The latest articles on Forem by Ilya Voronin (@ivoronin). https://forem.com/ivoronin https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F3592181%2Fcc21e59f-78fb-4f7a-b287-6b0d62f114b0.png https://forem.com/ivoronin en Ilya Voronin Sat, 01 Nov 2025 08:33:59 +0000 https://forem.com/ivoronin/celery-sqs-stop-broken-workers-from-monopolizing-your-queue-with-circuit-breakers-11dj https://forem.com/ivoronin/celery-sqs-stop-broken-workers-from-monopolizing-your-queue-with-circuit-breakers-11dj <h2> The Problem </h2> <p>You have 10 Celery workers processing tasks from SQS. One worker's GPU fails. Here's what happens:</p> <ul> <li> <strong>Healthy worker:</strong> Takes 60 seconds to process a task</li> <li> <strong>Broken worker:</strong> Fails in 0.5 seconds, immediately grabs next task</li> </ul> <p>The broken worker is <strong>100x faster</strong> at consuming (and failing) tasks. In one minute, it handles 90% of your queue and fails everything.</p> <p>This is <strong>systemic failure amplification</strong> — one broken component paralyzes the entire system.</p> <h2> The Solution </h2> <p>When a worker keeps failing, <strong>stop it from taking new tasks</strong> for a timeout period.</p> <p><strong>The challenge:</strong> Celery + SQS doesn't have a built-in way to pause consumption based on worker health. There's no API to say "stop fetching messages for 60 seconds because this worker is broken."</p> <p><strong>Our approach:</strong> Patch Celery's consumption mechanism using bootsteps + shared memory for cross-process signaling.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">from</span> <span class="n">multiprocessing</span> <span class="kn">import</span> <span class="n">Value</span> <span class="kn">import</span> <span class="n">ctypes</span> <span class="kn">from</span> <span class="n">celery</span> <span class="kn">import</span> <span class="n">bootsteps</span> <span class="kn">from</span> <span class="n">types</span> <span class="kn">import</span> <span class="n">MethodType</span> <span class="kn">import</span> <span class="n">pybreaker</span> <span class="c1"># 1. Shared memory between all processes </span><span class="n">_paused_until</span> <span class="o">=</span> <span class="nc">Value</span><span class="p">(</span><span class="n">ctypes</span><span class="p">.</span><span class="n">c_double</span><span class="p">,</span> <span class="mf">0.0</span><span class="p">)</span> <span class="c1"># 2. When circuit opens, write pause timestamp </span><span class="k">class</span> <span class="nc">CircuitBreakerPauseController</span><span class="p">(</span><span class="n">pybreaker</span><span class="p">.</span><span class="n">CircuitBreakerListener</span><span class="p">):</span> <span class="k">def</span> <span class="nf">state_change</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">cb</span><span class="p">,</span> <span class="n">old_state</span><span class="p">,</span> <span class="n">new_state</span><span class="p">):</span> <span class="k">if</span> <span class="n">new_state</span><span class="p">.</span><span class="n">name</span> <span class="o">==</span> <span class="n">pybreaker</span><span class="p">.</span><span class="n">STATE_OPEN</span><span class="p">:</span> <span class="n">pause_until_ts</span> <span class="o">=</span> <span class="n">datetime</span><span class="p">.</span><span class="nf">now</span><span class="p">(</span><span class="n">UTC</span><span class="p">).</span><span class="nf">timestamp</span><span class="p">()</span> <span class="o">+</span> <span class="n">cb</span><span class="p">.</span><span class="n">reset_timeout</span> <span class="n">_paused_until</span><span class="p">.</span><span class="n">value</span> <span class="o">=</span> <span class="n">pause_until_ts</span> <span class="c1"># 3. Patch can_consume() to block SQS fetching during pause </span><span class="k">class</span> <span class="nc">CircuitBreakerConsumptionGate</span><span class="p">(</span><span class="n">bootsteps</span><span class="p">.</span><span class="n">StartStopStep</span><span class="p">):</span> <span class="n">requires</span> <span class="o">=</span> <span class="p">(</span><span class="sh">"</span><span class="s">celery.worker.consumer.tasks:Tasks</span><span class="sh">"</span><span class="p">,)</span> <span class="k">def</span> <span class="nf">start</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">parent</span><span class="p">):</span> <span class="n">channel_qos</span> <span class="o">=</span> <span class="n">parent</span><span class="p">.</span><span class="n">task_consumer</span><span class="p">.</span><span class="n">channel</span><span class="p">.</span><span class="n">qos</span> <span class="n">original</span> <span class="o">=</span> <span class="n">channel_qos</span><span class="p">.</span><span class="n">can_consume</span> <span class="k">def</span> <span class="nf">can_consume</span><span class="p">(</span><span class="n">self</span><span class="p">):</span> <span class="n">pause_until_ts</span> <span class="o">=</span> <span class="n">_paused_until</span><span class="p">.</span><span class="n">value</span> <span class="k">if</span> <span class="n">pause_until_ts</span> <span class="o">&gt;</span> <span class="mf">0.0</span><span class="p">:</span> <span class="k">if</span> <span class="n">datetime</span><span class="p">.</span><span class="nf">now</span><span class="p">(</span><span class="n">UTC</span><span class="p">).</span><span class="nf">timestamp</span><span class="p">()</span> <span class="o">&lt;</span> <span class="n">pause_until_ts</span><span class="p">:</span> <span class="k">return</span> <span class="bp">False</span> <span class="c1"># Block fetching </span> <span class="k">return</span> <span class="nf">bool</span><span class="p">(</span><span class="nf">original</span><span class="p">())</span> <span class="n">channel_qos</span><span class="p">.</span><span class="n">can_consume</span> <span class="o">=</span> <span class="nc">MethodType</span><span class="p">(</span><span class="n">can_consume</span><span class="p">,</span> <span class="n">channel_qos</span><span class="p">)</span> <span class="c1"># 4. Circuit breaker with listeners </span><span class="n">breaker</span> <span class="o">=</span> <span class="n">pybreaker</span><span class="p">.</span><span class="nc">CircuitBreaker</span><span class="p">(</span> <span class="n">fail_max</span><span class="o">=</span><span class="mi">3</span><span class="p">,</span> <span class="n">reset_timeout</span><span class="o">=</span><span class="mi">60</span><span class="p">,</span> <span class="n">throw_new_error_on_trip</span><span class="o">=</span><span class="bp">False</span><span class="p">,</span> <span class="c1"># Keep original exceptions </span> <span class="n">listeners</span><span class="o">=</span><span class="p">[</span><span class="nc">CircuitBreakerPauseController</span><span class="p">()],</span> <span class="p">)</span> <span class="c1"># 5. Register bootstep and wrap tasks </span><span class="n">app</span><span class="p">.</span><span class="n">steps</span><span class="p">[</span><span class="sh">"</span><span class="s">consumer</span><span class="sh">"</span><span class="p">].</span><span class="nf">add</span><span class="p">(</span><span class="n">CircuitBreakerConsumptionGate</span><span class="p">)</span> <span class="nd">@app.task</span><span class="p">(</span><span class="n">bind</span><span class="o">=</span><span class="bp">True</span><span class="p">)</span> <span class="k">def</span> <span class="nf">process_workflow</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">workflow</span><span class="p">):</span> <span class="k">return</span> <span class="n">breaker</span><span class="p">.</span><span class="nf">call</span><span class="p">(</span><span class="n">self</span><span class="p">.</span><span class="n">_execute_workflow</span><span class="p">,</span> <span class="n">workflow</span><span class="p">)</span> </code></pre> </div> <p><strong>How it works:</strong></p> <ol> <li>Worker fails 3 times → circuit opens</li> <li> <code>PauseController</code> writes <code>_paused_until = now + 60s</code> to shared memory</li> <li>Main process checks <code>_paused_until</code> in <code>can_consume()</code> </li> <li>Returns <code>False</code> → <strong>no SQS fetching for 60 seconds</strong> </li> <li>After timeout, circuit tries one task (HALF_OPEN state)</li> <li>Success → close circuit, failure → pause again</li> </ol> <p>The pattern transforms failing workers from system-killers into isolated incidents.</p> celery sqs python sre