Ready pod -l job-name=geonames-loader --timeout=120s 2>/dev/null || true

s3proxy/concurrency.py

@@ -42,18 +42,22 @@ def _create_malloc_release() -> Callable[[], int] | None:
 _malloc_release = _create_malloc_release()
 
 
+BACKPRESSURE_TIMEOUT = 30  # seconds to wait before rejecting
+
+
 class ConcurrencyLimiter:
-    """Memory-based concurrency limiter.
+    """Memory-based concurrency limiter with backpressure.
 
-    Tracks reserved memory across concurrent requests and rejects new requests
-    when the configured limit would be exceeded.
+    Tracks reserved memory across concurrent requests. When the limit would be
+    exceeded, waits for memory to free up instead of rejecting immediately.
     """
 
     def __init__(self, limit_mb: int = 128) -> None:
         self._limit_mb = limit_mb
         self._limit_bytes = limit_mb * 1024 * 1024
         self._active_bytes = 0
         self._lock = asyncio.Lock()
+        self._condition = asyncio.Condition(self._lock)
         MEMORY_LIMIT_BYTES.set(self._limit_bytes)
 
     @property
@@ -76,39 +80,54 @@ def set_memory_limit(self, limit_mb: int) -> None:
         MEMORY_LIMIT_BYTES.set(self._limit_bytes)
 
     async def try_acquire(self, bytes_needed: int) -> int:
-        """Reserve memory. Returns bytes reserved. Raises S3Error.slow_down if exhausted."""
+        """Reserve memory, waiting up to BACKPRESSURE_TIMEOUT if at capacity."""
         if self._limit_bytes <= 0:
             return 0
 
         to_reserve = max(MIN_RESERVATION, min(bytes_needed, self._limit_bytes))
 
-        async with self._lock:
-            if self._active_bytes + to_reserve > self._limit_bytes:
-                active_mb = self._active_bytes / 1024 / 1024
-                request_mb = to_reserve / 1024 / 1024
-                limit_mb = self._limit_bytes / 1024 / 1024
-                logger.warning(
-                    "MEMORY_REJECTED",
-                    active_mb=round(active_mb, 2),
-                    requested_mb=round(request_mb, 2),
-                    limit_mb=round(limit_mb, 2),
-                )
-                MEMORY_REJECTIONS.inc()
-                raise S3Error.slow_down(
-                    f"Memory limit: {active_mb:.0f}MB + {request_mb:.0f}MB > {limit_mb:.0f}MB"
+        async with self._condition:
+            deadline = asyncio.get_event_loop().time() + BACKPRESSURE_TIMEOUT
+            while self._active_bytes + to_reserve > self._limit_bytes:
+                remaining = deadline - asyncio.get_event_loop().time()
+                if remaining <= 0:
+                    active_mb = self._active_bytes / 1024 / 1024
+                    request_mb = to_reserve / 1024 / 1024
+                    limit_mb = self._limit_bytes / 1024 / 1024
+                    logger.warning(
+                        "MEMORY_REJECTED",
+                        active_mb=round(active_mb, 2),
+                        requested_mb=round(request_mb, 2),
+                        limit_mb=round(limit_mb, 2),
+                        waited_sec=BACKPRESSURE_TIMEOUT,
+                    )
+                    MEMORY_REJECTIONS.inc()
+                    raise S3Error.slow_down(
+                        f"Memory limit: {active_mb:.0f}MB + {request_mb:.0f}MB > {limit_mb:.0f}MB"
+                    )
+                logger.info(
+                    "MEMORY_BACKPRESSURE",
+                    active_mb=round(self._active_bytes / 1024 / 1024, 2),
+                    requested_mb=round(to_reserve / 1024 / 1024, 2),
+                    limit_mb=round(self._limit_bytes / 1024 / 1024, 2),
+                    remaining_sec=round(remaining, 1),
                 )
+                with contextlib.suppress(TimeoutError):
+                    await asyncio.wait_for(self._condition.wait(), timeout=remaining)
+
             self._active_bytes += to_reserve
             MEMORY_RESERVED_BYTES.set(self._active_bytes)
             return to_reserve
 
     async def release(self, bytes_reserved: int) -> None:
-        """Release reserved memory and trigger OS memory release."""
+        """Release reserved memory and wake waiting requests."""
         if self._limit_bytes <= 0 or bytes_reserved <= 0:
             return
 
-        async with self._lock:
+        async with self._condition:
             self._active_bytes = max(0, self._active_bytes - bytes_reserved)
             MEMORY_RESERVED_BYTES.set(self._active_bytes)
+            self._condition.notify_all()
 
         # Run garbage collection and release memory to OS
         gc.collect(0)
@@ -124,7 +143,7 @@ async def release(self, bytes_reserved: int) -> None:
 
 
 # Default instance used by module-level functions
-_default = ConcurrencyLimiter(limit_mb=int(os.environ.get("S3PROXY_MEMORY_LIMIT_MB", "128")))
+_default = ConcurrencyLimiter(limit_mb=int(os.environ.get("S3PROXY_MEMORY_LIMIT_MB", "64")))
 
 
 def estimate_memory_footprint(method: str, content_length: int) -> int:

s3proxy/config.py

@@ -29,10 +29,10 @@ class Settings(BaseSettings):
     # This is the ONLY setting needed for OOM protection.
     # Use nginx proxy-body-size at ingress to reject oversized requests before they reach Python.
     memory_limit_mb: int = Field(
-        default=128,
+        default=64,
         description="Memory budget for concurrent requests in MB. 0=unlimited. "
         "Small files use content_length*2, large files use 8MB (streaming). "
-        "Excess requests get 503.",
+        "Excess requests wait up to 30s (backpressure), then get 503.",
     )
 
     # Redis settings (for distributed state in HA deployments)