shotover 0.7.2

Shotover API for building custom transforms
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402

//! Tools for initializing shotover in the final binary.
use crate::config::Config;
use crate::config::topology::Topology;
use crate::hot_reload::client::HotReloadClient;
use crate::observability::LogFilterHttpExporter;
use anyhow::Context;
use anyhow::{Result, anyhow};
use clap::{Parser, crate_version};
use metrics_exporter_prometheus::PrometheusBuilder;
use rustls::crypto::aws_lc_rs::default_provider;
use std::env;
use std::net::SocketAddr;
use std::time::Duration;
use tokio::runtime::{self, Runtime};
use tokio::signal::unix::{SignalKind, signal};
use tokio::sync::watch;
use tracing::{error, info, warn};
use tracing_appender::non_blocking::{NonBlocking, WorkerGuard};
use tracing_subscriber::filter::Directive;
use tracing_subscriber::fmt::Layer;
use tracing_subscriber::fmt::format::DefaultFields;
use tracing_subscriber::fmt::format::Format;
use tracing_subscriber::fmt::format::Full;
use tracing_subscriber::fmt::format::Json;
use tracing_subscriber::fmt::format::JsonFields;
use tracing_subscriber::layer::Layered;
use tracing_subscriber::reload::Handle;
use tracing_subscriber::{EnvFilter, Registry};

#[derive(Parser, Clone)]
#[clap(version = crate_version!(), author = "Instaclustr")]
struct ConfigOpts {
    #[clap(short, long, default_value = "config/topology.yaml")]
    pub topology_file: String,

    #[clap(short, long, default_value = "config/config.yaml")]
    pub config_file: String,

    // Number of tokio worker threads.
    // By default uses the number of cores on the system.
    #[clap(long)]
    pub core_threads: Option<usize>,

    // 2,097,152 = 2 * 1024 * 1024 (2MiB)
    #[clap(long, default_value = "2097152")]
    pub stack_size: usize,

    #[arg(long, value_enum, default_value = "human")]
    pub log_format: LogFormat,

    /// By default hot reload functionality is disabled.
    /// However, when this flag is provided hot reload functionality is enabled and performed over the socket at the specified path.
    /// If the socket exists, shotover will connect to the socket to hot reload from the shotover instance that created the socket.
    /// Shotover will always create a new socket on startup so that it too can be hot reloaded from.
    /// If there is already a socket at the path because hot reloading with the original instance hasn't completed yet, shotover will retry socket creation until it succeeds.

    #[clap(long)]
    pub hotreload_socket: Option<String>,

    /// When performing a hot reload, this specifies how many seconds the original shotover instance
    /// should spend in the gradual shutdown state, draining connections.
    /// The connections will be drained in chunks distributed evenly across this duration.
    /// If not specified, defaults to 60 seconds.
    #[clap(long, default_value = "60")]
    pub hotreload_gradual_shutdown_seconds: u64,
}

#[derive(clap::ValueEnum, Clone, Copy)]
enum LogFormat {
    Human,
    Json,
}

pub struct Shotover {
    runtime: Runtime,
    topology: Topology,
    config: Config,
    tracing: TracingState,
    hotreload_socket: Option<String>,
    hotreload_gradual_shutdown_duration: Duration,
}

impl Shotover {
    #[expect(clippy::new_without_default)]
    pub fn new() -> Self {
        if std::env::var("RUST_LIB_BACKTRACE").is_err() {
            std::env::set_var("RUST_LIB_BACKTRACE", "0");
        }

        default_provider().install_default().unwrap();

        let opts = ConfigOpts::parse();
        let log_format = opts.log_format;

        match Shotover::new_inner(opts) {
            Ok(x) => x,
            Err(err) => {
                // If initialization failed then we have no tokio runtime or tracing to use.
                // Create the simplest runtime + tracing so we can write out an `error!`, if even that fails then just panic.
                // Put it all in its own scope so we drop it (and therefore perform tracing log flushing) before we exit
                {
                    let rt = Runtime::new()
                        .context("Failed to create runtime while trying to report {err:?}")
                        .unwrap();
                    let _guard = rt.enter();
                    let _tracing_state = TracingState::new("error", log_format)
                        .context("Failed to create TracingState while trying to report {err:?}")
                        .unwrap();

                    tracing::error!("{:?}", err.context("Failed to start shotover"));
                }
                std::process::exit(1);
            }
        }
    }

    fn new_inner(params: ConfigOpts) -> Result<Self> {
        let config = Config::from_file(params.config_file)?;
        let topology = Topology::from_file(&params.topology_file)?;
        let tracing = TracingState::new(config.main_log_level.as_str(), params.log_format)?;
        let runtime = Shotover::create_runtime(params.stack_size, params.core_threads);

        // Determine hot reload mode based on socket existence
        let hotreload_socket = params.hotreload_socket;
        Shotover::start_observability_interface(&runtime, &config, &tracing)?;

        Ok(Shotover {
            runtime,
            topology,
            config,
            tracing,
            hotreload_socket,
            hotreload_gradual_shutdown_duration: Duration::from_secs(
                params.hotreload_gradual_shutdown_seconds,
            ),
        })
    }

    fn start_observability_interface(
        runtime: &Runtime,
        config: &Config,
        tracing: &TracingState,
    ) -> Result<()> {
        if let Some(observability_interface) = &config.observability_interface {
            let recorder = PrometheusBuilder::new()
                .set_quantiles(&[0.0, 0.1, 0.5, 0.9, 0.95, 0.99, 0.999, 1.0])
                .unwrap()
                .build_recorder();
            let handle = recorder.handle();
            metrics::set_global_recorder(recorder)?;

            let socket: SocketAddr = observability_interface.parse()?;
            let exporter = LogFilterHttpExporter::new(handle, socket, tracing.handle.clone());

            runtime.spawn(exporter.async_run());
        }
        Ok(())
    }
    async fn run_inner(
        topology: Topology,
        config: Config,
        hotreload_socket: Option<String>,
        hotreload_gradual_shutdown_duration: Duration,
        trigger_shutdown_rx: watch::Receiver<bool>,
    ) -> Result<()> {
        let hotreload_client = hotreload_socket.clone().and_then(HotReloadClient::new);
        let hotreload_listeners = if let Some(client) = &hotreload_client {
            info!("Hot reload CLIENT mode - requesting socket handoff from existing shotover");
            client
                .perform_hot_reloading()
                .await
                .context("Hot reload client failed")?
        } else {
            std::collections::HashMap::new()
        };

        info!("Starting Shotover {}", crate_version!());
        info!(configuration = ?config);
        info!(topology = ?topology);

        match topology
            .run_chains(trigger_shutdown_rx, hotreload_listeners)
            .await
        {
            Ok(sources) => {
                // After the new instance is fully started and accepting connections,
                // request the old instance to shut down
                if let Some(client) = &hotreload_client {
                    if let Err(e) = client
                        .request_shutdown_old_instance(hotreload_gradual_shutdown_duration)
                        .await
                    {
                        warn!(
                            "Failed to send shutdown request to old shotover instance: {}",
                            e
                        );
                    }
                }

                // Start hot reload server if socket is configured
                if let Some(socket_path) = hotreload_socket {
                    info!("Starting hot reload server at: {}", socket_path);
                    crate::hot_reload::server::start_hot_reload_server(socket_path, &sources);
                }

                futures::future::join_all(sources.into_iter().map(|x| x.join())).await;
                Ok(())
            }
            Err(err) => Err(err),
        }
    }

    /// Begins running shotover, permanently handing control of the appplication over to shotover.
    /// As such this method never returns.
    pub fn run_block(self) -> ! {
        let Shotover {
            runtime,
            topology,
            config,
            tracing,
            hotreload_socket,
            hotreload_gradual_shutdown_duration,
        } = self;

        let (trigger_shutdown_tx, trigger_shutdown_rx) = tokio::sync::watch::channel(false);

        // We need to block on this part to ensure that we immediately register these signals.
        // Otherwise if we included signal creation in the below spawned task we would be at the mercy of whenever tokio decides to start running the task.
        let (mut interrupt, mut terminate) = runtime.block_on(async {
            (
                signal(SignalKind::interrupt()).unwrap(),
                signal(SignalKind::terminate()).unwrap(),
            )
        });
        runtime.spawn(async move {
            tokio::select! {
                _ = interrupt.recv() => {
                    info!("received SIGINT");
                },
                _ = terminate.recv() => {
                    info!("received SIGTERM");
                },
            };

            trigger_shutdown_tx.send(true).unwrap();
        });

        let code = match runtime.block_on(Shotover::run_inner(
            topology,
            config,
            hotreload_socket,
            hotreload_gradual_shutdown_duration,
            trigger_shutdown_rx,
        )) {
            Ok(()) => {
                info!("Shotover was shutdown cleanly.");
                0
            }
            Err(err) => {
                error!("{:?}", err.context("Failed to start shotover"));
                1
            }
        };
        // Ensure tracing is flushed by dropping before exiting
        std::mem::drop(tracing);
        std::mem::drop(runtime);
        std::process::exit(code);
    }

    fn create_runtime(stack_size: usize, worker_threads: Option<usize>) -> Runtime {
        let mut runtime_builder = runtime::Builder::new_multi_thread();
        runtime_builder
            .enable_all()
            .thread_name("shotover-worker")
            .thread_stack_size(stack_size);
        if let Some(worker_threads) = worker_threads {
            runtime_builder.worker_threads(worker_threads);
        }
        runtime_builder.build().unwrap()
    }
}

struct TracingState {
    /// Once this is dropped tracing logs are ignored
    _guard: WorkerGuard,
    handle: ReloadHandle,
}

/// Returns a new `EnvFilter` by parsing each directive string, or an error if any directive is invalid.
/// The parsing is robust to formatting, but will reject the first invalid directive (e.g. bad log level).
fn try_parse_log_directives(directives: &[Option<&str>]) -> Result<EnvFilter> {
    let directives: Vec<Directive> = directives
        .iter()
        .flat_map(Option::as_deref)
        .flat_map(|s| s.split(','))
        .map(str::trim)
        .filter(|s| !s.is_empty())
        .map(|s| s.parse().map_err(|e| anyhow!("{}: {}", e, s)))
        .collect::<Result<_>>()?;

    let filter = directives
        .into_iter()
        .fold(EnvFilter::default(), |filter, directive| {
            filter.add_directive(directive)
        });

    Ok(filter)
}

impl TracingState {
    pub fn new(log_level: &str, format: LogFormat) -> Result<Self> {
        let (non_blocking, guard) = tracing_appender::non_blocking(std::io::stdout());

        // Load log directives from shotover config and then from the RUST_LOG env var, with the latter taking priority.
        // In the future we might be able to simplify the implementation if work is done on tokio-rs/tracing#1466.
        let overrides = env::var(EnvFilter::DEFAULT_ENV).ok();
        let env_filter = try_parse_log_directives(&[Some(log_level), overrides.as_deref()])?;

        let handle = match format {
            LogFormat::Json => {
                let builder = tracing_subscriber::fmt()
                    .json()
                    .with_writer(non_blocking)
                    .with_env_filter(env_filter)
                    .with_filter_reloading();
                let handle = ReloadHandle::Json(builder.reload_handle());
                builder.init();
                handle
            }
            LogFormat::Human => {
                let builder = tracing_subscriber::fmt()
                    .with_writer(non_blocking)
                    .with_env_filter(env_filter)
                    .with_filter_reloading();
                let handle = ReloadHandle::Human(builder.reload_handle());
                builder.init();
                handle
            }
        };

        // When in json mode we need to process panics as events instead of printing directly to stdout.
        // This is so that:
        // * We dont include invalid json in stdout
        // * panics can be received by whatever is processing the json events
        //
        // We dont do this for LogFormat::Human because the default panic messages are more readable for humans
        if let LogFormat::Json = format {
            crate::tracing_panic_handler::setup();
        }

        Ok(TracingState {
            _guard: guard,
            handle,
        })
    }
}

type Formatter<A, B> = Layered<Layer<Registry, A, Format<B>, NonBlocking>, Registry>;

// TODO: We will be able to remove this and just directly use the handle once tracing 0.2 is released. See:
// * https://github.com/tokio-rs/tracing/pull/1035
// * https://github.com/linkerd/linkerd2-proxy/blob/6c484f6dcdeebda18b68c800b4494263bf98fcdc/linkerd/app/core/src/trace.rs#L19-L36
#[derive(Clone)]
pub(crate) enum ReloadHandle {
    Json(Handle<EnvFilter, Formatter<JsonFields, Json>>),
    Human(Handle<EnvFilter, Formatter<DefaultFields, Full>>),
}

impl ReloadHandle {
    pub fn reload(&self, filter: EnvFilter) -> Result<()> {
        match self {
            ReloadHandle::Json(handle) => handle.reload(filter).map_err(|e| anyhow!(e)),
            ReloadHandle::Human(handle) => handle.reload(filter).map_err(|e| anyhow!(e)),
        }
    }
}

#[cfg(test)]
mod test {
    use super::*;
    use pretty_assertions::assert_eq;

    #[test]
    fn test_try_parse_log_directives() {
        assert_eq!(
            try_parse_log_directives(&[
                Some("info,short=warn,error"),
                None,
                Some("debug"),
                Some("alongname=trace")
            ])
            .unwrap()
            .to_string(),
            // Ordered by descending specificity.
            "alongname=trace,short=warn,debug"
        );
        match try_parse_log_directives(&[Some("good=info,bad=blah,warn")]) {
            Ok(_) => panic!(),
            Err(e) => assert_eq!(e.to_string(), "invalid filter directive: bad=blah"),
        }
    }
}