Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

refactor(cmd): use resty.signal for process signaling #11382

Merged
merged 6 commits into from
Sep 20, 2023

Conversation

flrgh
Copy link
Contributor

@flrgh flrgh commented Aug 10, 2023

Primary improvements:

  • Removes usage of os.execute() for sending signals
  • Decouples reading a pidfile from sending a signal
  • Adds quality-of-life APIs for sending sig-(term|kill|quit)

Some months ago I needed to look over the code in kong/cmd/utils/kill.lua and thought to myself "we can do better than os.execute() here." At long last, here are the improvements that stemmed from that thought.

Along the way I renamed the file to kong/cmd/utils/process.lua and changed the name of the is_running() function to exists() for aesthetic reasons. This and the other API changes to the file make the PR somewhat large, but these changes were done in separate commits, so review commit-by-commit if you want to have an easier read-through of the changes.

There was a flaky test in spec/02-integration/01-helpers/03-http_mock_spec.lua that was giving me trouble. It was actually related to this problem domain (waiting for a pidfile to exist and contain a PID), so I fixed it here as well.

@flrgh flrgh force-pushed the refactor/cmd-utils-process branch 5 times, most recently from 5b607c0 to 63ae9ce Compare August 15, 2023 00:54
@flrgh flrgh marked this pull request as ready for review August 15, 2023 00:54
@flrgh
Copy link
Contributor Author

flrgh commented Aug 15, 2023

NOTE: When the time comes, I'd prefer we Rebase and merge this one rather than squashing.

@flrgh flrgh force-pushed the refactor/cmd-utils-process branch from 63ae9ce to 18b4339 Compare August 15, 2023 15:59
@locao locao self-requested a review August 15, 2023 16:49
@flrgh flrgh force-pushed the refactor/cmd-utils-process branch from 0e16d56 to 9f97fe2 Compare August 15, 2023 17:20
local ok
ok, err = resty_kill(pid, 0)

if ok then
Copy link
Contributor Author

@flrgh flrgh Aug 15, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Question for reviewers on this edge case: should we handle EPERM ("Operation not permitted") in a special way?

The kill(2) man page has this to say about errors:

EINVAL - An invalid signal was specified.

EPERM - The calling process does not have permission to send the signal to any of the target processes.

ESRCH - The target process or process group does not exist. Note that an existing process might be a zombie, a process that has terminated execution, but has not yet been wait(2)ed for.

I take that to mean that the process definitely exists which might imply that we should return true. However, this module seems primarily oriented towards managing our own processes (i.e. process.exists(pid) is often followed by process.signal(pid, some_signal)), so maybe it would be surprising to callers for process.exists() to return true for a process that we are not allowed to otherwise manage.

As of right now, the behavior is to return true:

$ echo 1 > ./pidfile
$ resty \
> -e 'setmetatable(_G, nil)' \
> -e 'print(require("kong.cmd.utils.process").exists("./pidfile"))'
true

The behavior of the old kong.cmd.utils.kill.is_running() function would be to return false:

$ echo 1 > ./pidfile
$ resty \
> -e 'setmetatable(_G, nil)' \
> -e 'print(require("kong.cmd.utils.kill").is_running("./pidfile"))'
false

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I would find it surprising for an exists function to error if the process exists, but cannot be managed. I would expect it to return true instead.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We talked about this outside of GH, but I'm continuing the discussion here for the sake of anyone else who wants to chime in. I'd like some consensus before merging.


In a vacuum, returning true seems to be the most correct. In our case, this does have user-facing side effects.

The primary example is in the kong-health script. Start kong as root and then run kong-health as an unprivileged user.

In master, kong-health reports that kong is not running because of the current behavior of the is_running() API:

$ kong-health

Error: Kong is not running at /home/michaelm/git/kong/kong/eperm

  Run with --v (verbose) or --vv (debug) for more details

Whereas changing is_running() (now exists()) to return true in this condition means that this branch will report that kong is running:

$ kong-health

Kong is healthy at /home/michaelm/git/kong/kong/eperm

I would say this is arguably more "correct", but it may be a surprising change to introduce.

@flrgh flrgh force-pushed the refactor/cmd-utils-process branch 2 times, most recently from 25ed07b to 57e6215 Compare August 24, 2023 18:51
kong/cmd/utils/process.lua Outdated Show resolved Hide resolved
kong/cmd/utils/process.lua Outdated Show resolved Hide resolved
kong/cmd/utils/process.lua Outdated Show resolved Hide resolved
kong/cmd/utils/process.lua Outdated Show resolved Hide resolved
@vm-001 vm-001 force-pushed the refactor/cmd-utils-process branch from 57e6215 to 2d40a9c Compare August 29, 2023 18:14
@kikito kikito requested a review from hanshuebner September 12, 2023 17:10
@flrgh flrgh force-pushed the refactor/cmd-utils-process branch 5 times, most recently from 1ff321a to c7d81ac Compare September 13, 2023 21:06
@github-actions github-actions bot added the author/community PRs from the open-source community (not Kong Inc) label Sep 19, 2023
There's a large refactor of this module in the pipeline, and renaming
from 'kill' to 'process' makes the API more sensible.
This is another name-only change ahead of some larger refactoring of the
kong.cmd.utils.process module.
This refactors kong.cmd.utils.process to use the resty.signal library
for sending signals instead of dropping to a shell.

This comes with improvements (albeit minor) to performance and security.
@hanshuebner hanshuebner force-pushed the refactor/cmd-utils-process branch from c7d81ac to 2d268ad Compare September 20, 2023 08:55
@hanshuebner hanshuebner merged commit bbdda0b into master Sep 20, 2023
27 of 28 checks passed
@hanshuebner hanshuebner deleted the refactor/cmd-utils-process branch September 20, 2023 10:29
@hanshuebner
Copy link
Contributor

@flrgh crap, i squashed the commits, sorry!

@hanshuebner hanshuebner restored the refactor/cmd-utils-process branch September 20, 2023 10:29
hanshuebner added a commit that referenced this pull request Sep 20, 2023
flrgh pushed a commit that referenced this pull request Sep 20, 2023
…" (#11620)

This reverts commit bbdda0b.

For posterity's sake, there are actually _two_ reasons for us to merge this:

1. commit history cleanup (as noted in the PR desc for #11620)
2. we discovered a subtle bug in the way that `resty.signal` traverses `LUA_CPATH` in order to discover and load its shared object dependency ([link](https://github.com/openresty/lua-resty-signal/blob/7834226610e2df36f8e69641c4ca0d5ea75a9535/lib/resty/signal.lua#L21-L58)) and _need_ to revert this to un-break master
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
author/community PRs from the open-source community (not Kong Inc) core/cli size/XL skip-changelog
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants