facebook/sapling
1
1
Fork 0
mirror of https://github.com/facebook/sapling.git synced 2024-10-10 00:45:18 +03:00
Code Issues Projects Releases Wiki Activity
c2236c3bc2
sapling/eden/fs/takeover/TakeoverServer.cpp

329 lines
12 KiB
C++
Raw Normal View History

initial code to listen for graceful takeover attempts Summary: This adds a new class which listens on a Unix domain socket for clients that wish to gracefully take over Eden's FUSE mount points. The goal is to eventually enable graceful restart functionality for eden. It would be nice if we could use the existing thrift server socket for this, but thrift doesn't provide low-enough level APIs so that we can send credentials and file descriptors over the socket using SCM_CREDENTIALS and SCM_RIGHTS. Using our own separate socket is the easiest way to accomplish this instead. For now eden just listens on this socket and logs a message when a client connects; this diff does not yet contain logic for performing mount point takeover. Reviewed By: bolinfest Differential Revision: D5827752 fbshipit-source-id: 928e541efa2546cb612da2699ff0bd822bafaad5
2017-11-20 02:18:27 +03:00
/*
update license headers in C++ files Summary: Update the copyright & license headers in C++ files to reflect the relicensing to GPLv2 Reviewed By: wez Differential Revision: D15487078 fbshipit-source-id: 19f24c933a64ecad0d3a692d0f8d2a38b4194b1d
2019-06-20 02:58:25 +03:00
* Copyright (c) Facebook, Inc. and its affiliates.
initial code to listen for graceful takeover attempts Summary: This adds a new class which listens on a Unix domain socket for clients that wish to gracefully take over Eden's FUSE mount points. The goal is to eventually enable graceful restart functionality for eden. It would be nice if we could use the existing thrift server socket for this, but thrift doesn't provide low-enough level APIs so that we can send credentials and file descriptors over the socket using SCM_CREDENTIALS and SCM_RIGHTS. Using our own separate socket is the easiest way to accomplish this instead. For now eden just listens on this socket and logs a message when a client connects; this diff does not yet contain logic for performing mount point takeover. Reviewed By: bolinfest Differential Revision: D5827752 fbshipit-source-id: 928e541efa2546cb612da2699ff0bd822bafaad5
2017-11-20 02:18:27 +03:00
*
update license headers in C++ files Summary: Update the copyright & license headers in C++ files to reflect the relicensing to GPLv2 Reviewed By: wez Differential Revision: D15487078 fbshipit-source-id: 19f24c933a64ecad0d3a692d0f8d2a38b4194b1d
2019-06-20 02:58:25 +03:00
* This software may be used and distributed according to the terms of the
* GNU General Public License version 2.
initial code to listen for graceful takeover attempts Summary: This adds a new class which listens on a Unix domain socket for clients that wish to gracefully take over Eden's FUSE mount points. The goal is to eventually enable graceful restart functionality for eden. It would be nice if we could use the existing thrift server socket for this, but thrift doesn't provide low-enough level APIs so that we can send credentials and file descriptors over the socket using SCM_CREDENTIALS and SCM_RIGHTS. Using our own separate socket is the easiest way to accomplish this instead. For now eden just listens on this socket and logs a message when a client connects; this diff does not yet contain logic for performing mount point takeover. Reviewed By: bolinfest Differential Revision: D5827752 fbshipit-source-id: 928e541efa2546cb612da2699ff0bd822bafaad5
2017-11-20 02:18:27 +03:00
*/
Tidy up license headers Reviewed By: chadaustin Differential Revision: D17872966 fbshipit-source-id: cd60a364a2146f0dadbeca693b1d4a5d7c97ff63
2019-10-11 15:26:59 +03:00
fs: ifdef linux/macos only files Summary: These don't compile on Windows, and in order to get mode/win to compile, we need to avoid compiling their contents. Ideally, we could do that in the TARGETS files with the select statement, but that's not available in fbcode. Thus, we do the next best thing: ifdef the file entirely. Reviewed By: wez Differential Revision: D23871728 fbshipit-source-id: b4d9df6503eaa008e649afd7bdc665cd37a9585d
2020-09-23 22:18:56 +03:00
#ifndef _WIN32
initial code to listen for graceful takeover attempts Summary: This adds a new class which listens on a Unix domain socket for clients that wish to gracefully take over Eden's FUSE mount points. The goal is to eventually enable graceful restart functionality for eden. It would be nice if we could use the existing thrift server socket for this, but thrift doesn't provide low-enough level APIs so that we can send credentials and file descriptors over the socket using SCM_CREDENTIALS and SCM_RIGHTS. Using our own separate socket is the easiest way to accomplish this instead. For now eden just listens on this socket and logs a message when a client connects; this diff does not yet contain logic for performing mount point takeover. Reviewed By: bolinfest Differential Revision: D5827752 fbshipit-source-id: 928e541efa2546cb612da2699ff0bd822bafaad5
2017-11-20 02:18:27 +03:00
#include "eden/fs/takeover/TakeoverServer.h"
#include <chrono>
#include <folly/FileUtil.h>
#include <folly/Range.h>
#include <folly/SocketAddress.h>
#include <folly/futures/Future.h>
#include <folly/io/Cursor.h>
#include <folly/io/IOBuf.h>
#include <folly/io/async/EventBase.h>
#include <folly/io/async/EventHandler.h>
move folly/experimental/logging to folly/logging/ Summary: Promote the folly logging code out of the experimental subdirectory. We have been using this for several months in a few projects and are pretty happy with it so far. After moving it out of the experimental/ subdirectory I plan to update folly::Init() to automatically support configuring it via a `--logging` command line flag (similar to the initialization it already does today for glog). Reviewed By: yfeldblum, chadaustin Differential Revision: D7755455 fbshipit-source-id: 052db34c97f7516728f7cbb1a5ad959def2f6efb
2018-05-01 07:20:51 +03:00
#include <folly/logging/xlog.h>
add version handshake to takeover protocol Summary: Whilst chatting with simpkins we realized that we lost the handshake portion of the takeover protocol during a refactor. The handshake is important for a couple of reasons: 1. It prevents unmounting and loosing all the mounts in the case that sometime decides to netcat or otherwise connect to the socket 2. It gives us an opportunity to short circuit any heavy lifting if we know that it will be impossible to succeed. 3. It allows us to rollback to earlier builds with older versions of the takeover protocol. This diff adds a little bit of machinery to enable passing a set of supported takeover protocol version numbers. The intent is to retain support for the two of these at a time; any time we change the encoding/protocol for takeover we'll bump the version number and add supporting code to handle the new format, retaining support for the prior version. Retaining the ability to handle the prior version allows us to downgrade to an earlier build gracefully if/when the need arises. I opted to do this here rather than by bumping the `kProtocolID` constant in `UnixSocket.h` becase we're not really changing the lowest level of the protocol; just the takeover specific portions. I haven't actually changed the takeover serialization in this diff, but do have some work on that happening in D6733406; that diff will be amended to take advantage and demonstrate how this versioning scheme works. A key thing to note about the implementation of this diff is that the client sends the version number to the server, but doesn't add any explicit version encoding in the response we receive. This is deliberate and allows us to upgrade prior builds to this new scheme. I'll add a more definitive check for this situation when I actually rev the format in the following diff. Reviewed By: simpkins Differential Revision: D6743065 fbshipit-source-id: c991cebfee918daad098105ca6bcfef76374c0ff
2018-01-31 01:16:05 +03:00
#include <thrift/lib/cpp2/protocol/Serializer.h>
update the takeover code to use the new UnixSocket helper class Summary: Update the TakeoverClient and TakeoverServer code to use the new UnixSocket helper class for exchanging messages, file descriptors, and credential information. This does not change the message serialization code much yet, it merely changes the code to use the UnixSocket class for I/O. Reviewed By: wez Differential Revision: D6494979 fbshipit-source-id: 3129fe8605b1b3b7a24e6e84e94dccf3ea2b4170
2018-01-06 00:34:25 +03:00
initial code to listen for graceful takeover attempts Summary: This adds a new class which listens on a Unix domain socket for clients that wish to gracefully take over Eden's FUSE mount points. The goal is to eventually enable graceful restart functionality for eden. It would be nice if we could use the existing thrift server socket for this, but thrift doesn't provide low-enough level APIs so that we can send credentials and file descriptors over the socket using SCM_CREDENTIALS and SCM_RIGHTS. Using our own separate socket is the easiest way to accomplish this instead. For now eden just listens on this socket and logs a message when a client connects; this diff does not yet contain logic for performing mount point takeover. Reviewed By: bolinfest Differential Revision: D5827752 fbshipit-source-id: 928e541efa2546cb612da2699ff0bd822bafaad5
2017-11-20 02:18:27 +03:00
#include "eden/fs/takeover/TakeoverData.h"
#include "eden/fs/takeover/TakeoverHandler.h"
update the takeover code to use the new UnixSocket helper class Summary: Update the TakeoverClient and TakeoverServer code to use the new UnixSocket helper class for exchanging messages, file descriptors, and credential information. This does not change the message serialization code much yet, it merely changes the code to use the UnixSocket class for I/O. Reviewed By: wez Differential Revision: D6494979 fbshipit-source-id: 3129fe8605b1b3b7a24e6e84e94dccf3ea2b4170
2018-01-06 00:34:25 +03:00
#include "eden/fs/utils/FutureUnixSocket.h"
initial code to listen for graceful takeover attempts Summary: This adds a new class which listens on a Unix domain socket for clients that wish to gracefully take over Eden's FUSE mount points. The goal is to eventually enable graceful restart functionality for eden. It would be nice if we could use the existing thrift server socket for this, but thrift doesn't provide low-enough level APIs so that we can send credentials and file descriptors over the socket using SCM_CREDENTIALS and SCM_RIGHTS. Using our own separate socket is the easiest way to accomplish this instead. For now eden just listens on this socket and logs a message when a client connects; this diff does not yet contain logic for performing mount point takeover. Reviewed By: bolinfest Differential Revision: D5827752 fbshipit-source-id: 928e541efa2546cb612da2699ff0bd822bafaad5
2017-11-20 02:18:27 +03:00
add version handshake to takeover protocol Summary: Whilst chatting with simpkins we realized that we lost the handshake portion of the takeover protocol during a refactor. The handshake is important for a couple of reasons: 1. It prevents unmounting and loosing all the mounts in the case that sometime decides to netcat or otherwise connect to the socket 2. It gives us an opportunity to short circuit any heavy lifting if we know that it will be impossible to succeed. 3. It allows us to rollback to earlier builds with older versions of the takeover protocol. This diff adds a little bit of machinery to enable passing a set of supported takeover protocol version numbers. The intent is to retain support for the two of these at a time; any time we change the encoding/protocol for takeover we'll bump the version number and add supporting code to handle the new format, retaining support for the prior version. Retaining the ability to handle the prior version allows us to downgrade to an earlier build gracefully if/when the need arises. I opted to do this here rather than by bumping the `kProtocolID` constant in `UnixSocket.h` becase we're not really changing the lowest level of the protocol; just the takeover specific portions. I haven't actually changed the takeover serialization in this diff, but do have some work on that happening in D6733406; that diff will be amended to take advantage and demonstrate how this versioning scheme works. A key thing to note about the implementation of this diff is that the client sends the version number to the server, but doesn't add any explicit version encoding in the response we receive. This is deliberate and allows us to upgrade prior builds to this new scheme. I'll add a more definitive check for this situation when I actually rev the format in the following diff. Reviewed By: simpkins Differential Revision: D6743065 fbshipit-source-id: c991cebfee918daad098105ca6bcfef76374c0ff
2018-01-31 01:16:05 +03:00
using apache::thrift::CompactSerializer;
initial code to listen for graceful takeover attempts Summary: This adds a new class which listens on a Unix domain socket for clients that wish to gracefully take over Eden's FUSE mount points. The goal is to eventually enable graceful restart functionality for eden. It would be nice if we could use the existing thrift server socket for this, but thrift doesn't provide low-enough level APIs so that we can send credentials and file descriptors over the socket using SCM_CREDENTIALS and SCM_RIGHTS. Using our own separate socket is the easiest way to accomplish this instead. For now eden just listens on this socket and logs a message when a client connects; this diff does not yet contain logic for performing mount point takeover. Reviewed By: bolinfest Differential Revision: D5827752 fbshipit-source-id: 928e541efa2546cb612da2699ff0bd822bafaad5
2017-11-20 02:18:27 +03:00
using folly::AsyncServerSocket;
run clang-format across eden Summary: ``` find . \( -iname '*.cpp' -o -iname '*.h' \) -exec arc lint --apply-patches {} + ``` Differential Revision: D6820436 fbshipit-source-id: 173c0e3b5c023c1c9276f34e17d732f1dd161892
2018-01-26 22:17:36 +03:00
using folly::exceptionStr;
initial code to listen for graceful takeover attempts Summary: This adds a new class which listens on a Unix domain socket for clients that wish to gracefully take over Eden's FUSE mount points. The goal is to eventually enable graceful restart functionality for eden. It would be nice if we could use the existing thrift server socket for this, but thrift doesn't provide low-enough level APIs so that we can send credentials and file descriptors over the socket using SCM_CREDENTIALS and SCM_RIGHTS. Using our own separate socket is the easiest way to accomplish this instead. For now eden just listens on this socket and logs a message when a client connects; this diff does not yet contain logic for performing mount point takeover. Reviewed By: bolinfest Differential Revision: D5827752 fbshipit-source-id: 928e541efa2546cb612da2699ff0bd822bafaad5
2017-11-20 02:18:27 +03:00
using folly::Future;
run clang-format across eden Summary: ``` find . \( -iname '*.cpp' -o -iname '*.h' \) -exec arc lint --apply-patches {} + ``` Differential Revision: D6820436 fbshipit-source-id: 173c0e3b5c023c1c9276f34e17d732f1dd161892
2018-01-26 22:17:36 +03:00
using folly::makeFuture;
initial code to listen for graceful takeover attempts Summary: This adds a new class which listens on a Unix domain socket for clients that wish to gracefully take over Eden's FUSE mount points. The goal is to eventually enable graceful restart functionality for eden. It would be nice if we could use the existing thrift server socket for this, but thrift doesn't provide low-enough level APIs so that we can send credentials and file descriptors over the socket using SCM_CREDENTIALS and SCM_RIGHTS. Using our own separate socket is the easiest way to accomplish this instead. For now eden just listens on this socket and logs a message when a client connects; this diff does not yet contain logic for performing mount point takeover. Reviewed By: bolinfest Differential Revision: D5827752 fbshipit-source-id: 928e541efa2546cb612da2699ff0bd822bafaad5
2017-11-20 02:18:27 +03:00
using folly::SocketAddress;
using folly::Unit;
add additional takeover "ready" handshake Summary: For graceful restart takeovers, we would like to implement an additional handshake. This handshake will occur right after the takeover data is ready to be sent to the client, but before actually sending it. This is to make sure the old daemon can recover in case of the client not being responsive (the client replies back to the server, and if no response is recieved in 5 seconds, the server will recover). There are a few cases here: * **Server sends ping (two cases discussed below)** I introduced a new ProtocolVersion. Daemons with this change will now have ProtocolVersion4. The Server checks the max version of the client, and if this version is ProtocolVersion4, we know the client can listen for pings. So we will send the ping. Otherwise, we don't send a ping. With this, we will only send pings if we know the client will be listening for one. The case in which a client isn't listening is if we adopt this change and we downgrade past the change. * **Server does not send ping and Client knows to listen for ping** This will be a common case immediately after this change. The client will parse the sent data and check if it matches the "ready" ping, and if it doesn't, the client assumes the server simply sent the Takeover Data. * **Server does not sends ping and Client doesn't know to listen for ping** This is the case before this change. Reviewed By: simpkins Differential Revision: D20290271 fbshipit-source-id: b68e4df6264fb071d770671a80e28c90ddb0d3f2
2020-04-07 19:50:06 +03:00
DEFINE_int32(
pingReceiveTimeout,
5,
"Timeout for receiving ready ping from new process in seconds");
initial code to listen for graceful takeover attempts Summary: This adds a new class which listens on a Unix domain socket for clients that wish to gracefully take over Eden's FUSE mount points. The goal is to eventually enable graceful restart functionality for eden. It would be nice if we could use the existing thrift server socket for this, but thrift doesn't provide low-enough level APIs so that we can send credentials and file descriptors over the socket using SCM_CREDENTIALS and SCM_RIGHTS. Using our own separate socket is the easiest way to accomplish this instead. For now eden just listens on this socket and logs a message when a client connects; this diff does not yet contain logic for performing mount point takeover. Reviewed By: bolinfest Differential Revision: D5827752 fbshipit-source-id: 928e541efa2546cb612da2699ff0bd822bafaad5
2017-11-20 02:18:27 +03:00
namespace facebook {
namespace eden {
/**
* ConnHandler handles a single connection received on the TakeoverServer
* socket.
*/
class TakeoverServer::ConnHandler {
public:
update the takeover code to use the new UnixSocket helper class Summary: Update the TakeoverClient and TakeoverServer code to use the new UnixSocket helper class for exchanging messages, file descriptors, and credential information. This does not change the message serialization code much yet, it merely changes the code to use the UnixSocket class for I/O. Reviewed By: wez Differential Revision: D6494979 fbshipit-source-id: 3129fe8605b1b3b7a24e6e84e94dccf3ea2b4170
2018-01-06 00:34:25 +03:00
ConnHandler(TakeoverServer* server, folly::File socket)
: server_{server}, socket_{server_->getEventBase(), std::move(socket)} {}
initial code to listen for graceful takeover attempts Summary: This adds a new class which listens on a Unix domain socket for clients that wish to gracefully take over Eden's FUSE mount points. The goal is to eventually enable graceful restart functionality for eden. It would be nice if we could use the existing thrift server socket for this, but thrift doesn't provide low-enough level APIs so that we can send credentials and file descriptors over the socket using SCM_CREDENTIALS and SCM_RIGHTS. Using our own separate socket is the easiest way to accomplish this instead. For now eden just listens on this socket and logs a message when a client connects; this diff does not yet contain logic for performing mount point takeover. Reviewed By: bolinfest Differential Revision: D5827752 fbshipit-source-id: 928e541efa2546cb612da2699ff0bd822bafaad5
2017-11-20 02:18:27 +03:00
/**
* start() begins processing data on this connection.
*
* Returns a Future that will complete successfully when this connection
* finishes gracefully taking over the EdenServer's mount points.
*/
add version handshake to takeover protocol Summary: Whilst chatting with simpkins we realized that we lost the handshake portion of the takeover protocol during a refactor. The handshake is important for a couple of reasons: 1. It prevents unmounting and loosing all the mounts in the case that sometime decides to netcat or otherwise connect to the socket 2. It gives us an opportunity to short circuit any heavy lifting if we know that it will be impossible to succeed. 3. It allows us to rollback to earlier builds with older versions of the takeover protocol. This diff adds a little bit of machinery to enable passing a set of supported takeover protocol version numbers. The intent is to retain support for the two of these at a time; any time we change the encoding/protocol for takeover we'll bump the version number and add supporting code to handle the new format, retaining support for the prior version. Retaining the ability to handle the prior version allows us to downgrade to an earlier build gracefully if/when the need arises. I opted to do this here rather than by bumping the `kProtocolID` constant in `UnixSocket.h` becase we're not really changing the lowest level of the protocol; just the takeover specific portions. I haven't actually changed the takeover serialization in this diff, but do have some work on that happening in D6733406; that diff will be amended to take advantage and demonstrate how this versioning scheme works. A key thing to note about the implementation of this diff is that the client sends the version number to the server, but doesn't add any explicit version encoding in the response we receive. This is deliberate and allows us to upgrade prior builds to this new scheme. I'll add a more definitive check for this situation when I actually rev the format in the following diff. Reviewed By: simpkins Differential Revision: D6743065 fbshipit-source-id: c991cebfee918daad098105ca6bcfef76374c0ff
2018-01-31 01:16:05 +03:00
FOLLY_NODISCARD folly::Future<folly::Unit> start() noexcept;
initial code to listen for graceful takeover attempts Summary: This adds a new class which listens on a Unix domain socket for clients that wish to gracefully take over Eden's FUSE mount points. The goal is to eventually enable graceful restart functionality for eden. It would be nice if we could use the existing thrift server socket for this, but thrift doesn't provide low-enough level APIs so that we can send credentials and file descriptors over the socket using SCM_CREDENTIALS and SCM_RIGHTS. Using our own separate socket is the easiest way to accomplish this instead. For now eden just listens on this socket and logs a message when a client connects; this diff does not yet contain logic for performing mount point takeover. Reviewed By: bolinfest Differential Revision: D5827752 fbshipit-source-id: 928e541efa2546cb612da2699ff0bd822bafaad5
2017-11-20 02:18:27 +03:00
private:
add additional takeover "ready" handshake Summary: For graceful restart takeovers, we would like to implement an additional handshake. This handshake will occur right after the takeover data is ready to be sent to the client, but before actually sending it. This is to make sure the old daemon can recover in case of the client not being responsive (the client replies back to the server, and if no response is recieved in 5 seconds, the server will recover). There are a few cases here: * **Server sends ping (two cases discussed below)** I introduced a new ProtocolVersion. Daemons with this change will now have ProtocolVersion4. The Server checks the max version of the client, and if this version is ProtocolVersion4, we know the client can listen for pings. So we will send the ping. Otherwise, we don't send a ping. With this, we will only send pings if we know the client will be listening for one. The case in which a client isn't listening is if we adopt this change and we downgrade past the change. * **Server does not send ping and Client knows to listen for ping** This will be a common case immediately after this change. The client will parse the sent data and check if it matches the "ready" ping, and if it doesn't, the client assumes the server simply sent the Takeover Data. * **Server does not sends ping and Client doesn't know to listen for ping** This is the case before this change. Reviewed By: simpkins Differential Revision: D20290271 fbshipit-source-id: b68e4df6264fb071d770671a80e28c90ddb0d3f2
2020-04-07 19:50:06 +03:00
FOLLY_NODISCARD folly::Future<folly::Unit> sendError(
const folly::exception_wrapper& error);
FOLLY_NODISCARD folly::Future<folly::Unit> pingThenSendTakeoverData(
TakeoverData&& data);
add version handshake to takeover protocol Summary: Whilst chatting with simpkins we realized that we lost the handshake portion of the takeover protocol during a refactor. The handshake is important for a couple of reasons: 1. It prevents unmounting and loosing all the mounts in the case that sometime decides to netcat or otherwise connect to the socket 2. It gives us an opportunity to short circuit any heavy lifting if we know that it will be impossible to succeed. 3. It allows us to rollback to earlier builds with older versions of the takeover protocol. This diff adds a little bit of machinery to enable passing a set of supported takeover protocol version numbers. The intent is to retain support for the two of these at a time; any time we change the encoding/protocol for takeover we'll bump the version number and add supporting code to handle the new format, retaining support for the prior version. Retaining the ability to handle the prior version allows us to downgrade to an earlier build gracefully if/when the need arises. I opted to do this here rather than by bumping the `kProtocolID` constant in `UnixSocket.h` becase we're not really changing the lowest level of the protocol; just the takeover specific portions. I haven't actually changed the takeover serialization in this diff, but do have some work on that happening in D6733406; that diff will be amended to take advantage and demonstrate how this versioning scheme works. A key thing to note about the implementation of this diff is that the client sends the version number to the server, but doesn't add any explicit version encoding in the response we receive. This is deliberate and allows us to upgrade prior builds to this new scheme. I'll add a more definitive check for this situation when I actually rev the format in the following diff. Reviewed By: simpkins Differential Revision: D6743065 fbshipit-source-id: c991cebfee918daad098105ca6bcfef76374c0ff
2018-01-31 01:16:05 +03:00
FOLLY_NODISCARD folly::Future<folly::Unit> sendTakeoverData(
add additional takeover "ready" handshake Summary: For graceful restart takeovers, we would like to implement an additional handshake. This handshake will occur right after the takeover data is ready to be sent to the client, but before actually sending it. This is to make sure the old daemon can recover in case of the client not being responsive (the client replies back to the server, and if no response is recieved in 5 seconds, the server will recover). There are a few cases here: * **Server sends ping (two cases discussed below)** I introduced a new ProtocolVersion. Daemons with this change will now have ProtocolVersion4. The Server checks the max version of the client, and if this version is ProtocolVersion4, we know the client can listen for pings. So we will send the ping. Otherwise, we don't send a ping. With this, we will only send pings if we know the client will be listening for one. The case in which a client isn't listening is if we adopt this change and we downgrade past the change. * **Server does not send ping and Client knows to listen for ping** This will be a common case immediately after this change. The client will parse the sent data and check if it matches the "ready" ping, and if it doesn't, the client assumes the server simply sent the Takeover Data. * **Server does not sends ping and Client doesn't know to listen for ping** This is the case before this change. Reviewed By: simpkins Differential Revision: D20290271 fbshipit-source-id: b68e4df6264fb071d770671a80e28c90ddb0d3f2
2020-04-07 19:50:06 +03:00
TakeoverData&& data);
initial code to listen for graceful takeover attempts Summary: This adds a new class which listens on a Unix domain socket for clients that wish to gracefully take over Eden's FUSE mount points. The goal is to eventually enable graceful restart functionality for eden. It would be nice if we could use the existing thrift server socket for this, but thrift doesn't provide low-enough level APIs so that we can send credentials and file descriptors over the socket using SCM_CREDENTIALS and SCM_RIGHTS. Using our own separate socket is the easiest way to accomplish this instead. For now eden just listens on this socket and logs a message when a client connects; this diff does not yet contain logic for performing mount point takeover. Reviewed By: bolinfest Differential Revision: D5827752 fbshipit-source-id: 928e541efa2546cb612da2699ff0bd822bafaad5
2017-11-20 02:18:27 +03:00
template <typename... Args>
[[noreturn]] void fail(Args&&... args) {
auto msg = folly::to<std::string>(std::forward<Args>(args)...);
XLOG(ERR) << "takeover socket error: " << msg;
throw std::runtime_error(msg);
}
add additional takeover "ready" handshake Summary: For graceful restart takeovers, we would like to implement an additional handshake. This handshake will occur right after the takeover data is ready to be sent to the client, but before actually sending it. This is to make sure the old daemon can recover in case of the client not being responsive (the client replies back to the server, and if no response is recieved in 5 seconds, the server will recover). There are a few cases here: * **Server sends ping (two cases discussed below)** I introduced a new ProtocolVersion. Daemons with this change will now have ProtocolVersion4. The Server checks the max version of the client, and if this version is ProtocolVersion4, we know the client can listen for pings. So we will send the ping. Otherwise, we don't send a ping. With this, we will only send pings if we know the client will be listening for one. The case in which a client isn't listening is if we adopt this change and we downgrade past the change. * **Server does not send ping and Client knows to listen for ping** This will be a common case immediately after this change. The client will parse the sent data and check if it matches the "ready" ping, and if it doesn't, the client assumes the server simply sent the Takeover Data. * **Server does not sends ping and Client doesn't know to listen for ping** This is the case before this change. Reviewed By: simpkins Differential Revision: D20290271 fbshipit-source-id: b68e4df6264fb071d770671a80e28c90ddb0d3f2
2020-04-07 19:50:06 +03:00
bool shouldPing_{false};
update the takeover code to use the new UnixSocket helper class Summary: Update the TakeoverClient and TakeoverServer code to use the new UnixSocket helper class for exchanging messages, file descriptors, and credential information. This does not change the message serialization code much yet, it merely changes the code to use the UnixSocket class for I/O. Reviewed By: wez Differential Revision: D6494979 fbshipit-source-id: 3129fe8605b1b3b7a24e6e84e94dccf3ea2b4170
2018-01-06 00:34:25 +03:00
TakeoverServer* const server_{nullptr};
FutureUnixSocket socket_;
add version handshake to takeover protocol Summary: Whilst chatting with simpkins we realized that we lost the handshake portion of the takeover protocol during a refactor. The handshake is important for a couple of reasons: 1. It prevents unmounting and loosing all the mounts in the case that sometime decides to netcat or otherwise connect to the socket 2. It gives us an opportunity to short circuit any heavy lifting if we know that it will be impossible to succeed. 3. It allows us to rollback to earlier builds with older versions of the takeover protocol. This diff adds a little bit of machinery to enable passing a set of supported takeover protocol version numbers. The intent is to retain support for the two of these at a time; any time we change the encoding/protocol for takeover we'll bump the version number and add supporting code to handle the new format, retaining support for the prior version. Retaining the ability to handle the prior version allows us to downgrade to an earlier build gracefully if/when the need arises. I opted to do this here rather than by bumping the `kProtocolID` constant in `UnixSocket.h` becase we're not really changing the lowest level of the protocol; just the takeover specific portions. I haven't actually changed the takeover serialization in this diff, but do have some work on that happening in D6733406; that diff will be amended to take advantage and demonstrate how this versioning scheme works. A key thing to note about the implementation of this diff is that the client sends the version number to the server, but doesn't add any explicit version encoding in the response we receive. This is deliberate and allows us to upgrade prior builds to this new scheme. I'll add a more definitive check for this situation when I actually rev the format in the following diff. Reviewed By: simpkins Differential Revision: D6743065 fbshipit-source-id: c991cebfee918daad098105ca6bcfef76374c0ff
2018-01-31 01:16:05 +03:00
int32_t protocolVersion_{
TakeoverData::kTakeoverProtocolVersionNeverSupported};
initial code to listen for graceful takeover attempts Summary: This adds a new class which listens on a Unix domain socket for clients that wish to gracefully take over Eden's FUSE mount points. The goal is to eventually enable graceful restart functionality for eden. It would be nice if we could use the existing thrift server socket for this, but thrift doesn't provide low-enough level APIs so that we can send credentials and file descriptors over the socket using SCM_CREDENTIALS and SCM_RIGHTS. Using our own separate socket is the easiest way to accomplish this instead. For now eden just listens on this socket and logs a message when a client connects; this diff does not yet contain logic for performing mount point takeover. Reviewed By: bolinfest Differential Revision: D5827752 fbshipit-source-id: 928e541efa2546cb612da2699ff0bd822bafaad5
2017-11-20 02:18:27 +03:00
};
update the takeover code to use the new UnixSocket helper class Summary: Update the TakeoverClient and TakeoverServer code to use the new UnixSocket helper class for exchanging messages, file descriptors, and credential information. This does not change the message serialization code much yet, it merely changes the code to use the UnixSocket class for I/O. Reviewed By: wez Differential Revision: D6494979 fbshipit-source-id: 3129fe8605b1b3b7a24e6e84e94dccf3ea2b4170
2018-01-06 00:34:25 +03:00
Future<Unit> TakeoverServer::ConnHandler::start() noexcept {
try {
// Check the remote endpoint's credentials.
// We only allow transferring our mount points to another process
// owned by the same user.
auto uid = socket_.getRemoteUID();
if (uid != getuid()) {
return makeFuture<Unit>(std::runtime_error(folly::to<std::string>(
"invalid takeover request from incorrect user: current UID=",
getuid(),
", got request from UID ",
uid)));
initial code to listen for graceful takeover attempts Summary: This adds a new class which listens on a Unix domain socket for clients that wish to gracefully take over Eden's FUSE mount points. The goal is to eventually enable graceful restart functionality for eden. It would be nice if we could use the existing thrift server socket for this, but thrift doesn't provide low-enough level APIs so that we can send credentials and file descriptors over the socket using SCM_CREDENTIALS and SCM_RIGHTS. Using our own separate socket is the easiest way to accomplish this instead. For now eden just listens on this socket and logs a message when a client connects; this diff does not yet contain logic for performing mount point takeover. Reviewed By: bolinfest Differential Revision: D5827752 fbshipit-source-id: 928e541efa2546cb612da2699ff0bd822bafaad5
2017-11-20 02:18:27 +03:00
}
add version handshake to takeover protocol Summary: Whilst chatting with simpkins we realized that we lost the handshake portion of the takeover protocol during a refactor. The handshake is important for a couple of reasons: 1. It prevents unmounting and loosing all the mounts in the case that sometime decides to netcat or otherwise connect to the socket 2. It gives us an opportunity to short circuit any heavy lifting if we know that it will be impossible to succeed. 3. It allows us to rollback to earlier builds with older versions of the takeover protocol. This diff adds a little bit of machinery to enable passing a set of supported takeover protocol version numbers. The intent is to retain support for the two of these at a time; any time we change the encoding/protocol for takeover we'll bump the version number and add supporting code to handle the new format, retaining support for the prior version. Retaining the ability to handle the prior version allows us to downgrade to an earlier build gracefully if/when the need arises. I opted to do this here rather than by bumping the `kProtocolID` constant in `UnixSocket.h` becase we're not really changing the lowest level of the protocol; just the takeover specific portions. I haven't actually changed the takeover serialization in this diff, but do have some work on that happening in D6733406; that diff will be amended to take advantage and demonstrate how this versioning scheme works. A key thing to note about the implementation of this diff is that the client sends the version number to the server, but doesn't add any explicit version encoding in the response we receive. This is deliberate and allows us to upgrade prior builds to this new scheme. I'll add a more definitive check for this situation when I actually rev the format in the following diff. Reviewed By: simpkins Differential Revision: D6743065 fbshipit-source-id: c991cebfee918daad098105ca6bcfef76374c0ff
2018-01-31 01:16:05 +03:00
// Check to see if we are speaking a compatible takeover protocol
// version. If not, error out so that we don't change any state.
// The client should send us the version information, but clients
// prior to the revision where this check was added will never send
// us the version data. We use a short timeout for receiving the
// version data; in practice it will appear immediately or will
// never be received.
auto timeout = std::chrono::seconds(5);
return socket_.receive(timeout)
Future<T>::then 1/n: Future<T>::then(try-task) -> Future<T>::thenTry(task). Summary: Overall plan to modify Future<T>::then to be r-value qualified and use Future<T>::thenTry or Future<T>::thenValue. 1/n: Codemod rvalue-future<T>.then(callable with operator()(Try<T>)) to rvalue-future<T>.thenTry(callable with operator()(Try<T>)). Reviewed By: simpkins Differential Revision: D8961903 fbshipit-source-id: ff17b7833d240c221197cdf0bf914b8a39f80b07
2018-07-24 04:49:06 +03:00
.thenTry([this](folly::Try<UnixSocket::Message>&& msg) {
add version handshake to takeover protocol Summary: Whilst chatting with simpkins we realized that we lost the handshake portion of the takeover protocol during a refactor. The handshake is important for a couple of reasons: 1. It prevents unmounting and loosing all the mounts in the case that sometime decides to netcat or otherwise connect to the socket 2. It gives us an opportunity to short circuit any heavy lifting if we know that it will be impossible to succeed. 3. It allows us to rollback to earlier builds with older versions of the takeover protocol. This diff adds a little bit of machinery to enable passing a set of supported takeover protocol version numbers. The intent is to retain support for the two of these at a time; any time we change the encoding/protocol for takeover we'll bump the version number and add supporting code to handle the new format, retaining support for the prior version. Retaining the ability to handle the prior version allows us to downgrade to an earlier build gracefully if/when the need arises. I opted to do this here rather than by bumping the `kProtocolID` constant in `UnixSocket.h` becase we're not really changing the lowest level of the protocol; just the takeover specific portions. I haven't actually changed the takeover serialization in this diff, but do have some work on that happening in D6733406; that diff will be amended to take advantage and demonstrate how this versioning scheme works. A key thing to note about the implementation of this diff is that the client sends the version number to the server, but doesn't add any explicit version encoding in the response we receive. This is deliberate and allows us to upgrade prior builds to this new scheme. I'll add a more definitive check for this situation when I actually rev the format in the following diff. Reviewed By: simpkins Differential Revision: D6743065 fbshipit-source-id: c991cebfee918daad098105ca6bcfef76374c0ff
2018-01-31 01:16:05 +03:00
if (msg.hasException()) {
// most likely cause: timed out waiting for the client to
// send the protocol version. FutureUnixSocket::receiveTimeout()
// will close the socket unconditionally, so we can't send
// an error message back to the peer. However, for the sake
// of clarity in the control flow we bubble up the error
// as if we could do that.
XLOG(ERR) << "Exception while waiting for takeover version from "
"the client. Most likely reason is a client version "
"mismatch, you may need to perform a full "
"`eden shutdown ; eden daemon` restart to migrate."
<< msg.exception();
return folly::makeFuture<TakeoverData>(msg.exception());
}
auto query =
CompactSerializer::deserialize<TakeoverVersionQuery>(&msg->data);
auto supported =
Migrate to field_ref Thrift API Summary: We are unifying C++ APIs for accessing optional and unqualified fields: https://fb.workplace.com/groups/1730279463893632/permalink/2541675446087359/. This diff migrates code from accessing data members generated from unqualified Thrift fields directly to the `field_ref` API, i.e. replacing ``` thrift_obj.field ``` with ``` *thrift_obj.field_ref() ``` The `_ref` suffixes will be removed in the future once data members are private and names can be reclaimed. The output of this codemod has been reviewed in D20039637. The new API is documented in https://our.intern.facebook.com/intern/wiki/Thrift/FieldAccess/. drop-conflicts Reviewed By: yfeldblum Differential Revision: D22631599 fbshipit-source-id: 9bfcaeb636f34a32fd871c7cd6a2db4a7ace30bf
2020-07-21 21:21:48 +03:00
TakeoverData::computeCompatibleVersion(*query.versions_ref());
add version handshake to takeover protocol Summary: Whilst chatting with simpkins we realized that we lost the handshake portion of the takeover protocol during a refactor. The handshake is important for a couple of reasons: 1. It prevents unmounting and loosing all the mounts in the case that sometime decides to netcat or otherwise connect to the socket 2. It gives us an opportunity to short circuit any heavy lifting if we know that it will be impossible to succeed. 3. It allows us to rollback to earlier builds with older versions of the takeover protocol. This diff adds a little bit of machinery to enable passing a set of supported takeover protocol version numbers. The intent is to retain support for the two of these at a time; any time we change the encoding/protocol for takeover we'll bump the version number and add supporting code to handle the new format, retaining support for the prior version. Retaining the ability to handle the prior version allows us to downgrade to an earlier build gracefully if/when the need arises. I opted to do this here rather than by bumping the `kProtocolID` constant in `UnixSocket.h` becase we're not really changing the lowest level of the protocol; just the takeover specific portions. I haven't actually changed the takeover serialization in this diff, but do have some work on that happening in D6733406; that diff will be amended to take advantage and demonstrate how this versioning scheme works. A key thing to note about the implementation of this diff is that the client sends the version number to the server, but doesn't add any explicit version encoding in the response we receive. This is deliberate and allows us to upgrade prior builds to this new scheme. I'll add a more definitive check for this situation when I actually rev the format in the following diff. Reviewed By: simpkins Differential Revision: D6743065 fbshipit-source-id: c991cebfee918daad098105ca6bcfef76374c0ff
2018-01-31 01:16:05 +03:00
folly::Optional -> std::optional Summary: Eden's on C++17 so fully cross the rubicon! Reviewed By: strager Differential Revision: D10498169 fbshipit-source-id: 90ef7e575db7b9a6f80f818cc9a8e2988bbdca7a
2018-10-24 04:48:38 +03:00
if (!supported.has_value()) {
Migrate to field_ref Thrift API Summary: We are unifying C++ APIs for accessing optional and unqualified fields: https://fb.workplace.com/groups/1730279463893632/permalink/2541675446087359/. This diff migrates code from accessing data members generated from unqualified Thrift fields directly to the `field_ref` API, i.e. replacing ``` thrift_obj.field ``` with ``` *thrift_obj.field_ref() ``` The `_ref` suffixes will be removed in the future once data members are private and names can be reclaimed. The output of this codemod has been reviewed in D20039637. The new API is documented in https://our.intern.facebook.com/intern/wiki/Thrift/FieldAccess/. drop-conflicts Reviewed By: yfeldblum Differential Revision: D22631599 fbshipit-source-id: 9bfcaeb636f34a32fd871c7cd6a2db4a7ace30bf
2020-07-21 21:21:48 +03:00
auto clientVersionList = folly::join(", ", *query.versions_ref());
add version handshake to takeover protocol Summary: Whilst chatting with simpkins we realized that we lost the handshake portion of the takeover protocol during a refactor. The handshake is important for a couple of reasons: 1. It prevents unmounting and loosing all the mounts in the case that sometime decides to netcat or otherwise connect to the socket 2. It gives us an opportunity to short circuit any heavy lifting if we know that it will be impossible to succeed. 3. It allows us to rollback to earlier builds with older versions of the takeover protocol. This diff adds a little bit of machinery to enable passing a set of supported takeover protocol version numbers. The intent is to retain support for the two of these at a time; any time we change the encoding/protocol for takeover we'll bump the version number and add supporting code to handle the new format, retaining support for the prior version. Retaining the ability to handle the prior version allows us to downgrade to an earlier build gracefully if/when the need arises. I opted to do this here rather than by bumping the `kProtocolID` constant in `UnixSocket.h` becase we're not really changing the lowest level of the protocol; just the takeover specific portions. I haven't actually changed the takeover serialization in this diff, but do have some work on that happening in D6733406; that diff will be amended to take advantage and demonstrate how this versioning scheme works. A key thing to note about the implementation of this diff is that the client sends the version number to the server, but doesn't add any explicit version encoding in the response we receive. This is deliberate and allows us to upgrade prior builds to this new scheme. I'll add a more definitive check for this situation when I actually rev the format in the following diff. Reviewed By: simpkins Differential Revision: D6743065 fbshipit-source-id: c991cebfee918daad098105ca6bcfef76374c0ff
2018-01-31 01:16:05 +03:00
auto serverVersionList =
folly::join(", ", kSupportedTakeoverVersions);
return folly::makeFuture<TakeoverData>(
folly::make_exception_wrapper<std::runtime_error>(
folly::to<std::string>(
"The client and the server do not share a common "
"takeover protocol implementation. Use "
"`eden shutdown ; eden daemon` to migrate. "
"clientVersions=[",
clientVersionList,
"], "
"serverVersions=[",
serverVersionList,
"]")));
}
// Initiate the takeover shutdown.
protocolVersion_ = supported.value();
add additional takeover "ready" handshake Summary: For graceful restart takeovers, we would like to implement an additional handshake. This handshake will occur right after the takeover data is ready to be sent to the client, but before actually sending it. This is to make sure the old daemon can recover in case of the client not being responsive (the client replies back to the server, and if no response is recieved in 5 seconds, the server will recover). There are a few cases here: * **Server sends ping (two cases discussed below)** I introduced a new ProtocolVersion. Daemons with this change will now have ProtocolVersion4. The Server checks the max version of the client, and if this version is ProtocolVersion4, we know the client can listen for pings. So we will send the ping. Otherwise, we don't send a ping. With this, we will only send pings if we know the client will be listening for one. The case in which a client isn't listening is if we adopt this change and we downgrade past the change. * **Server does not send ping and Client knows to listen for ping** This will be a common case immediately after this change. The client will parse the sent data and check if it matches the "ready" ping, and if it doesn't, the client assumes the server simply sent the Takeover Data. * **Server does not sends ping and Client doesn't know to listen for ping** This is the case before this change. Reviewed By: simpkins Differential Revision: D20290271 fbshipit-source-id: b68e4df6264fb071d770671a80e28c90ddb0d3f2
2020-04-07 19:50:06 +03:00
shouldPing_ =
(protocolVersion_ == TakeoverData::kTakeoverProtocolVersionFour);
add version handshake to takeover protocol Summary: Whilst chatting with simpkins we realized that we lost the handshake portion of the takeover protocol during a refactor. The handshake is important for a couple of reasons: 1. It prevents unmounting and loosing all the mounts in the case that sometime decides to netcat or otherwise connect to the socket 2. It gives us an opportunity to short circuit any heavy lifting if we know that it will be impossible to succeed. 3. It allows us to rollback to earlier builds with older versions of the takeover protocol. This diff adds a little bit of machinery to enable passing a set of supported takeover protocol version numbers. The intent is to retain support for the two of these at a time; any time we change the encoding/protocol for takeover we'll bump the version number and add supporting code to handle the new format, retaining support for the prior version. Retaining the ability to handle the prior version allows us to downgrade to an earlier build gracefully if/when the need arises. I opted to do this here rather than by bumping the `kProtocolID` constant in `UnixSocket.h` becase we're not really changing the lowest level of the protocol; just the takeover specific portions. I haven't actually changed the takeover serialization in this diff, but do have some work on that happening in D6733406; that diff will be amended to take advantage and demonstrate how this versioning scheme works. A key thing to note about the implementation of this diff is that the client sends the version number to the server, but doesn't add any explicit version encoding in the response we receive. This is deliberate and allows us to upgrade prior builds to this new scheme. I'll add a more definitive check for this situation when I actually rev the format in the following diff. Reviewed By: simpkins Differential Revision: D6743065 fbshipit-source-id: c991cebfee918daad098105ca6bcfef76374c0ff
2018-01-31 01:16:05 +03:00
return server_->getTakeoverHandler()->startTakeoverShutdown();
})
Replace Future::then(e, f) with Future::then(V/T)Inline(makeAsyncTask(e, f)) Summary: Remove calls to Future::then(executor, callback). This form of Future::then is ambiguous, and does not yet implement the stronger typing of thenValue and thenTry. It is also tempting to use instead of via, where it is not obvious that it has the behaviour of wrapping a via call in a push and pop of the current executor: .pushCurrentExecutor().via(executor).then(callback).popCurrentExecutor(). With the addition of inline continuations, we can instead make the nesting explicit at low cost by making it an inline continuation that launches an asynchronous task on the passed executor. Reviewed By: yfeldblum Differential Revision: D15487604 fbshipit-source-id: 24b83f56c4f3e8843a6ce8339c70ff4794500d5b
2019-05-27 05:41:34 +03:00
.thenTryInline(folly::makeAsyncTask(
server_->eventBase_, [this](folly::Try<TakeoverData>&& data) {
add additional takeover "ready" handshake Summary: For graceful restart takeovers, we would like to implement an additional handshake. This handshake will occur right after the takeover data is ready to be sent to the client, but before actually sending it. This is to make sure the old daemon can recover in case of the client not being responsive (the client replies back to the server, and if no response is recieved in 5 seconds, the server will recover). There are a few cases here: * **Server sends ping (two cases discussed below)** I introduced a new ProtocolVersion. Daemons with this change will now have ProtocolVersion4. The Server checks the max version of the client, and if this version is ProtocolVersion4, we know the client can listen for pings. So we will send the ping. Otherwise, we don't send a ping. With this, we will only send pings if we know the client will be listening for one. The case in which a client isn't listening is if we adopt this change and we downgrade past the change. * **Server does not send ping and Client knows to listen for ping** This will be a common case immediately after this change. The client will parse the sent data and check if it matches the "ready" ping, and if it doesn't, the client assumes the server simply sent the Takeover Data. * **Server does not sends ping and Client doesn't know to listen for ping** This is the case before this change. Reviewed By: simpkins Differential Revision: D20290271 fbshipit-source-id: b68e4df6264fb071d770671a80e28c90ddb0d3f2
2020-04-07 19:50:06 +03:00
if (!data.hasValue()) {
return sendError(data.exception());
}
if (shouldPing_) {
XLOG(DBG7) << "sending ready ping to takeover client";
return pingThenSendTakeoverData(std::move(data.value()));
} else {
XLOG(DBG7) << "not sending ready ping to takeover client";
return sendTakeoverData(std::move(data.value()));
}
Replace Future::then(e, f) with Future::then(V/T)Inline(makeAsyncTask(e, f)) Summary: Remove calls to Future::then(executor, callback). This form of Future::then is ambiguous, and does not yet implement the stronger typing of thenValue and thenTry. It is also tempting to use instead of via, where it is not obvious that it has the behaviour of wrapping a via call in a push and pop of the current executor: .pushCurrentExecutor().via(executor).then(callback).popCurrentExecutor(). With the addition of inline continuations, we can instead make the nesting explicit at low cost by making it an inline continuation that launches an asynchronous task on the passed executor. Reviewed By: yfeldblum Differential Revision: D15487604 fbshipit-source-id: 24b83f56c4f3e8843a6ce8339c70ff4794500d5b
2019-05-27 05:41:34 +03:00
}));
update the takeover code to use the new UnixSocket helper class Summary: Update the TakeoverClient and TakeoverServer code to use the new UnixSocket helper class for exchanging messages, file descriptors, and credential information. This does not change the message serialization code much yet, it merely changes the code to use the UnixSocket class for I/O. Reviewed By: wez Differential Revision: D6494979 fbshipit-source-id: 3129fe8605b1b3b7a24e6e84e94dccf3ea2b4170
2018-01-06 00:34:25 +03:00
} catch (const std::exception& ex) {
return makeFuture<Unit>(
folly::exception_wrapper{std::current_exception(), ex});
initial code to listen for graceful takeover attempts Summary: This adds a new class which listens on a Unix domain socket for clients that wish to gracefully take over Eden's FUSE mount points. The goal is to eventually enable graceful restart functionality for eden. It would be nice if we could use the existing thrift server socket for this, but thrift doesn't provide low-enough level APIs so that we can send credentials and file descriptors over the socket using SCM_CREDENTIALS and SCM_RIGHTS. Using our own separate socket is the easiest way to accomplish this instead. For now eden just listens on this socket and logs a message when a client connects; this diff does not yet contain logic for performing mount point takeover. Reviewed By: bolinfest Differential Revision: D5827752 fbshipit-source-id: 928e541efa2546cb612da2699ff0bd822bafaad5
2017-11-20 02:18:27 +03:00
}
}
add additional takeover "ready" handshake Summary: For graceful restart takeovers, we would like to implement an additional handshake. This handshake will occur right after the takeover data is ready to be sent to the client, but before actually sending it. This is to make sure the old daemon can recover in case of the client not being responsive (the client replies back to the server, and if no response is recieved in 5 seconds, the server will recover). There are a few cases here: * **Server sends ping (two cases discussed below)** I introduced a new ProtocolVersion. Daemons with this change will now have ProtocolVersion4. The Server checks the max version of the client, and if this version is ProtocolVersion4, we know the client can listen for pings. So we will send the ping. Otherwise, we don't send a ping. With this, we will only send pings if we know the client will be listening for one. The case in which a client isn't listening is if we adopt this change and we downgrade past the change. * **Server does not send ping and Client knows to listen for ping** This will be a common case immediately after this change. The client will parse the sent data and check if it matches the "ready" ping, and if it doesn't, the client assumes the server simply sent the Takeover Data. * **Server does not sends ping and Client doesn't know to listen for ping** This is the case before this change. Reviewed By: simpkins Differential Revision: D20290271 fbshipit-source-id: b68e4df6264fb071d770671a80e28c90ddb0d3f2
2020-04-07 19:50:06 +03:00
Future<Unit> TakeoverServer::ConnHandler::sendError(
const folly::exception_wrapper& error) {
XLOG(ERR) << "error while performing takeover shutdown: " << error;
if (socket_) {
// Send the error to the client.
return socket_.send(TakeoverData::serializeError(protocolVersion_, error));
update the takeover code to use the new UnixSocket helper class Summary: Update the TakeoverClient and TakeoverServer code to use the new UnixSocket helper class for exchanging messages, file descriptors, and credential information. This does not change the message serialization code much yet, it merely changes the code to use the UnixSocket class for I/O. Reviewed By: wez Differential Revision: D6494979 fbshipit-source-id: 3129fe8605b1b3b7a24e6e84e94dccf3ea2b4170
2018-01-06 00:34:25 +03:00
}
add additional takeover "ready" handshake Summary: For graceful restart takeovers, we would like to implement an additional handshake. This handshake will occur right after the takeover data is ready to be sent to the client, but before actually sending it. This is to make sure the old daemon can recover in case of the client not being responsive (the client replies back to the server, and if no response is recieved in 5 seconds, the server will recover). There are a few cases here: * **Server sends ping (two cases discussed below)** I introduced a new ProtocolVersion. Daemons with this change will now have ProtocolVersion4. The Server checks the max version of the client, and if this version is ProtocolVersion4, we know the client can listen for pings. So we will send the ping. Otherwise, we don't send a ping. With this, we will only send pings if we know the client will be listening for one. The case in which a client isn't listening is if we adopt this change and we downgrade past the change. * **Server does not send ping and Client knows to listen for ping** This will be a common case immediately after this change. The client will parse the sent data and check if it matches the "ready" ping, and if it doesn't, the client assumes the server simply sent the Takeover Data. * **Server does not sends ping and Client doesn't know to listen for ping** This is the case before this change. Reviewed By: simpkins Differential Revision: D20290271 fbshipit-source-id: b68e4df6264fb071d770671a80e28c90ddb0d3f2
2020-04-07 19:50:06 +03:00
// Socket was closed (likely by a receive timeout above), so don't
// try to send again in here lest we break; instead just pass up
// the error.
return makeFuture<Unit>(error);
}
initial code to listen for graceful takeover attempts Summary: This adds a new class which listens on a Unix domain socket for clients that wish to gracefully take over Eden's FUSE mount points. The goal is to eventually enable graceful restart functionality for eden. It would be nice if we could use the existing thrift server socket for this, but thrift doesn't provide low-enough level APIs so that we can send credentials and file descriptors over the socket using SCM_CREDENTIALS and SCM_RIGHTS. Using our own separate socket is the easiest way to accomplish this instead. For now eden just listens on this socket and logs a message when a client connects; this diff does not yet contain logic for performing mount point takeover. Reviewed By: bolinfest Differential Revision: D5827752 fbshipit-source-id: 928e541efa2546cb612da2699ff0bd822bafaad5
2017-11-20 02:18:27 +03:00
add additional takeover "ready" handshake Summary: For graceful restart takeovers, we would like to implement an additional handshake. This handshake will occur right after the takeover data is ready to be sent to the client, but before actually sending it. This is to make sure the old daemon can recover in case of the client not being responsive (the client replies back to the server, and if no response is recieved in 5 seconds, the server will recover). There are a few cases here: * **Server sends ping (two cases discussed below)** I introduced a new ProtocolVersion. Daemons with this change will now have ProtocolVersion4. The Server checks the max version of the client, and if this version is ProtocolVersion4, we know the client can listen for pings. So we will send the ping. Otherwise, we don't send a ping. With this, we will only send pings if we know the client will be listening for one. The case in which a client isn't listening is if we adopt this change and we downgrade past the change. * **Server does not send ping and Client knows to listen for ping** This will be a common case immediately after this change. The client will parse the sent data and check if it matches the "ready" ping, and if it doesn't, the client assumes the server simply sent the Takeover Data. * **Server does not sends ping and Client doesn't know to listen for ping** This is the case before this change. Reviewed By: simpkins Differential Revision: D20290271 fbshipit-source-id: b68e4df6264fb071d770671a80e28c90ddb0d3f2
2020-04-07 19:50:06 +03:00
Future<Unit> TakeoverServer::ConnHandler::pingThenSendTakeoverData(
TakeoverData&& data) {
// Send a message to ping the takeover client process.
// This ensures that the client is still connected and ready to receive data.
// If the client disconnected while we were pausing our checkout mounts and
// preparing the takeover, we want to resume our mounts rather than trying to
// transfer them to to the now-disconnected process.
UnixSocket::Message msg;
msg.data = TakeoverData::serializePing();
return socket_.send(std::move(msg))
.thenValue([this](auto&&) {
add fault injection to TakeoverServer Summary: This allows for fault injection into the TakeoverServer, which will be helpful when trying to mock a failed "ready" handshake (this will be used by injecting an error, not a timeout). Reviewed By: simpkins Differential Revision: D20527046 fbshipit-source-id: 24d493fdac620c759c98b050b6cec6b88587789a
2020-04-07 19:50:06 +03:00
// Wait for the ping reply. Here we just give it a few seconds to
// respond.
add additional takeover "ready" handshake Summary: For graceful restart takeovers, we would like to implement an additional handshake. This handshake will occur right after the takeover data is ready to be sent to the client, but before actually sending it. This is to make sure the old daemon can recover in case of the client not being responsive (the client replies back to the server, and if no response is recieved in 5 seconds, the server will recover). There are a few cases here: * **Server sends ping (two cases discussed below)** I introduced a new ProtocolVersion. Daemons with this change will now have ProtocolVersion4. The Server checks the max version of the client, and if this version is ProtocolVersion4, we know the client can listen for pings. So we will send the ping. Otherwise, we don't send a ping. With this, we will only send pings if we know the client will be listening for one. The case in which a client isn't listening is if we adopt this change and we downgrade past the change. * **Server does not send ping and Client knows to listen for ping** This will be a common case immediately after this change. The client will parse the sent data and check if it matches the "ready" ping, and if it doesn't, the client assumes the server simply sent the Takeover Data. * **Server does not sends ping and Client doesn't know to listen for ping** This is the case before this change. Reviewed By: simpkins Differential Revision: D20290271 fbshipit-source-id: b68e4df6264fb071d770671a80e28c90ddb0d3f2
2020-04-07 19:50:06 +03:00
auto timeout = std::chrono::seconds(FLAGS_pingReceiveTimeout);
add fault injection to TakeoverServer Summary: This allows for fault injection into the TakeoverServer, which will be helpful when trying to mock a failed "ready" handshake (this will be used by injecting an error, not a timeout). Reviewed By: simpkins Differential Revision: D20527046 fbshipit-source-id: 24d493fdac620c759c98b050b6cec6b88587789a
2020-04-07 19:50:06 +03:00
return server_->faultInjector_.checkAsync("takeover", "ping_receive")
.via(server_->eventBase_)
.thenValue(
[this, timeout](auto&&) { return socket_.receive(timeout); });
add additional takeover "ready" handshake Summary: For graceful restart takeovers, we would like to implement an additional handshake. This handshake will occur right after the takeover data is ready to be sent to the client, but before actually sending it. This is to make sure the old daemon can recover in case of the client not being responsive (the client replies back to the server, and if no response is recieved in 5 seconds, the server will recover). There are a few cases here: * **Server sends ping (two cases discussed below)** I introduced a new ProtocolVersion. Daemons with this change will now have ProtocolVersion4. The Server checks the max version of the client, and if this version is ProtocolVersion4, we know the client can listen for pings. So we will send the ping. Otherwise, we don't send a ping. With this, we will only send pings if we know the client will be listening for one. The case in which a client isn't listening is if we adopt this change and we downgrade past the change. * **Server does not send ping and Client knows to listen for ping** This will be a common case immediately after this change. The client will parse the sent data and check if it matches the "ready" ping, and if it doesn't, the client assumes the server simply sent the Takeover Data. * **Server does not sends ping and Client doesn't know to listen for ping** This is the case before this change. Reviewed By: simpkins Differential Revision: D20290271 fbshipit-source-id: b68e4df6264fb071d770671a80e28c90ddb0d3f2
2020-04-07 19:50:06 +03:00
})
.thenTryInline(folly::makeAsyncTask(
server_->eventBase_,
[this, data = std::move(data)](
folly::Try<UnixSocket::Message>&& msg) mutable {
if (msg.hasException()) {
// If we got an exception on sending or receiving here, we should
add EdenServer recovery step and recover after failed takeover data send handshake Summary: * This adds a `EdenServer::recover()` method to start back up on unsuccessful takeover data send. * On an unsuccessful ping, filfill the `shutdownPromise` with a `TakeoverSendError` continaing the constructed `TakeoverData`. After this `recover` function is called, `takeoverPromise_` is reset, `takeoverShutdown` is set to `false`, and the `runningState_` is set to `RUNNING`. With taking over from the returned `TakeoverData`, the user will not encounter `Transport not connected` errors on recovery. * This adds a `EdenServer::closeStorage()` method to defer closing the `backingStore_` and `localStore_` until after our ready handshake is successful. * This defers the shutdown of the `PrivHelper` until a successful ready handshake. I also update the takeover documentation here with the new logic (and fix some formatting issues) Reviewed By: simpkins Differential Revision: D20433433 fbshipit-source-id: f59e660922674d281957e80aee5049735b901a2c
2020-04-07 19:50:06 +03:00
// bubble up an exception and recover.
// We must save the original takeoverComplete promise
// since we will move the TakeoverData into the takeoverComplete
// promise and the EdenServer waits on this to be fulfilled to
// determine to recover or not
auto takeoverPromise = std::move(data.takeoverComplete);
takeoverPromise.setValue(std::move(data));
add additional takeover "ready" handshake Summary: For graceful restart takeovers, we would like to implement an additional handshake. This handshake will occur right after the takeover data is ready to be sent to the client, but before actually sending it. This is to make sure the old daemon can recover in case of the client not being responsive (the client replies back to the server, and if no response is recieved in 5 seconds, the server will recover). There are a few cases here: * **Server sends ping (two cases discussed below)** I introduced a new ProtocolVersion. Daemons with this change will now have ProtocolVersion4. The Server checks the max version of the client, and if this version is ProtocolVersion4, we know the client can listen for pings. So we will send the ping. Otherwise, we don't send a ping. With this, we will only send pings if we know the client will be listening for one. The case in which a client isn't listening is if we adopt this change and we downgrade past the change. * **Server does not send ping and Client knows to listen for ping** This will be a common case immediately after this change. The client will parse the sent data and check if it matches the "ready" ping, and if it doesn't, the client assumes the server simply sent the Takeover Data. * **Server does not sends ping and Client doesn't know to listen for ping** This is the case before this change. Reviewed By: simpkins Differential Revision: D20290271 fbshipit-source-id: b68e4df6264fb071d770671a80e28c90ddb0d3f2
2020-04-07 19:50:06 +03:00
return makeFuture<Unit>(msg.exception());
}
return sendTakeoverData(std::move(data));
}));
}
Future<Unit> TakeoverServer::ConnHandler::sendTakeoverData(
TakeoverData&& data) {
add EdenServer recovery step and recover after failed takeover data send handshake Summary: * This adds a `EdenServer::recover()` method to start back up on unsuccessful takeover data send. * On an unsuccessful ping, filfill the `shutdownPromise` with a `TakeoverSendError` continaing the constructed `TakeoverData`. After this `recover` function is called, `takeoverPromise_` is reset, `takeoverShutdown` is set to `false`, and the `runningState_` is set to `RUNNING`. With taking over from the returned `TakeoverData`, the user will not encounter `Transport not connected` errors on recovery. * This adds a `EdenServer::closeStorage()` method to defer closing the `backingStore_` and `localStore_` until after our ready handshake is successful. * This defers the shutdown of the `PrivHelper` until a successful ready handshake. I also update the takeover documentation here with the new logic (and fix some formatting issues) Reviewed By: simpkins Differential Revision: D20433433 fbshipit-source-id: f59e660922674d281957e80aee5049735b901a2c
2020-04-07 19:50:06 +03:00
// Before sending the takeover data, we must close the server's
// local and backing store. This is important for ensuring the RocksDB
// lock is released so the client can take over.
server_->getTakeoverHandler()->closeStorage();
update the takeover code to use the new UnixSocket helper class Summary: Update the TakeoverClient and TakeoverServer code to use the new UnixSocket helper class for exchanging messages, file descriptors, and credential information. This does not change the message serialization code much yet, it merely changes the code to use the UnixSocket class for I/O. Reviewed By: wez Differential Revision: D6494979 fbshipit-source-id: 3129fe8605b1b3b7a24e6e84e94dccf3ea2b4170
2018-01-06 00:34:25 +03:00
UnixSocket::Message msg;
try {
add version handshake to takeover protocol Summary: Whilst chatting with simpkins we realized that we lost the handshake portion of the takeover protocol during a refactor. The handshake is important for a couple of reasons: 1. It prevents unmounting and loosing all the mounts in the case that sometime decides to netcat or otherwise connect to the socket 2. It gives us an opportunity to short circuit any heavy lifting if we know that it will be impossible to succeed. 3. It allows us to rollback to earlier builds with older versions of the takeover protocol. This diff adds a little bit of machinery to enable passing a set of supported takeover protocol version numbers. The intent is to retain support for the two of these at a time; any time we change the encoding/protocol for takeover we'll bump the version number and add supporting code to handle the new format, retaining support for the prior version. Retaining the ability to handle the prior version allows us to downgrade to an earlier build gracefully if/when the need arises. I opted to do this here rather than by bumping the `kProtocolID` constant in `UnixSocket.h` becase we're not really changing the lowest level of the protocol; just the takeover specific portions. I haven't actually changed the takeover serialization in this diff, but do have some work on that happening in D6733406; that diff will be amended to take advantage and demonstrate how this versioning scheme works. A key thing to note about the implementation of this diff is that the client sends the version number to the server, but doesn't add any explicit version encoding in the response we receive. This is deliberate and allows us to upgrade prior builds to this new scheme. I'll add a more definitive check for this situation when I actually rev the format in the following diff. Reviewed By: simpkins Differential Revision: D6743065 fbshipit-source-id: c991cebfee918daad098105ca6bcfef76374c0ff
2018-01-31 01:16:05 +03:00
msg.data = data.serialize(protocolVersion_);
update the takeover code to use the new UnixSocket helper class Summary: Update the TakeoverClient and TakeoverServer code to use the new UnixSocket helper class for exchanging messages, file descriptors, and credential information. This does not change the message serialization code much yet, it merely changes the code to use the UnixSocket class for I/O. Reviewed By: wez Differential Revision: D6494979 fbshipit-source-id: 3129fe8605b1b3b7a24e6e84e94dccf3ea2b4170
2018-01-06 00:34:25 +03:00
msg.files.push_back(std::move(data.lockFile));
msg.files.push_back(std::move(data.thriftSocket));
for (auto& mount : data.mountPoints) {
msg.files.push_back(std::move(mount.fuseFD));
initial code to listen for graceful takeover attempts Summary: This adds a new class which listens on a Unix domain socket for clients that wish to gracefully take over Eden's FUSE mount points. The goal is to eventually enable graceful restart functionality for eden. It would be nice if we could use the existing thrift server socket for this, but thrift doesn't provide low-enough level APIs so that we can send credentials and file descriptors over the socket using SCM_CREDENTIALS and SCM_RIGHTS. Using our own separate socket is the easiest way to accomplish this instead. For now eden just listens on this socket and logs a message when a client connects; this diff does not yet contain logic for performing mount point takeover. Reviewed By: bolinfest Differential Revision: D5827752 fbshipit-source-id: 928e541efa2546cb612da2699ff0bd822bafaad5
2017-11-20 02:18:27 +03:00
}
update the takeover code to use the new UnixSocket helper class Summary: Update the TakeoverClient and TakeoverServer code to use the new UnixSocket helper class for exchanging messages, file descriptors, and credential information. This does not change the message serialization code much yet, it merely changes the code to use the UnixSocket class for I/O. Reviewed By: wez Differential Revision: D6494979 fbshipit-source-id: 3129fe8605b1b3b7a24e6e84e94dccf3ea2b4170
2018-01-06 00:34:25 +03:00
} catch (const std::exception& ex) {
auto ew = folly::exception_wrapper{std::current_exception(), ex};
data.takeoverComplete.setException(ew);
add version handshake to takeover protocol Summary: Whilst chatting with simpkins we realized that we lost the handshake portion of the takeover protocol during a refactor. The handshake is important for a couple of reasons: 1. It prevents unmounting and loosing all the mounts in the case that sometime decides to netcat or otherwise connect to the socket 2. It gives us an opportunity to short circuit any heavy lifting if we know that it will be impossible to succeed. 3. It allows us to rollback to earlier builds with older versions of the takeover protocol. This diff adds a little bit of machinery to enable passing a set of supported takeover protocol version numbers. The intent is to retain support for the two of these at a time; any time we change the encoding/protocol for takeover we'll bump the version number and add supporting code to handle the new format, retaining support for the prior version. Retaining the ability to handle the prior version allows us to downgrade to an earlier build gracefully if/when the need arises. I opted to do this here rather than by bumping the `kProtocolID` constant in `UnixSocket.h` becase we're not really changing the lowest level of the protocol; just the takeover specific portions. I haven't actually changed the takeover serialization in this diff, but do have some work on that happening in D6733406; that diff will be amended to take advantage and demonstrate how this versioning scheme works. A key thing to note about the implementation of this diff is that the client sends the version number to the server, but doesn't add any explicit version encoding in the response we receive. This is deliberate and allows us to upgrade prior builds to this new scheme. I'll add a more definitive check for this situation when I actually rev the format in the following diff. Reviewed By: simpkins Differential Revision: D6743065 fbshipit-source-id: c991cebfee918daad098105ca6bcfef76374c0ff
2018-01-31 01:16:05 +03:00
return socket_.send(TakeoverData::serializeError(protocolVersion_, ew));
initial code to listen for graceful takeover attempts Summary: This adds a new class which listens on a Unix domain socket for clients that wish to gracefully take over Eden's FUSE mount points. The goal is to eventually enable graceful restart functionality for eden. It would be nice if we could use the existing thrift server socket for this, but thrift doesn't provide low-enough level APIs so that we can send credentials and file descriptors over the socket using SCM_CREDENTIALS and SCM_RIGHTS. Using our own separate socket is the easiest way to accomplish this instead. For now eden just listens on this socket and logs a message when a client connects; this diff does not yet contain logic for performing mount point takeover. Reviewed By: bolinfest Differential Revision: D5827752 fbshipit-source-id: 928e541efa2546cb612da2699ff0bd822bafaad5
2017-11-20 02:18:27 +03:00
}
refactor UnixSocket in prep for iovec limits Summary: UnixSocket traverses the IOBuf chain twice. Refactor that into a common function because the next diff caps the size of individual iovecs. Reviewed By: simpkins Differential Revision: D7659062 fbshipit-source-id: 88b7d63669d8189b96434c38a6e499ed3b5ebbe6
2018-04-18 21:06:15 +03:00
XLOG(INFO) << "Sending takeover data to new process: "
<< msg.data.computeChainDataLength() << " bytes";
update the takeover code to use the new UnixSocket helper class Summary: Update the TakeoverClient and TakeoverServer code to use the new UnixSocket helper class for exchanging messages, file descriptors, and credential information. This does not change the message serialization code much yet, it merely changes the code to use the UnixSocket class for I/O. Reviewed By: wez Differential Revision: D6494979 fbshipit-source-id: 3129fe8605b1b3b7a24e6e84e94dccf3ea2b4170
2018-01-06 00:34:25 +03:00
return socket_.send(std::move(msg))
convert some deprecated Future::then() calls Summary: Convert deprecated `folly::Future::then()` calls to `thenTry()` or `thenValue()` as appropriate. Reviewed By: chadaustin Differential Revision: D10503906 fbshipit-source-id: abc0f6f588ad7edd0dd2576544875f4ad0263b83
2018-10-23 23:39:59 +03:00
.thenTry([promise = std::move(data.takeoverComplete)](
folly::Try<Unit>&& sendResult) mutable {
add EdenServer recovery step and recover after failed takeover data send handshake Summary: * This adds a `EdenServer::recover()` method to start back up on unsuccessful takeover data send. * On an unsuccessful ping, filfill the `shutdownPromise` with a `TakeoverSendError` continaing the constructed `TakeoverData`. After this `recover` function is called, `takeoverPromise_` is reset, `takeoverShutdown` is set to `false`, and the `runningState_` is set to `RUNNING`. With taking over from the returned `TakeoverData`, the user will not encounter `Transport not connected` errors on recovery. * This adds a `EdenServer::closeStorage()` method to defer closing the `backingStore_` and `localStore_` until after our ready handshake is successful. * This defers the shutdown of the `PrivHelper` until a successful ready handshake. I also update the takeover documentation here with the new logic (and fix some formatting issues) Reviewed By: simpkins Differential Revision: D20433433 fbshipit-source-id: f59e660922674d281957e80aee5049735b901a2c
2020-04-07 19:50:06 +03:00
if (sendResult.hasException()) {
promise.setException(sendResult.exception());
} else {
// Set an uninitalized optional here to avoid an attempted recovery
promise.setValue(std::nullopt);
}
update the takeover code to use the new UnixSocket helper class Summary: Update the TakeoverClient and TakeoverServer code to use the new UnixSocket helper class for exchanging messages, file descriptors, and credential information. This does not change the message serialization code much yet, it merely changes the code to use the UnixSocket class for I/O. Reviewed By: wez Differential Revision: D6494979 fbshipit-source-id: 3129fe8605b1b3b7a24e6e84e94dccf3ea2b4170
2018-01-06 00:34:25 +03:00
});
initial code to listen for graceful takeover attempts Summary: This adds a new class which listens on a Unix domain socket for clients that wish to gracefully take over Eden's FUSE mount points. The goal is to eventually enable graceful restart functionality for eden. It would be nice if we could use the existing thrift server socket for this, but thrift doesn't provide low-enough level APIs so that we can send credentials and file descriptors over the socket using SCM_CREDENTIALS and SCM_RIGHTS. Using our own separate socket is the easiest way to accomplish this instead. For now eden just listens on this socket and logs a message when a client connects; this diff does not yet contain logic for performing mount point takeover. Reviewed By: bolinfest Differential Revision: D5827752 fbshipit-source-id: 928e541efa2546cb612da2699ff0bd822bafaad5
2017-11-20 02:18:27 +03:00
}
TakeoverServer::TakeoverServer(
folly::EventBase* eventBase,
AbsolutePathPiece socketPath,
add fault injection to TakeoverServer Summary: This allows for fault injection into the TakeoverServer, which will be helpful when trying to mock a failed "ready" handshake (this will be used by injecting an error, not a timeout). Reviewed By: simpkins Differential Revision: D20527046 fbshipit-source-id: 24d493fdac620c759c98b050b6cec6b88587789a
2020-04-07 19:50:06 +03:00
TakeoverHandler* handler,
FaultInjector* faultInjector)
: eventBase_{eventBase},
handler_{handler},
socketPath_{socketPath},
faultInjector_(*faultInjector) {
initial code to listen for graceful takeover attempts Summary: This adds a new class which listens on a Unix domain socket for clients that wish to gracefully take over Eden's FUSE mount points. The goal is to eventually enable graceful restart functionality for eden. It would be nice if we could use the existing thrift server socket for this, but thrift doesn't provide low-enough level APIs so that we can send credentials and file descriptors over the socket using SCM_CREDENTIALS and SCM_RIGHTS. Using our own separate socket is the easiest way to accomplish this instead. For now eden just listens on this socket and logs a message when a client connects; this diff does not yet contain logic for performing mount point takeover. Reviewed By: bolinfest Differential Revision: D5827752 fbshipit-source-id: 928e541efa2546cb612da2699ff0bd822bafaad5
2017-11-20 02:18:27 +03:00
start();
}
TakeoverServer::~TakeoverServer() {}
void TakeoverServer::start() {
// Build the address for the takeover socket.
SocketAddress address;
address.setFromPath(socketPath_.stringPiece());
// Remove any old file at this path, so we can bind to it.
auto rc = unlink(socketPath_.value().c_str());
if (rc != 0 && errno != ENOENT) {
folly::throwSystemError("error removing old takeover socket");
}
socket_.reset(new AsyncServerSocket{eventBase_});
socket_->bind(address);
socket_->listen(/* backlog */ 1024);
socket_->addAcceptCallback(this, nullptr);
socket_->startAccepting();
}
void TakeoverServer::connectionAccepted(
AsyncServerSocket::AcceptCallback::connectionAccepted to NetworkSocket (attempt #2) Summary: The file descriptor API here needs to go away, so switch this API to NetworkSocket It is expected that this commit will cause a number of Open Source projects to temporarily show up as broken. This is due to the fact that not all projects get synced to Github at the exact same time, so the builds may temporarily be fetching an older version of it's dependencies than it needs to :) It should fix itself quickly. Reviewed By: yfeldblum Differential Revision: D14673328 fbshipit-source-id: c5842fa5dc383d50043e0d8228e35d03b10a1c6b
2019-04-11 00:57:55 +03:00
folly::NetworkSocket fdNetworkSocket,
initial code to listen for graceful takeover attempts Summary: This adds a new class which listens on a Unix domain socket for clients that wish to gracefully take over Eden's FUSE mount points. The goal is to eventually enable graceful restart functionality for eden. It would be nice if we could use the existing thrift server socket for this, but thrift doesn't provide low-enough level APIs so that we can send credentials and file descriptors over the socket using SCM_CREDENTIALS and SCM_RIGHTS. Using our own separate socket is the easiest way to accomplish this instead. For now eden just listens on this socket and logs a message when a client connects; this diff does not yet contain logic for performing mount point takeover. Reviewed By: bolinfest Differential Revision: D5827752 fbshipit-source-id: 928e541efa2546cb612da2699ff0bd822bafaad5
2017-11-20 02:18:27 +03:00
const folly::SocketAddress& /* clientAddr */) noexcept {
AsyncServerSocket::AcceptCallback::connectionAccepted to NetworkSocket (attempt #2) Summary: The file descriptor API here needs to go away, so switch this API to NetworkSocket It is expected that this commit will cause a number of Open Source projects to temporarily show up as broken. This is due to the fact that not all projects get synced to Github at the exact same time, so the builds may temporarily be fetching an older version of it's dependencies than it needs to :) It should fix itself quickly. Reviewed By: yfeldblum Differential Revision: D14673328 fbshipit-source-id: c5842fa5dc383d50043e0d8228e35d03b10a1c6b
2019-04-11 00:57:55 +03:00
int fd = fdNetworkSocket.toFd();
update the takeover code to use the new UnixSocket helper class Summary: Update the TakeoverClient and TakeoverServer code to use the new UnixSocket helper class for exchanging messages, file descriptors, and credential information. This does not change the message serialization code much yet, it merely changes the code to use the UnixSocket class for I/O. Reviewed By: wez Differential Revision: D6494979 fbshipit-source-id: 3129fe8605b1b3b7a24e6e84e94dccf3ea2b4170
2018-01-06 00:34:25 +03:00
folly::File socket(fd, /* ownsFd */ true);
initial code to listen for graceful takeover attempts Summary: This adds a new class which listens on a Unix domain socket for clients that wish to gracefully take over Eden's FUSE mount points. The goal is to eventually enable graceful restart functionality for eden. It would be nice if we could use the existing thrift server socket for this, but thrift doesn't provide low-enough level APIs so that we can send credentials and file descriptors over the socket using SCM_CREDENTIALS and SCM_RIGHTS. Using our own separate socket is the easiest way to accomplish this instead. For now eden just listens on this socket and logs a message when a client connects; this diff does not yet contain logic for performing mount point takeover. Reviewed By: bolinfest Differential Revision: D5827752 fbshipit-source-id: 928e541efa2546cb612da2699ff0bd822bafaad5
2017-11-20 02:18:27 +03:00
std::unique_ptr<ConnHandler> handler;
try {
update the takeover code to use the new UnixSocket helper class Summary: Update the TakeoverClient and TakeoverServer code to use the new UnixSocket helper class for exchanging messages, file descriptors, and credential information. This does not change the message serialization code much yet, it merely changes the code to use the UnixSocket class for I/O. Reviewed By: wez Differential Revision: D6494979 fbshipit-source-id: 3129fe8605b1b3b7a24e6e84e94dccf3ea2b4170
2018-01-06 00:34:25 +03:00
handler.reset(new ConnHandler{this, std::move(socket)});
initial code to listen for graceful takeover attempts Summary: This adds a new class which listens on a Unix domain socket for clients that wish to gracefully take over Eden's FUSE mount points. The goal is to eventually enable graceful restart functionality for eden. It would be nice if we could use the existing thrift server socket for this, but thrift doesn't provide low-enough level APIs so that we can send credentials and file descriptors over the socket using SCM_CREDENTIALS and SCM_RIGHTS. Using our own separate socket is the easiest way to accomplish this instead. For now eden just listens on this socket and logs a message when a client connects; this diff does not yet contain logic for performing mount point takeover. Reviewed By: bolinfest Differential Revision: D5827752 fbshipit-source-id: 928e541efa2546cb612da2699ff0bd822bafaad5
2017-11-20 02:18:27 +03:00
} catch (const std::exception& ex) {
XLOG(ERR) << "error allocating connection handler for new takeover "
"connection: "
<< exceptionStr(ex);
return;
}
XLOG(INFO) << "takeover socket connection received";
auto* handlerRawPtr = handler.get();
handlerRawPtr->start()
Future::onError replaced with Future::thenError Summary: Replace Future::onError with Future::thenError: * to remove ambiguous typing * to ensure that the executor is not lost and the returned Future is still bound to an executor See: https://fb.workplace.com/groups/fbcode/permalink/2002251863144976/ for details. Reviewed By: yfeldblum Differential Revision: D13784772 fbshipit-source-id: 1d3ede848b7d31c7a197a21b4ff2b31e840040a5
2019-01-30 20:45:02 +03:00
.thenError([](const folly::exception_wrapper& ew) {
initial code to listen for graceful takeover attempts Summary: This adds a new class which listens on a Unix domain socket for clients that wish to gracefully take over Eden's FUSE mount points. The goal is to eventually enable graceful restart functionality for eden. It would be nice if we could use the existing thrift server socket for this, but thrift doesn't provide low-enough level APIs so that we can send credentials and file descriptors over the socket using SCM_CREDENTIALS and SCM_RIGHTS. Using our own separate socket is the easiest way to accomplish this instead. For now eden just listens on this socket and logs a message when a client connects; this diff does not yet contain logic for performing mount point takeover. Reviewed By: bolinfest Differential Revision: D5827752 fbshipit-source-id: 928e541efa2546cb612da2699ff0bd822bafaad5
2017-11-20 02:18:27 +03:00
XLOG(ERR) << "error processing takeover connection request: "
<< folly::exceptionStr(ew);
})
.ensure([h = std::move(handler)] {});
}
void TakeoverServer::acceptError(const std::exception& ex) noexcept {
XLOG(ERR) << "accept() error on takeover socket: " << exceptionStr(ex);
}
} // namespace eden
} // namespace facebook
fs: ifdef linux/macos only files Summary: These don't compile on Windows, and in order to get mode/win to compile, we need to avoid compiling their contents. Ideally, we could do that in the TARGETS files with the select statement, but that's not available in fbcode. Thus, we do the next best thing: ifdef the file entirely. Reviewed By: wez Differential Revision: D23871728 fbshipit-source-id: b4d9df6503eaa008e649afd7bdc665cd37a9585d
2020-09-23 22:18:56 +03:00
#endif
Reference in New Issue Copy Permalink