fix: ensure that tedge mqtt pub fully publishes messages sent with QoS 2

[jarhodes314]

Proposed changes

Ensure that all outstanding publishes are sent when running tedge mqtt pub -q 2 ....

The root cause was the queue in rumqttc's event loop. When we attempt to publish a message, this is sent to the event loop via a channel. In the case of this bug, the event loop didn't receive this publish notification before we detected the sender loop had shut down, and thus we started the disconnection process before publishing the message. The publish would still be processed before the disconnect request, but the disconnection caused us not to respond to the broker's PubRec acknowledgement, thus the QoS 2 message wasn't fully processed.

.Types of changes

• Bugfix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Improvement (general improvements like code refactoring that doesn't explicitly fix a bug or add any new functionality)
• Documentation Update (if none of the other choices apply)
• Breaking change (fix or feature that would cause existing functionality to not work as expected)

Paste Link to the issue

• flaky system test: Convert child device alarm topic #3512

Checklist

• I have read the CONTRIBUTING doc
• I have signed the CLA (in all commits with git commit -s. You can activate automatic signing by running just prepare-dev once)
• I ran just format as mentioned in CODING_GUIDELINES
• I used just check as mentioned in CODING_GUIDELINES
• I have added tests that prove my fix is effective or that my feature works
• I have added necessary documentation (if appropriate)

Further comments

[codecov]

Codecov Report

Attention: Patch coverage is 87.50000% with 2 lines in your changes missing coverage. Please review.

Files with missing lines	Patch %	Lines
crates/common/mqtt_channel/src/connection.rs	87.50%	1 Missing and 1 partial ⚠️

📢 Thoughts on this report? Let us know!

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[github-actions]

Robot Results

✅ Passed	❌ Failed	⏭️ Skipped	Total	Pass %	⏱️ Duration
631	0	3	631	100	1h50m24.729813999s

[albinsuresh]

Unrelated to the issue that we're fixing, but, seeing the additional handling required for Outgoing QoS 2 packets published by this client, I'm wondering whether we should do something similar for Incoming QoS 2 packets as well, to make sure that this client properly acknowledges those packets received from the broker.

[albinsuresh]

Couldn't that be just the latter?

Suggested change

	let remaining_events_empty =
	event_loop.state.inflight() == 0 && pub_count.load(Ordering::SeqCst) == 0;
	let remaining_events_empty = pub_count.load(Ordering::SeqCst) == 0;

[jarhodes314]

No, because pub_count == 0 tells us that everything we intended to publish has been published, and inflight == 0 tells us that all the messages are acknowledged.

[albinsuresh]

Does that really help? After the permit is acquired in line no 254 during an iteration, we start the next iteration and would have triggered the disconnection in line no. 235. Since this event_loop.poll() happens after that, setting it back to None doesn't really help, does it? As the damage (triggering the disconnect task) has already been done.

[jarhodes314]

I thought there was a chance it might not since we definitely have cases where we acquire the disconnect permit, but then can't send the disconnect due to pending packets, but if we have pending packets that means we have to wait for event_loop.poll() to complete before we can achieve the required precondition for sending the disconnect. So thinking about it more thoroughly, I think you're correct, this is redundant.

[albinsuresh]

Isn't it safer to remove the packet once PUBCOMP is received rather than PUBREC? Since that guarantees that the broker has released the message to other subscribers?

Suggested change

	Ok(Event::Incoming(Packet::PubRec(p))) => {
	Ok(Event::Incoming(Packet::PubComp(p))) => {

[jarhodes314]

Yes this is probably true

[didier-wenzek]

Actually true, as PUBCOMP is the QoS 2 equivalent of PUBACK of QoS 1. By closing on PUBREC, the PUBREL might be missing and the broker let waiting for it.

[didier-wenzek]

Approved.

[didier-wenzek]

Rerunning the failed test. Flaky, but no so:

$ invoke flake-finder --test-name "Firmware plugin supports restart via service manager #1932" --iterations 100 --outputdir output_ff --clean
...
Results: 100 iterations, 100 passed, 0 failed

[reubenmiller]

Rerunning the failed test. Flaky, but no so:

$ invoke flake-finder --test-name "Firmware plugin supports restart via service manager #1932" --iterations 100 --outputdir output_ff --clean
...
Results: 100 iterations, 100 passed, 0 failed

yeah it looked like it was caused by a duplicate operation being received…we could relax the assertion to not check a max message count, but not sure if that would cause downstream failures anyway…but yes all unrelated

[albinsuresh]

Approved.