-
-
Notifications
You must be signed in to change notification settings - Fork 3.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
httpserver: Configurable shutdown delay #4906
Conversation
This should probably only be enforced for listeners that are not being used by the next configuration (i.e. server is shutting down, not reloading). This can be determined by accessing the count in the usagepool. I think this is currently very unexported but I wonder if we can access it. |
FWIW I think it would be useful to have a built-in way to check if a shutdown is actually for a reload or not. Right now, I think plugins need to set up their own UsagePool just for that purpose, which is a lot of awkward boilerplate for something that should just be a simple boolean check. |
I'm currently refactoring this for a more proper implementation: the placeholders will be per-server (if I can figure that part out), since a config reload might stop some listeners but not others. If any listener is being stopped, then the delay will occur, otherwise it will not. What's the significance of a config reload? All the clients should care about is whether the listener is going away or not. |
For the case of the |
That's true, but this is only for HTTP server internals. Reload or shutdown will be irrelevant here (either way, it will report a shutdown if the listener is closing, which should be all that matters). |
Instead of the entire app being scheduled for shutdown, shutdown will be announced only for servers whose listeners are closing. This is regardless of config reload or exit (listeners close during reload if new config does not listen on that address). Fix mapping of caddyhttp.Server -> http.Server and http3.Server types. However this breaks HTTP/3 Alt-Svc because the http3 package uses a hard-coded address explicitly in configuration, even though the server can be used for multiple listeners. Issue: quic-go/quic-go#3486 Overall this is a Very Good Change, I think.
Ok, refactor complete, and I'm actually quite happy with things... much better than before IMO. Now shutdowns are announced per-server and whether it's a process exit or a reload is irrelevant.
(Edit: No it doesn't, I just made a mistake... fixed it.) |
Sigh, that web editor... should be avoided
I'm a dum dum. HTTP/3 works just fine with this. The error was in my code, I didn't realize something got messed up in the refactor. Sorry about that Marten! 😅 Thanks for being patient and rigorous. I'll merge this in a moment. |
This config setting allows scheduling a shutdown for the near future when a config is reloaded or the server is exiting. It blocks config reloads / signals while it waits and there is no cancelling it.
This is useful as it allows the server to continue operating normally before a config is unloaded. This delay happens before the grace period is initiated, meaning that new connections are still accepted during this time just like normal. After the delay completes, the grace period begins and new connections are no longer accepted and the graceful shutdown commences (idle connections closed, active connections closed once idle, etc).
Adds two new placeholders:
{http.shutting_down}
will returntrue
if the server is shutting down, orfalse
otherwise.{http.time_until_shutdown}
will return the duration of the delay that remains if the server is scheduled to shut down. Otherwise it returns nil/empty.This allows health check endpoints to announce that they will soon be going down so that this instance can be moved out of the rotation or a replacement instance can be spun up. For example:
Note that this behavior is a little wonky for config reloads specifically. During a config change (as opposed to a config unload), two configs are running simultaneously for a time while the old one shuts down. Thus a request to a health check endpoint has the random chance of hitting the old server or the new one, since the grace period has not started yet. I'm trying to decide if that is correct behavior, or whether it should ONLY do this for a final shutdown (i.e. no new/replacement config).
@mxrlkn please try this out! :)
Closes #2843