pax_global_header00006660000000000000000000000064136572652430014527gustar00rootroot0000000000000052 comment=4baec9811f2b3fa81b42fd0c97fa80f9798d0aab tableflip-4baec9811f2b3fa81b42fd0c97fa80f9798d0aab/000077500000000000000000000000001365726524300207745ustar00rootroot00000000000000tableflip-4baec9811f2b3fa81b42fd0c97fa80f9798d0aab/.travis.yml000066400000000000000000000001171365726524300231040ustar00rootroot00000000000000language: go go: - "1.13.x" - "1.14.x" os: - linux - osx - windows tableflip-4baec9811f2b3fa81b42fd0c97fa80f9798d0aab/LICENSE000066400000000000000000000027171365726524300220100ustar00rootroot00000000000000Copyright (c) 2017-2018, Cloudflare. All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. 3. Neither the name of the copyright holder nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission. THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. tableflip-4baec9811f2b3fa81b42fd0c97fa80f9798d0aab/README.md000066400000000000000000000041241365726524300222540ustar00rootroot00000000000000# Graceful process restarts in Go [![](https://godoc.org/github.com/cloudflare/tableflip?status.svg)](https://godoc.org/github.com/cloudflare/tableflip) It is sometimes useful to update the running code and / or configuration of a network service, without disrupting existing connections. Usually, this is achieved by starting a new process, somehow transferring clients to it and then exiting the old process. There are [many ways to implement graceful upgrades](https://blog.cloudflare.com/graceful-upgrades-in-go/). They vary wildly in the trade-offs they make, and how much control they afford the user. This library has the following goals: * No old code keeps running after a successful upgrade * The new process has a grace period for performing initialisation * Crashing during initialisation is OK * Only a single upgrade is ever run in parallel **`tableflip` works on Linux and macOS.** ## Using the library ```Go upg, _ := tableflip.New(tableflip.Options{}) defer upg.Stop() go func() { sig := make(chan os.Signal, 1) signal.Notify(sig, syscall.SIGHUP) for range sig { upg.Upgrade() } }() // Listen must be called before Ready ln, _ := upg.Listen("tcp", "localhost:8080") defer ln.Close() go http.Serve(ln, nil) if err := upg.Ready(); err != nil { panic(err) } <-upg.Exit() ``` Please see the more elaborate [graceful shutdown with net/http](http_example_test.go) example. ## Integration with `systemd` ``` [Unit] Description=Service using tableflip [Service] ExecStart=/path/to/binary -some-flag /path/to/pid-file ExecReload=/bin/kill -HUP $MAINPID PIDFile=/path/to/pid-file ``` See the [documentation](https://godoc.org/github.com/cloudflare/tableflip) as well. The logs of a process using `tableflip` may go missing due to a [bug in journald](https://github.com/systemd/systemd/issues/13708). You can work around this by logging directly to journald, for example by using [go-systemd/journal](https://godoc.org/github.com/coreos/go-systemd/journal) and looking for the [$JOURNAL_STREAM](https://www.freedesktop.org/software/systemd/man/systemd.exec.html#$JOURNAL_STREAM) environment variable. tableflip-4baec9811f2b3fa81b42fd0c97fa80f9798d0aab/child.go000066400000000000000000000046241365726524300224140ustar00rootroot00000000000000package tableflip import ( "encoding/gob" "fmt" "os" ) type child struct { *env proc process readyR, namesW *os.File ready <-chan *os.File result <-chan error exited <-chan struct{} } func startChild(env *env, passedFiles map[fileName]*file) (*child, error) { // These pipes are used for communication between parent and child // readyW is passed to the child, readyR stays with the parent readyR, readyW, err := os.Pipe() if err != nil { return nil, fmt.Errorf("pipe failed: %s", err) } namesR, namesW, err := os.Pipe() if err != nil { readyR.Close() readyW.Close() return nil, fmt.Errorf("pipe failed: %s", err) } // Copy passed fds and append the notification pipe fds := []*os.File{readyW, namesR} var fdNames [][]string for name, file := range passedFiles { nameSlice := make([]string, len(name)) copy(nameSlice, name[:]) fdNames = append(fdNames, nameSlice) fds = append(fds, file.File) } // Copy environment and append the notification env vars environ := append([]string(nil), env.environ()...) environ = append(environ, fmt.Sprintf("%s=yes", sentinelEnvVar)) proc, err := env.newProc(os.Args[0], os.Args[1:], fds, environ) if err != nil { readyR.Close() readyW.Close() namesR.Close() namesW.Close() return nil, fmt.Errorf("can't start process %s: %s", os.Args[0], err) } exited := make(chan struct{}) result := make(chan error, 1) ready := make(chan *os.File, 1) c := &child{ env, proc, readyR, namesW, ready, result, exited, } go c.writeNames(fdNames) go c.waitExit(result, exited) go c.waitReady(ready) return c, nil } func (c *child) String() string { return c.proc.String() } func (c *child) Kill() { c.proc.Signal(os.Kill) } func (c *child) waitExit(result chan<- error, exited chan<- struct{}) { result <- c.proc.Wait() close(exited) // Unblock waitReady and writeNames c.readyR.Close() c.namesW.Close() } func (c *child) waitReady(ready chan<- *os.File) { var b [1]byte if n, _ := c.readyR.Read(b[:]); n > 0 && b[0] == notifyReady { // We know that writeNames has exited by this point. // Closing the FD now signals to the child that the parent // has exited. ready <- c.namesW } c.readyR.Close() } func (c *child) writeNames(names [][]string) { enc := gob.NewEncoder(c.namesW) if names == nil { // Gob panics on nil _ = enc.Encode([][]string{}) return } _ = enc.Encode(names) } tableflip-4baec9811f2b3fa81b42fd0c97fa80f9798d0aab/child_test.go000066400000000000000000000035471365726524300234560ustar00rootroot00000000000000package tableflip import ( "os" "testing" ) func TestChildExit(t *testing.T) { env, procs := testEnv() child, err := startChild(env, nil) if err != nil { t.Fatal(err) } proc := <-procs proc.exit(nil) if err := <-child.result; err != nil { t.Error("Wait returns non-nil error:", err) } } func TestChildKill(t *testing.T) { env, procs := testEnv() child, err := startChild(env, nil) if err != nil { t.Fatal(err) } proc := <-procs go child.Kill() if sig := proc.recvSignal(nil); sig != os.Kill { t.Errorf("Received %v instead of os.Kill", sig) } proc.exit(nil) } func TestChildNotReady(t *testing.T) { env, procs := testEnv() child, err := startChild(env, nil) if err != nil { t.Fatal(err) } proc := <-procs proc.exit(nil) <-child.result <-child.exited select { case <-child.ready: t.Error("Child signals readiness without pipe being closed") default: } } func TestChildReady(t *testing.T) { env, procs := testEnv() child, err := startChild(env, nil) if err != nil { t.Fatal(err) } proc := <-procs if _, _, err := proc.notify(); err != nil { t.Fatal("Can't notify:", err) } <-child.ready proc.exit(nil) } func TestChildPassedFds(t *testing.T) { env, procs := testEnv() r, w, err := os.Pipe() if err != nil { t.Fatal(err) } in := map[fileName]*file{ fileName{"r"}: newFile(r.Fd(), fileName{"r"}), fileName{"w"}: newFile(w.Fd(), fileName{"w"}), } if _, err := startChild(env, in); err != nil { t.Fatal(err) } proc := <-procs if len(proc.fds) != 2+2 { t.Error("Expected 4 files, got", len(proc.fds)) } out, _, err := proc.notify() if err != nil { t.Fatal("Notify failed:", err) } for name, inFd := range in { if outFd, ok := out[name]; !ok { t.Error(name, "is missing") } else if outFd.Fd() != inFd.Fd() { t.Error(name, "fd mismatch:", outFd.Fd(), inFd.Fd()) } } proc.exit(nil) } tableflip-4baec9811f2b3fa81b42fd0c97fa80f9798d0aab/doc.go000066400000000000000000000035641365726524300221000ustar00rootroot00000000000000// Package tableflip implements zero downtime upgrades. // // An upgrade spawns a new copy of argv[0] and passes // file descriptors of used listening sockets to the new process. The old process exits // once the new process signals readiness. Thus new code can use sockets allocated // in the old process. This is similar to the approach used by nginx, but // as a library. // // At any point in time there are one or two processes, with at most one of them // in non-ready state. A successful upgrade fully replaces all old configuration // and code. // // To use this library with systemd you need to use the PIDFile option in the service // file. // // [Unit] // Description=Service using tableflip // // [Service] // ExecStart=/path/to/binary -some-flag /path/to/pid-file // ExecReload=/bin/kill -HUP $MAINPID // PIDFile=/path/to/pid-file // // Then pass /path/to/pid-file to New. You can use systemd-run to // test your implementation: // // systemd-run --user -p PIDFile=/path/to/pid-file /path/to/binary // // systemd-run will print a unit name, which you can use with systemctl to // inspect the service. // // NOTES: // // Requires at least Go 1.9, since there is a race condition on the // pipes used for communication between parent and child. // // If you're seeing "can't start process: no such file or directory", // you're probably using "go run main.go", for graceful reloads to work, // you'll need use "go build main.go". // // Tableflip does not work on Windows, because Windows does not have // the mechanisms required to support this method of graceful restarting. // It is still possible to include this package in code that runs on Windows, // which may be necessary in certain development circumstances, but it will not // provide zero downtime upgrades when running on Windows. See the `testing` // package for an example of how to use it. // package tableflip tableflip-4baec9811f2b3fa81b42fd0c97fa80f9798d0aab/dup_fd.go000066400000000000000000000005141365726524300225640ustar00rootroot00000000000000// +build !windows package tableflip import ( "fmt" "syscall" ) func dupFd(fd uintptr, name fileName) (*file, error) { dupfd, _, errno := syscall.Syscall(syscall.SYS_FCNTL, fd, syscall.F_DUPFD_CLOEXEC, 0) if errno != 0 { return nil, fmt.Errorf("can't dup fd using fcntl: %s", errno) } return newFile(dupfd, name), nil } tableflip-4baec9811f2b3fa81b42fd0c97fa80f9798d0aab/dup_fd_windows.go000066400000000000000000000003021365726524300243310ustar00rootroot00000000000000package tableflip import "errors" func dupFd(fd uintptr, name fileName) (*file, error) { return nil, errors.New("tableflip: duplicating file descriptors is not supported on this platform") } tableflip-4baec9811f2b3fa81b42fd0c97fa80f9798d0aab/dup_file.go000066400000000000000000000002761365726524300231170ustar00rootroot00000000000000// +build go1.12 package tableflip import ( "os" ) func dupFile(fh *os.File, name fileName) (*file, error) { // os.File implements syscall.Conn from go 1.12 return dupConn(fh, name) } tableflip-4baec9811f2b3fa81b42fd0c97fa80f9798d0aab/dup_file_legacy.go000066400000000000000000000002211365726524300244310ustar00rootroot00000000000000// +build !go1.12 package tableflip import ( "os" ) func dupFile(fh *os.File, name fileName) (*file, error) { return dupFd(fh.Fd(), name) } tableflip-4baec9811f2b3fa81b42fd0c97fa80f9798d0aab/env.go000066400000000000000000000004201365726524300221070ustar00rootroot00000000000000package tableflip import ( "os" ) type env struct { newProc func(string, []string, []*os.File, []string) (process, error) newFile func(fd uintptr, name string) *os.File environ func() []string getenv func(string) string closeOnExec func(fd int) } tableflip-4baec9811f2b3fa81b42fd0c97fa80f9798d0aab/env_syscalls.go000066400000000000000000000003451365726524300240320ustar00rootroot00000000000000// +build !windows package tableflip import ( "os" "syscall" ) var stdEnv = &env{ newProc: newOSProcess, newFile: os.NewFile, environ: os.Environ, getenv: os.Getenv, closeOnExec: syscall.CloseOnExec, } tableflip-4baec9811f2b3fa81b42fd0c97fa80f9798d0aab/env_test.go000066400000000000000000000007421365726524300231550ustar00rootroot00000000000000package tableflip import ( "os" ) func testEnv() (*env, chan *testProcess) { procs := make(chan *testProcess, 10) return &env{ newProc: func(_ string, _ []string, files []*os.File, env []string) (process, error) { p, err := newTestProcess(files, env) if err != nil { return nil, err } procs <- p return p, nil }, environ: func() []string { return nil }, getenv: func(string) string { return "" }, closeOnExec: func(fd int) {}, }, procs } tableflip-4baec9811f2b3fa81b42fd0c97fa80f9798d0aab/env_windows.go000066400000000000000000000001741365726524300236670ustar00rootroot00000000000000package tableflip // replace Unix-specific syscall with a no-op so it will build // without errors. var stdEnv *env = nil tableflip-4baec9811f2b3fa81b42fd0c97fa80f9798d0aab/fds.go000066400000000000000000000216631365726524300221070ustar00rootroot00000000000000package tableflip import ( "context" "fmt" "net" "os" "runtime" "strings" "sync" "syscall" ) // Listener can be shared between processes. type Listener interface { net.Listener syscall.Conn } // PacketConn can be shared between processes. type PacketConn interface { net.PacketConn syscall.Conn } // Conn can be shared between processes. type Conn interface { net.Conn syscall.Conn } const ( listenKind = "listener" packetKind = "packet" connKind = "conn" fdKind = "fd" ) type fileName [3]string func (name fileName) String() string { return strings.Join(name[:], ":") } func (name fileName) isUnix() bool { if name[0] == listenKind && (name[1] == "unix" || name[1] == "unixpacket") { return true } if name[0] == packetKind && (name[1] == "unixgram") { return true } return false } // file works around the fact that it's not possible // to get the fd from an os.File without putting it into // blocking mode. type file struct { *os.File fd uintptr } func newFile(fd uintptr, name fileName) *file { f := os.NewFile(fd, name.String()) if f == nil { return nil } return &file{ f, fd, } } // Fds holds all file descriptors inherited from the // parent process. type Fds struct { mu sync.Mutex // NB: Files in these maps may be in blocking mode. inherited map[fileName]*file used map[fileName]*file lc *net.ListenConfig } func newFds(inherited map[fileName]*file, lc *net.ListenConfig) *Fds { if inherited == nil { inherited = make(map[fileName]*file) } if lc == nil { lc = &net.ListenConfig{} } return &Fds{ inherited: inherited, used: make(map[fileName]*file), lc: lc, } } // Listen returns a listener inherited from the parent process, or creates a new one. func (f *Fds) Listen(network, addr string) (net.Listener, error) { f.mu.Lock() defer f.mu.Unlock() ln, err := f.listenerLocked(network, addr) if err != nil { return nil, err } if ln != nil { return ln, nil } ln, err = f.lc.Listen(context.Background(), network, addr) if err != nil { return nil, fmt.Errorf("can't create new listener: %s", err) } if _, ok := ln.(Listener); !ok { ln.Close() return nil, fmt.Errorf("%T doesn't implement tableflip.Listener", ln) } err = f.addListenerLocked(network, addr, ln.(Listener)) if err != nil { ln.Close() return nil, err } return ln, nil } // Listener returns an inherited listener or nil. // // It is safe to close the returned listener. func (f *Fds) Listener(network, addr string) (net.Listener, error) { f.mu.Lock() defer f.mu.Unlock() return f.listenerLocked(network, addr) } func (f *Fds) listenerLocked(network, addr string) (net.Listener, error) { key := fileName{listenKind, network, addr} file := f.inherited[key] if file == nil { return nil, nil } ln, err := net.FileListener(file.File) if err != nil { return nil, fmt.Errorf("can't inherit listener %s %s: %s", network, addr, err) } delete(f.inherited, key) f.used[key] = file return ln, nil } // AddListener adds a listener. // // It is safe to close ln after calling the method. // Any existing listener with the same address is overwitten. func (f *Fds) AddListener(network, addr string, ln Listener) error { f.mu.Lock() defer f.mu.Unlock() return f.addListenerLocked(network, addr, ln) } type unlinkOnCloser interface { SetUnlinkOnClose(bool) } func (f *Fds) addListenerLocked(network, addr string, ln Listener) error { if ifc, ok := ln.(unlinkOnCloser); ok { ifc.SetUnlinkOnClose(false) } return f.addSyscallConnLocked(listenKind, network, addr, ln) } // ListenPacket returns a packet conn inherited from the parent process, or creates a new one. func (f *Fds) ListenPacket(network, addr string) (net.PacketConn, error) { f.mu.Lock() defer f.mu.Unlock() conn, err := f.packetConnLocked(network, addr) if err != nil { return nil, err } if conn != nil { return conn, nil } conn, err = f.lc.ListenPacket(context.Background(), network, addr) if err != nil { return nil, fmt.Errorf("can't create new listener: %s", err) } if _, ok := conn.(PacketConn); !ok { return nil, fmt.Errorf("%T doesn't implement tableflip.PacketConn", conn) } err = f.addSyscallConnLocked(packetKind, network, addr, conn.(PacketConn)) if err != nil { conn.Close() return nil, err } return conn, nil } // PacketConn returns an inherited packet connection or nil. // // It is safe to close the returned packet connection. func (f *Fds) PacketConn(network, addr string) (net.PacketConn, error) { f.mu.Lock() defer f.mu.Unlock() return f.packetConnLocked(network, addr) } // AddPacketConn adds a PacketConn. // // It is safe to close conn after calling the method. // Any existing packet connection with the same address is overwitten. func (f *Fds) AddPacketConn(network, addr string, conn PacketConn) error { f.mu.Lock() defer f.mu.Unlock() return f.addSyscallConnLocked(packetKind, network, addr, conn) } func (f *Fds) packetConnLocked(network, addr string) (net.PacketConn, error) { key := fileName{packetKind, network, addr} file := f.inherited[key] if file == nil { return nil, nil } conn, err := net.FilePacketConn(file.File) if err != nil { return nil, fmt.Errorf("can't inherit packet conn %s %s: %s", network, addr, err) } delete(f.inherited, key) f.used[key] = file return conn, nil } // Conn returns an inherited connection or nil. // // It is safe to close the returned Conn. func (f *Fds) Conn(network, addr string) (net.Conn, error) { f.mu.Lock() defer f.mu.Unlock() key := fileName{connKind, network, addr} file := f.inherited[key] if file == nil { return nil, nil } conn, err := net.FileConn(file.File) if err != nil { return nil, fmt.Errorf("can't inherit connection %s %s: %s", network, addr, err) } delete(f.inherited, key) f.used[key] = file return conn, nil } // AddConn adds a connection. // // It is safe to close conn after calling this method. func (f *Fds) AddConn(network, addr string, conn Conn) error { f.mu.Lock() defer f.mu.Unlock() return f.addSyscallConnLocked(connKind, network, addr, conn) } func (f *Fds) addSyscallConnLocked(kind, network, addr string, conn syscall.Conn) error { key := fileName{kind, network, addr} file, err := dupConn(conn, key) if err != nil { return fmt.Errorf("can't dup %s (%s %s): %s", kind, network, addr, err) } delete(f.inherited, key) f.used[key] = file return nil } // File returns an inherited file or nil. // // The descriptor may be in blocking mode. func (f *Fds) File(name string) (*os.File, error) { f.mu.Lock() defer f.mu.Unlock() key := fileName{fdKind, name} file := f.inherited[key] if file == nil { return nil, nil } // Make a copy of the file, since we don't want to // allow the caller to invalidate fds in f.inherited. dup, err := dupFd(file.fd, key) if err != nil { return nil, err } delete(f.inherited, key) f.used[key] = file return dup.File, nil } // AddFile adds a file. // // Until Go 1.12, file will be in blocking mode // after this call. func (f *Fds) AddFile(name string, file *os.File) error { key := fileName{fdKind, name} dup, err := dupFile(file, key) if err != nil { return err } f.mu.Lock() defer f.mu.Unlock() delete(f.inherited, key) f.used[key] = dup return nil } func (f *Fds) copy() map[fileName]*file { f.mu.Lock() defer f.mu.Unlock() files := make(map[fileName]*file, len(f.used)) for key, file := range f.used { files[key] = file } return files } func (f *Fds) closeInherited() { f.mu.Lock() defer f.mu.Unlock() for key, file := range f.inherited { if key.isUnix() { // Remove inherited but unused Unix sockets from the file system. // This undoes the effect of SetUnlinkOnClose(false). _ = unlinkUnixSocket(key[2]) } _ = file.Close() } f.inherited = make(map[fileName]*file) } func unlinkUnixSocket(path string) error { if runtime.GOOS == "linux" && strings.HasPrefix(path, "@") { // Don't unlink sockets using the abstract namespace. return nil } info, err := os.Stat(path) if err != nil { return err } if info.Mode()&os.ModeSocket == 0 { return nil } return os.Remove(path) } func (f *Fds) closeUsed() { f.mu.Lock() defer f.mu.Unlock() for _, file := range f.used { _ = file.Close() } f.used = make(map[fileName]*file) } func (f *Fds) closeAndRemoveUsed() { f.mu.Lock() defer f.mu.Unlock() for key, file := range f.used { if key.isUnix() { // Remove used Unix Domain Sockets if we are shutting // down without having done an upgrade. // This undoes the effect of SetUnlinkOnClose(false). _ = unlinkUnixSocket(key[2]) } _ = file.Close() } f.used = make(map[fileName]*file) } func dupConn(conn syscall.Conn, name fileName) (*file, error) { // Use SyscallConn instead of File to avoid making the original // fd non-blocking. raw, err := conn.SyscallConn() if err != nil { return nil, err } var dup *file var duperr error err = raw.Control(func(fd uintptr) { dup, duperr = dupFd(fd, name) }) if err != nil { return nil, fmt.Errorf("can't access fd: %s", err) } return dup, duperr } tableflip-4baec9811f2b3fa81b42fd0c97fa80f9798d0aab/fds_test.go000066400000000000000000000120351365726524300231370ustar00rootroot00000000000000package tableflip import ( "io" "io/ioutil" "net" "os" "path/filepath" "runtime" "testing" ) func TestFdsAddListener(t *testing.T) { socketPath, cleanup := tempSocket(t) defer cleanup() addrs := [][2]string{ {"unix", socketPath}, {"tcp", "localhost:0"}, } fds := newFds(nil, nil) for _, addr := range addrs { ln, err := net.Listen(addr[0], addr[1]) if err != nil { t.Fatal(err) } if err := fds.AddListener(addr[0], addr[1], ln.(Listener)); err != nil { t.Fatalf("Can't add %s listener: %s", addr[0], err) } ln.Close() } } func TestFdsAddPacketConn(t *testing.T) { socketPath, cleanup := tempSocket(t) defer cleanup() addrs := [][2]string{ {"unix", socketPath}, {"udp", "localhost:0"}, } fds := newFds(nil, nil) for _, addr := range addrs { conn, err := net.ListenPacket(addr[0], addr[1]) if err != nil { t.Fatal(err) } if err := fds.AddPacketConn(addr[0], addr[1], conn.(PacketConn)); err != nil { t.Fatalf("Can't add %s listener: %s", addr[0], err) } conn.Close() } } func tempSocket(t *testing.T) (string, func()) { t.Helper() temp, err := ioutil.TempDir("", "tableflip") if err != nil { t.Fatal(err) } return filepath.Join(temp, "socket"), func() { os.RemoveAll(temp) } } func TestFdsListen(t *testing.T) { socketPath, cleanup := tempSocket(t) defer cleanup() addrs := [][2]string{ {"tcp", "localhost:0"}, {"udp", "localhost:0"}, {"unix", socketPath}, {"unixgram", socketPath + "Unixgram"}, } // Linux supports the abstract namespace for domain sockets. if runtime.GOOS == "linux" { addrs = append(addrs, [2]string{"unixpacket", socketPath + "Unixpacket"}, [2]string{"unix", ""}, [2]string{"unixpacket", ""}, [2]string{"unixgram", ""}, ) } var ( ln io.Closer err error ) parent := newFds(nil, nil) for _, addr := range addrs { switch addr[0] { case "udp", "unixgram": ln, err = parent.ListenPacket(addr[0], addr[1]) default: ln, err = parent.Listen(addr[0], addr[1]) } if err != nil { t.Fatalf("Can't create %s listener: %s", addr[0], err) } if ln == nil { t.Fatalf("Got a nil %s listener", addr[0]) } ln.Close() } child := newFds(parent.copy(), nil) for _, addr := range addrs { switch addr[0] { case "udp", "unixgram": ln, err = child.PacketConn(addr[0], addr[1]) default: ln, err = child.Listener(addr[0], addr[1]) } if err != nil { t.Fatalf("Can't get retrieve %s from child: %s", addr[0], err) } if ln == nil { t.Fatalf("Missing %s listener", addr[0]) } ln.Close() } } func TestFdsRemoveUnix(t *testing.T) { socketPath, cleanup := tempSocket(t) defer cleanup() addrs := [][2]string{ {"unix", socketPath}, {"unixgram", socketPath + "Unixgram"}, } if runtime.GOOS == "linux" { addrs = append(addrs, [2]string{"unixpacket", socketPath + "Unixpacket"}, ) } makeFds := func(t *testing.T) *Fds { fds := newFds(nil, nil) for _, addr := range addrs { var c io.Closer var err error if addr[0] == "unixgram" { c, err = fds.ListenPacket(addr[0], addr[1]) } else { c, err = fds.Listen(addr[0], addr[1]) } if err != nil { t.Fatalf("Can't listen on socket %v: %v", addr, err) } c.Close() if _, err := os.Stat(addr[1]); err != nil { t.Errorf("%s Close() unlinked socket: %s", addr[0], err) } } return fds } t.Run("closeAndRemoveUsed", func(t *testing.T) { parent := makeFds(t) parent.closeAndRemoveUsed() for _, addr := range addrs { if _, err := os.Stat(addr[1]); err == nil { t.Errorf("Used %s listeners are not removed", addr[0]) } } }) t.Run("closeInherited", func(t *testing.T) { parent := makeFds(t) child := newFds(parent.copy(), nil) child.closeInherited() for _, addr := range addrs { if _, err := os.Stat(addr[1]); err == nil { t.Errorf("Inherited but unused %s listeners are not removed", addr[0]) } } }) t.Run("closeUsed", func(t *testing.T) { parent := makeFds(t) parent.closeUsed() for _, addr := range addrs { if _, err := os.Stat(addr[1]); err != nil { t.Errorf("Used %s listeners are removed", addr[0]) } } }) } func TestFdsConn(t *testing.T) { socketPath, cleanup := tempSocket(t) defer cleanup() unix, err := net.ListenUnixgram("unixgram", &net.UnixAddr{ Net: "unixgram", Name: socketPath, }) if err != nil { t.Fatal(err) } parent := newFds(nil, nil) if err := parent.AddConn("unixgram", "", unix); err != nil { t.Fatal("Can't add conn:", err) } unix.Close() child := newFds(parent.copy(), nil) conn, err := child.Conn("unixgram", "") if err != nil { t.Fatal("Can't get conn:", err) } if conn == nil { t.Fatal("Missing conn") } conn.Close() } func TestFdsFile(t *testing.T) { r, w, err := os.Pipe() if err != nil { t.Fatal(err) } defer r.Close() parent := newFds(nil, nil) if err := parent.AddFile("test", w); err != nil { t.Fatal("Can't add file:", err) } w.Close() child := newFds(parent.copy(), nil) file, err := child.File("test") if err != nil { t.Fatal("Can't get file:", err) } if file == nil { t.Fatal("Missing file") } file.Close() } tableflip-4baec9811f2b3fa81b42fd0c97fa80f9798d0aab/go.mod000066400000000000000000000000601365726524300220760ustar00rootroot00000000000000module github.com/cloudflare/tableflip go 1.13 tableflip-4baec9811f2b3fa81b42fd0c97fa80f9798d0aab/go.sum000066400000000000000000000000001365726524300221150ustar00rootroot00000000000000tableflip-4baec9811f2b3fa81b42fd0c97fa80f9798d0aab/http_example_test.go000066400000000000000000000030531365726524300250550ustar00rootroot00000000000000package tableflip_test import ( "context" "flag" "fmt" "log" "net/http" "os" "os/signal" "syscall" "time" "github.com/cloudflare/tableflip" ) // This shows how to use the upgrader // with the graceful shutdown facilities of net/http. func Example_httpShutdown() { var ( listenAddr = flag.String("listen", "localhost:8080", "`Address` to listen on") pidFile = flag.String("pid-file", "", "`Path` to pid file") ) flag.Parse() log.SetPrefix(fmt.Sprintf("%d ", os.Getpid())) upg, err := tableflip.New(tableflip.Options{ PIDFile: *pidFile, }) if err != nil { panic(err) } defer upg.Stop() // Do an upgrade on SIGHUP go func() { sig := make(chan os.Signal, 1) signal.Notify(sig, syscall.SIGHUP) for range sig { err := upg.Upgrade() if err != nil { log.Println("Upgrade failed:", err) } } }() // Listen must be called before Ready ln, err := upg.Listen("tcp", *listenAddr) if err != nil { log.Fatalln("Can't listen:", err) } server := http.Server{ // Set timeouts, etc. } go func() { err := server.Serve(ln) if err != http.ErrServerClosed { log.Println("HTTP server:", err) } }() log.Printf("ready") if err := upg.Ready(); err != nil { panic(err) } <-upg.Exit() // Make sure to set a deadline on exiting the process // after upg.Exit() is closed. No new upgrades can be // performed if the parent doesn't exit. time.AfterFunc(30*time.Second, func() { log.Println("Graceful shutdown timed out") os.Exit(1) }) // Wait for connections to drain. server.Shutdown(context.Background()) } tableflip-4baec9811f2b3fa81b42fd0c97fa80f9798d0aab/parent.go000066400000000000000000000030671365726524300226220ustar00rootroot00000000000000package tableflip import ( "encoding/gob" "errors" "fmt" "io" "io/ioutil" "os" ) const ( sentinelEnvVar = "TABLEFLIP_HAS_PARENT_7DIU3" notifyReady = 42 ) type parent struct { wr *os.File result <-chan error exited <-chan struct{} } func newParent(env *env) (*parent, map[fileName]*file, error) { if env.getenv(sentinelEnvVar) == "" { return nil, make(map[fileName]*file), nil } wr := env.newFile(3, "write") rd := env.newFile(4, "read") var names [][]string dec := gob.NewDecoder(rd) if err := dec.Decode(&names); err != nil { return nil, nil, fmt.Errorf("can't decode names from parent process: %s", err) } files := make(map[fileName]*file) for i, parts := range names { var key fileName copy(key[:], parts) // Start at 5 to account for stdin, etc. and write // and read pipes. fd := 5 + i env.closeOnExec(fd) files[key] = &file{ env.newFile(uintptr(fd), key.String()), uintptr(fd), } } result := make(chan error, 1) exited := make(chan struct{}) go func() { defer rd.Close() n, err := io.Copy(ioutil.Discard, rd) if n != 0 { err = errors.New("unexpected data from parent process") } else if err != nil { err = fmt.Errorf("unexpected error while waiting for parent to exit: %s", err) } result <- err close(exited) }() return &parent{ wr: wr, result: result, exited: exited, }, files, nil } func (ps *parent) sendReady() error { defer ps.wr.Close() if _, err := ps.wr.Write([]byte{notifyReady}); err != nil { return fmt.Errorf("can't notify parent process: %s", err) } return nil } tableflip-4baec9811f2b3fa81b42fd0c97fa80f9798d0aab/parent_test.go000066400000000000000000000010441365726524300236520ustar00rootroot00000000000000package tableflip import ( "testing" ) func TestParentExit(t *testing.T) { env, procs := testEnv() child, err := startChild(env, nil) if err != nil { t.Fatal(err) } proc := <-procs _, exited, err := proc.notify() if err != nil { t.Fatal(err) } readyFile := <-child.ready if _, err = readyFile.Write([]byte{1}); err != nil { t.Fatal("Can't inject garbage from parent") } if err := readyFile.Close(); err != nil { t.Fatal(err) } err = <-exited if err == nil { t.Fatal("Expect child to detect garbage from parent") } } tableflip-4baec9811f2b3fa81b42fd0c97fa80f9798d0aab/process.go000066400000000000000000000014731365726524300230060ustar00rootroot00000000000000package tableflip import ( "fmt" "os" "os/exec" ) var initialWD, _ = os.Getwd() type process interface { fmt.Stringer Signal(sig os.Signal) error Wait() error } type osProcess struct { cmd *exec.Cmd } func newOSProcess(executable string, args []string, files []*os.File, env []string) (process, error) { cmd := exec.Command(executable, args...) cmd.Dir = initialWD cmd.Stdin = os.Stdin cmd.Stdout = os.Stdout cmd.Stderr = os.Stderr cmd.ExtraFiles = files cmd.Env = env if err := cmd.Start(); err != nil { return nil, err } return &osProcess{cmd}, nil } func (osp *osProcess) Signal(sig os.Signal) error { return osp.cmd.Process.Signal(sig) } func (osp *osProcess) Wait() error { return osp.cmd.Wait() } func (osp *osProcess) String() string { return fmt.Sprintf("pid=%d", osp.cmd.Process.Pid) } tableflip-4baec9811f2b3fa81b42fd0c97fa80f9798d0aab/process_test.go000066400000000000000000000031161365726524300240410ustar00rootroot00000000000000package tableflip import ( "fmt" "os" "strings" ) type testProcess struct { fds []*os.File env env signals chan os.Signal sigErr chan error waitErr chan error quit chan struct{} } func newTestProcess(fds []*os.File, envstr []string) (*testProcess, error) { environ := make(map[string]string) for _, entry := range envstr { parts := strings.SplitN(entry, "=", 2) if len(parts) != 2 { return nil, fmt.Errorf("invalid env entry: %s", entry) } environ[parts[0]] = parts[1] } return &testProcess{ fds, env{ newFile: func(fd uintptr, name string) *os.File { return fds[fd-3] }, getenv: func(key string) string { return environ[key] }, closeOnExec: func(int) {}, }, make(chan os.Signal, 1), make(chan error), make(chan error), make(chan struct{}), }, nil } func (tp *testProcess) Signal(sig os.Signal) error { select { case tp.signals <- sig: return <-tp.sigErr case <-tp.quit: return nil } } func (tp *testProcess) Wait() error { select { case err := <-tp.waitErr: return err case <-tp.quit: return nil } } func (tp *testProcess) String() string { return fmt.Sprintf("tp=%p", tp) } func (tp *testProcess) exit(err error) { select { case tp.waitErr <- err: close(tp.quit) case <-tp.quit: } } func (tp *testProcess) recvSignal(err error) os.Signal { sig := <-tp.signals tp.sigErr <- err return sig } func (tp *testProcess) notify() (map[fileName]*file, <-chan error, error) { parent, files, err := newParent(&tp.env) if err != nil { return nil, nil, err } return files, parent.result, parent.sendReady() } tableflip-4baec9811f2b3fa81b42fd0c97fa80f9798d0aab/tcp_example_test.go000066400000000000000000000024711365726524300246670ustar00rootroot00000000000000package tableflip_test import ( "flag" "fmt" "log" "os" "os/signal" "syscall" "time" "github.com/cloudflare/tableflip" ) // This shows how to use the Upgrader // with a listener based service. func Example_tcpServer() { var ( listenAddr = flag.String("listen", "localhost:8080", "`Address` to listen on") pidFile = flag.String("pid-file", "", "`Path` to pid file") ) flag.Parse() log.SetPrefix(fmt.Sprintf("%d ", os.Getpid())) upg, err := tableflip.New(tableflip.Options{ PIDFile: *pidFile, }) if err != nil { panic(err) } defer upg.Stop() // Do an upgrade on SIGHUP go func() { sig := make(chan os.Signal, 1) signal.Notify(sig, syscall.SIGHUP) for range sig { err := upg.Upgrade() if err != nil { log.Println("upgrade failed:", err) } } }() ln, err := upg.Fds.Listen("tcp", *listenAddr) if err != nil { log.Fatalln("Can't listen:", err) } go func() { defer ln.Close() log.Printf("listening on %s", ln.Addr()) for { c, err := ln.Accept() if err != nil { return } go func() { c.SetDeadline(time.Now().Add(time.Second)) c.Write([]byte("It is a mistake to think you can solve any major problems just with potatoes.\n")) c.Close() }() } }() log.Printf("ready") if err := upg.Ready(); err != nil { panic(err) } <-upg.Exit() } tableflip-4baec9811f2b3fa81b42fd0c97fa80f9798d0aab/testing/000077500000000000000000000000001365726524300224515ustar00rootroot00000000000000tableflip-4baec9811f2b3fa81b42fd0c97fa80f9798d0aab/testing/fds.go000066400000000000000000000025671365726524300235660ustar00rootroot00000000000000package testing import ( "net" "os" ) type Fds struct{} // Listen returns a listener by calling net.Listen directly // // Note: In the stub implementation, this is the only function that // actually does anything func (f *Fds) Listen(network, addr string) (net.Listener, error) { return net.Listen(network, addr) } // Listener always returns nil, since it is impossible to inherit with // the stub implementation func (f *Fds) Listener(network, addr string) (net.Listener, error) { return nil, nil } // AddListener does nothing, since there is no reason to track connections // in the stub implementation func (f *Fds) AddListener(network, addr string, ln net.Listener) error { return nil } // Conn always returns nil, since it is impossible to inherit with // the stub implementation func (f *Fds) Conn(network, addr string) (net.Conn, error) { return nil, nil } // AddConn does nothing, since there is no reason to track connections // in the stub implementation func (f *Fds) AddConn(network, addr string, conn net.Conn) error { return nil } // File always returns nil, since it is impossible to inherit with // the stub implementation func (f *Fds) File(name string) (*os.File, error) { return nil, nil } // AddFile does nothing, since there is no reason to track connections // in the stub implementation func (f *Fds) AddFile(name string, file *os.File) error { return nil } tableflip-4baec9811f2b3fa81b42fd0c97fa80f9798d0aab/testing/fds_test.go000066400000000000000000000005121365726524300246110ustar00rootroot00000000000000package testing import ( "testing" ) func TestFdsListen(t *testing.T) { addrs := [][2]string{ {"tcp", "localhost:0"}, } fds := &Fds{} for _, addr := range addrs { ln, err := fds.Listen(addr[0], addr[1]) if err != nil { t.Fatal(err) } if ln == nil { t.Fatal("Missing listener", addr) } ln.Close() } } tableflip-4baec9811f2b3fa81b42fd0c97fa80f9798d0aab/testing/http_example_test.go000066400000000000000000000040301365726524300265260ustar00rootroot00000000000000package testing_test import ( "context" "errors" "flag" "fmt" "log" "net" "net/http" "os" "os/signal" "syscall" "time" "github.com/cloudflare/tableflip" "github.com/cloudflare/tableflip/testing" ) type upgrader interface { Listen(network, addr string) (net.Listener, error) Stop() Upgrade() error Ready() error Exit() <-chan struct{} } // This shows how to use the upgrader // with the graceful shutdown facilities of net/http // and using the stub implementation if on an unsupported platform. func Example_httpShutdown() { var ( listenAddr = flag.String("listen", "localhost:8080", "`Address` to listen on") pidFile = flag.String("pid-file", "", "`Path` to pid file") ) flag.Parse() log.SetPrefix(fmt.Sprintf("%d ", os.Getpid())) var upg upgrader upg, err := tableflip.New(tableflip.Options{ PIDFile: *pidFile, }) if errors.Is(err, tableflip.ErrNotSupported) { upg, _ = testing.New() } else if err != nil { panic(err) } defer upg.Stop() // Do an upgrade on SIGHUP // NOTE: With `testing.Upgrader` this goroutine is useless // You may choose to enclose it inside an `if` statement block. go func() { sig := make(chan os.Signal, 1) signal.Notify(sig, syscall.SIGHUP) for range sig { err := upg.Upgrade() if err != nil { log.Println("Upgrade failed:", err) } } }() // Listen must be called before Ready ln, err := upg.Listen("tcp", *listenAddr) if err != nil { log.Fatalln("Can't listen:", err) } server := http.Server{ // Set timeouts, etc. } go func() { err := server.Serve(ln) if err != http.ErrServerClosed { log.Println("HTTP server:", err) } }() log.Printf("ready") if err := upg.Ready(); err != nil { panic(err) } <-upg.Exit() // Make sure to set a deadline on exiting the process // after upg.Exit() is closed. No new upgrades can be // performed if the parent doesn't exit. time.AfterFunc(30*time.Second, func() { log.Println("Graceful shutdown timed out") os.Exit(1) }) // Wait for connections to drain. server.Shutdown(context.Background()) } tableflip-4baec9811f2b3fa81b42fd0c97fa80f9798d0aab/testing/upgrader.go000066400000000000000000000033371365726524300246170ustar00rootroot00000000000000// Package testing provides a stub implementation that can be used for // simplified testing of applications that normally use tableflip. // It is also helpful for allowing projects that use tableflip // able to run on Windows, which does not support tableflip. package testing import ( "context" "github.com/cloudflare/tableflip" ) // Upgrader has all the methods of tableflip.Upgrader, but they don't // actually do anything special. type Upgrader struct { *Fds } // New creates a new stub Upgrader. // // Unlike the real version, this can be called many times. func New() (*Upgrader, error) { upg := newStubUpgrader() return upg, nil } func newStubUpgrader() *Upgrader { return &Upgrader{ &Fds{}, } } // Ready does nothing, since it is impossible to inherit with // the stub implementation. // However, the function still needs to be callable without errors // in order to be useful. func (u *Upgrader) Ready() error { return nil } // Exit returns a channel which is closed when the process should // exit. // We can return nil here because reading from a nil channel blocks func (u *Upgrader) Exit() <-chan struct{} { return nil } // Stop does nothing, since there will never be anything to stop // in the stub implementation func (u *Upgrader) Stop() { } // WaitForParent returns immediately, since the stub implementation // can never be a parent func (u *Upgrader) WaitForParent(ctx context.Context) error { return nil } // HasParent is always false, since the stub implementation can never // have a parent func (u *Upgrader) HasParent() bool { return false } // Upgrade always returns an error in the stub implementation, // since nothing can be done. func (u *Upgrader) Upgrade() error { return tableflip.ErrNotSupported } tableflip-4baec9811f2b3fa81b42fd0c97fa80f9798d0aab/upgrader.go000066400000000000000000000164021365726524300231370ustar00rootroot00000000000000package tableflip import ( "context" "errors" "fmt" "io/ioutil" "net" "os" "path/filepath" "runtime" "strconv" "sync" "time" ) // DefaultUpgradeTimeout is the duration before the Upgrader kills the new process if no // readiness notification was received. const DefaultUpgradeTimeout time.Duration = time.Minute // Options control the behaviour of the Upgrader. type Options struct { // Time after which an upgrade is considered failed. Defaults to // DefaultUpgradeTimeout. UpgradeTimeout time.Duration // The PID of a ready process is written to this file. PIDFile string // ListenConfig is a custom ListenConfig. Defaults to an empty ListenConfig ListenConfig *net.ListenConfig } // Upgrader handles zero downtime upgrades and passing files between processes. type Upgrader struct { *Fds *env opts Options parent *parent parentErr chan error readyOnce sync.Once readyC chan struct{} stopOnce sync.Once stopC chan struct{} upgradeC chan chan<- error exitC chan struct{} exitFd chan neverCloseThisFile } var ( stdEnvMu sync.Mutex stdEnvUpgrader *Upgrader ) var ErrNotSupported = errors.New("tableflip: platform does not support graceful restart") // New creates a new Upgrader. Files are passed from the parent and may be empty. // // Only the first call to this function will succeed. May return ErrNotSupported. func New(opts Options) (upg *Upgrader, err error) { stdEnvMu.Lock() defer stdEnvMu.Unlock() if !isSupportedOS() { return nil, fmt.Errorf("%w", ErrNotSupported) } if stdEnvUpgrader != nil { return nil, errors.New("tableflip: only a single Upgrader allowed") } upg, err = newUpgrader(stdEnv, opts) // Store a reference to upg in a private global variable, to prevent // it from being GC'ed and exitFd being closed prematurely. stdEnvUpgrader = upg return } func newUpgrader(env *env, opts Options) (*Upgrader, error) { if initialWD == "" { return nil, errors.New("couldn't determine initial working directory") } parent, files, err := newParent(env) if err != nil { return nil, err } if opts.UpgradeTimeout <= 0 { opts.UpgradeTimeout = DefaultUpgradeTimeout } u := &Upgrader{ env: env, opts: opts, parent: parent, parentErr: make(chan error, 1), readyC: make(chan struct{}), stopC: make(chan struct{}), upgradeC: make(chan chan<- error), exitC: make(chan struct{}), exitFd: make(chan neverCloseThisFile, 1), Fds: newFds(files, opts.ListenConfig), } go u.run() return u, nil } // Ready signals that the current process is ready to accept connections. // It must be called to finish the upgrade. // // All fds which were inherited but not used are closed after the call to Ready. func (u *Upgrader) Ready() error { u.readyOnce.Do(func() { u.Fds.closeInherited() close(u.readyC) }) if u.opts.PIDFile != "" { if err := writePIDFile(u.opts.PIDFile); err != nil { return fmt.Errorf("tableflip: can't write PID file: %s", err) } } if u.parent == nil { return nil } return u.parent.sendReady() } // Exit returns a channel which is closed when the process should // exit. func (u *Upgrader) Exit() <-chan struct{} { return u.exitC } // Stop prevents any more upgrades from happening, and closes // the exit channel. // // If this function is called before a call to Upgrade() has // succeeded, it is assumed that the process is being shut down // completely. All Unix sockets known to Upgrader.Fds are then // unlinked from the filesystem. func (u *Upgrader) Stop() { u.stopOnce.Do(func() { // Interrupt any running Upgrade(), and // prevent new upgrade from happening. close(u.stopC) }) } // WaitForParent blocks until the parent has exited. // // Returns an error if the parent misbehaved during shutdown. func (u *Upgrader) WaitForParent(ctx context.Context) error { if u.parent == nil { return nil } var err error select { case err = <-u.parent.result: case err = <-u.parentErr: case <-ctx.Done(): return ctx.Err() } // This is a bit cheeky, since it means that multiple // calls to WaitForParent resolve in sequence, but that // probably doesn't matter. u.parentErr <- err return err } // HasParent checks if the current process is an upgrade or the first invocation. func (u *Upgrader) HasParent() bool { return u.parent != nil } // Upgrade triggers an upgrade. func (u *Upgrader) Upgrade() error { response := make(chan error, 1) select { case <-u.stopC: return errors.New("terminating") case <-u.exitC: return errors.New("already upgraded") case u.upgradeC <- response: } return <-response } var errNotReady = errors.New("process is not ready yet") func (u *Upgrader) run() { defer close(u.exitC) var ( parentExited <-chan struct{} processReady = u.readyC ) if u.parent != nil { parentExited = u.parent.exited } for { select { case <-parentExited: parentExited = nil case <-processReady: processReady = nil case <-u.stopC: u.Fds.closeAndRemoveUsed() return case request := <-u.upgradeC: if processReady != nil { request <- errNotReady continue } if parentExited != nil { request <- errors.New("parent hasn't exited") continue } file, err := u.doUpgrade() request <- err if err == nil { // Save file in exitFd, so that it's only closed when the process // exits. This signals to the new process that the old process // has exited. u.exitFd <- neverCloseThisFile{file} u.Fds.closeUsed() return } } } } func (u *Upgrader) doUpgrade() (*os.File, error) { child, err := startChild(u.env, u.Fds.copy()) if err != nil { return nil, fmt.Errorf("can't start child: %s", err) } readyTimeout := time.After(u.opts.UpgradeTimeout) for { select { case request := <-u.upgradeC: request <- errors.New("upgrade in progress") case err := <-child.result: if err == nil { return nil, fmt.Errorf("child %s exited", child) } return nil, fmt.Errorf("child %s exited: %s", child, err) case <-u.stopC: child.Kill() return nil, errors.New("terminating") case <-readyTimeout: child.Kill() return nil, fmt.Errorf("new child %s timed out", child) case file := <-child.ready: return file, nil } } } // This file must never be closed by the Go runtime, since its used by the // child to determine when the parent has died. It must only be closed // by the OS. // Hence we make sure that this file can't be garbage collected by referencing // it from an Upgrader. type neverCloseThisFile struct { file *os.File } func writePIDFile(path string) error { dir, file := filepath.Split(path) // if dir is empty, the user probably specified just the name // of the pid file expecting it to be created in the current work directory if dir == "" { dir = initialWD } if dir == "" { return errors.New("empty initial working directory") } fh, err := ioutil.TempFile(dir, file) if err != nil { return err } defer fh.Close() // Remove temporary PID file if something fails defer os.Remove(fh.Name()) _, err = fh.WriteString(strconv.Itoa(os.Getpid())) if err != nil { return err } return os.Rename(fh.Name(), path) } // Check if this is a supported OS. // That is currently all Unix-like OS's. // At the moment, we assume that is everything except Windows. func isSupportedOS() bool { return runtime.GOOS != "windows" } tableflip-4baec9811f2b3fa81b42fd0c97fa80f9798d0aab/upgrader_test.go000066400000000000000000000234451365726524300242030ustar00rootroot00000000000000package tableflip import ( "bytes" "context" "encoding/gob" "errors" "fmt" "io" "io/ioutil" "net" "os" "strconv" "syscall" "testing" "time" ) type testUpgrader struct { *Upgrader procs chan *testProcess } func newTestUpgrader(opts Options) *testUpgrader { env, procs := testEnv() u, err := newUpgrader(env, opts) if err != nil { panic(err) } err = u.Ready() if err != nil { panic(err) } return &testUpgrader{ Upgrader: u, procs: procs, } } func (tu *testUpgrader) upgradeProc(t *testing.T) (*testProcess, <-chan error) { t.Helper() ch := make(chan error, 1) go func() { for { err := tu.Upgrade() if err != errNotReady { ch <- err return } } }() select { case err := <-ch: t.Fatal("Upgrade failed:", err) return nil, nil case proc := <-tu.procs: return proc, ch } } var names = []string{"zaphod", "beeblebrox"} func TestMain(m *testing.M) { upg, err := New(Options{}) if errors.Is(err, ErrNotSupported) { fmt.Fprintln(os.Stderr, "Skipping tests, OS is not supported") os.Exit(0) } if err != nil { panic(err) } if upg.parent == nil { // Execute test suite if there is no parent. os.Exit(m.Run()) } if err := childProcess(upg); err != nil { fmt.Fprintf(os.Stderr, "Error: %s\n", err) os.Exit(1) } } type childState struct { PID int } // Used by Benchmark and TestUpgraderOnOS func childProcess(upg *Upgrader) error { if !upg.HasParent() { return errors.New("Upgrader doesn't recognize parent") } wState, err := upg.Fds.File("wState") if err != nil { return err } if wState != nil { state := &childState{ PID: os.Getpid(), } if err := gob.NewEncoder(wState).Encode(state); err != nil { return err } wState.Close() } for _, name := range names { file, err := upg.Fds.File(name) if err != nil { return fmt.Errorf("can't get file %s: %s", name, err) } if file == nil { continue } if _, err := io.WriteString(file, name); err != nil { return fmt.Errorf("can't write to %s: %s", name, err) } file.Close() } rExit, err := upg.Fds.File("rExit") if err != nil { return err } // Ready closes all inherited but unused files. if err := upg.Ready(); err != nil { return fmt.Errorf("can't signal ready: %s", err) } // Block until the parent is done with us. Returning an // error here won't make the parent fail, so don't bother. if rExit != nil { var b [1]byte rExit.Read(b[:]) } return nil } func TestUpgraderOnOS(t *testing.T) { u, err := newUpgrader(stdEnv, Options{}) if err != nil { t.Fatal("Can't create Upgrader:", err) } defer u.Stop() pipe := func() (r, w *os.File) { t.Helper() r, w, err := os.Pipe() if err != nil { t.Fatal(err) } return r, w } addPipe := func(name string, file *os.File) { t.Helper() if err := u.Fds.AddFile(name, file); err != nil { t.Fatal(err) } file.Close() } rState, wState := pipe() defer rState.Close() addPipe("wState", wState) rExit, wExit := pipe() defer wExit.Close() addPipe("rExit", rExit) var readers []*os.File defer func() { for _, r := range readers { r.Close() } }() for _, name := range names { r, w := pipe() addPipe(name, w) readers = append(readers, r) } if err := u.Upgrade(); err == nil { t.Error("Upgrade before Ready should return an error") } if err := u.Ready(); err != nil { t.Fatal("Ready failed:", err) } for { if err := u.Upgrade(); err == nil { break } else if err != errNotReady { t.Fatal("Upgrade failed:", err) } } // Tell child it's OK to exit now. wExit.Close() // Close copies of write pipes, so that // reads below return EOF. u.Stop() var state childState if err := gob.NewDecoder(rState).Decode(&state); err != nil { t.Fatal("Can't decode state from child:", err) } if state.PID == os.Getpid() { t.Error("Child did not execute in new process") } for i, name := range names { nameBytes, err := ioutil.ReadAll(readers[i]) if err != nil { t.Fatal(err) } if !bytes.Equal(nameBytes, []byte(name)) { t.Fatalf("File %s has name %s in child", name, string(nameBytes)) } } } func TestUpgraderCleanExit(t *testing.T) { t.Parallel() u := newTestUpgrader(Options{}) defer u.Stop() proc, errs := u.upgradeProc(t) proc.exit(nil) if err := <-errs; err == nil { t.Error("Expected Upgrade to return error when new child exits clean") } } func TestUpgraderUncleanExit(t *testing.T) { t.Parallel() u := newTestUpgrader(Options{}) defer u.Stop() proc, errs := u.upgradeProc(t) proc.exit(errors.New("some error")) if err := <-errs; err == nil { t.Error("Expected Upgrade to return error when new child exits unclean") } } func TestUpgraderTimeout(t *testing.T) { t.Parallel() u := newTestUpgrader(Options{ UpgradeTimeout: 10 * time.Millisecond, }) defer u.Stop() new, errs := u.upgradeProc(t) if sig := new.recvSignal(nil); sig != os.Kill { t.Error("Expected os.Kill, got", sig) } if err := <-errs; err == nil { t.Error("Expected Upgrade to return error when new child times out") } } func TestUpgraderListenConfig(t *testing.T) { t.Parallel() var listenConfigUsed bool u := newTestUpgrader(Options{ ListenConfig: &net.ListenConfig{ Control: func(network, address string, c syscall.RawConn) error { listenConfigUsed = true return nil }, }, }) defer u.Stop() new, _ := u.upgradeProc(t) go new.recvSignal(nil) _, err := u.Listen("tcp", ":0") if err != nil { t.Errorf("Unexpected error from listen: %v", err) } if !listenConfigUsed { t.Error("Expected ListenConfig to be called during Listen") } new.exit(nil) } func TestUpgraderConcurrentUpgrade(t *testing.T) { t.Parallel() u := newTestUpgrader(Options{}) defer u.Stop() new, _ := u.upgradeProc(t) go new.recvSignal(nil) if err := u.Upgrade(); err == nil { t.Error("Expected Upgrade to refuse concurrent upgrade") } new.exit(nil) } func TestHasParent(t *testing.T) { t.Parallel() u := newTestUpgrader(Options{}) defer u.Stop() if u.HasParent() { t.Fatal("First process cannot have a parent") } } func TestUpgraderWaitForParent(t *testing.T) { t.Parallel() env, procs := testEnv() child, err := startChild(env, nil) if err != nil { t.Fatal(err) } proc := <-procs u, err := newUpgrader(&proc.env, Options{}) if err != nil { t.Fatal(err) } defer u.Stop() if err := u.Ready(); err != nil { t.Fatal(err) } exited := make(chan error, 1) go func() { exited <- u.WaitForParent(context.Background()) }() select { case <-exited: t.Fatal("Returned before parent exited") case <-time.After(time.Second): } readyFile := <-child.ready if err := readyFile.Close(); err != nil { t.Fatal(err) } if err := <-exited; err != nil { t.Fatal("Unexpected error:", err) } } func TestUpgraderReady(t *testing.T) { t.Parallel() u := newTestUpgrader(Options{}) defer u.Stop() new, errs := u.upgradeProc(t) _, exited, err := new.notify() if err != nil { t.Fatal("Can't notify Upgrader:", err) } if err := <-errs; err != nil { t.Fatal("Expected Upgrade to return nil when child is ready") } select { case <-u.Exit(): default: t.Error("Expected Exit() to be closed when upgrade is done") } // Simulate the process exiting file := <-u.exitFd file.file.Close() select { case err := <-exited: if err != nil { t.Error("exit error", err) } case <-time.After(time.Second): t.Error("Child wasn't notified of parent exiting") } } func TestUpgraderShutdownCancelsUpgrade(t *testing.T) { t.Parallel() u := newTestUpgrader(Options{}) defer u.Stop() new, errs := u.upgradeProc(t) go new.recvSignal(nil) u.Stop() if err := <-errs; err == nil { t.Error("Upgrade doesn't return an error when Stopp()ed") } if err := u.Upgrade(); err == nil { t.Error("Upgrade doesn't return an error after Stop()") } } func TestReadyWritesPIDFile(t *testing.T) { t.Parallel() dir, err := ioutil.TempDir("", "tableflip") if err != nil { t.Fatal(err) } defer os.RemoveAll(dir) file := dir + "/pid" u := newTestUpgrader(Options{ PIDFile: file, }) defer u.Stop() if err := u.Ready(); err != nil { t.Fatal("Ready returned error:", err) } fh, err := os.Open(file) if err != nil { t.Fatal("PID file doesn't exist:", err) } defer fh.Close() var pid int if _, err := fmt.Fscan(fh, &pid); err != nil { t.Fatal("Can't read PID:", err) } if pid != os.Getpid() { t.Error("PID doesn't match") } } func TestWritePidFileWithoutPath(t *testing.T) { pidFile := "tableflip-test.pid" err := writePIDFile(pidFile) if err != nil { t.Fatal("Could not write pidfile:", err) } defer os.Remove(pidFile) // lets see if we are able to read the file back fh, err := os.Open(pidFile) if err != nil { t.Fatal("PID file doesn't exist:", err) } defer fh.Close() // just to be sure: check the pid for correctness // if something failed at a previous run we could be reading // a bogus pidfile var pid int if _, err := fmt.Fscan(fh, &pid); err != nil { t.Fatal("Can't read PID:", err) } if pid != os.Getpid() { t.Error("PID doesn't match") } } func BenchmarkUpgrade(b *testing.B) { for _, n := range []int{4, 400, 4000} { b.Run(fmt.Sprintf("n=%d", n), func(b *testing.B) { fds := newFds(nil, nil) for i := 0; i < n; i += 2 { r, w, err := os.Pipe() if err != nil { b.Fatal(err) } err = fds.AddFile(strconv.Itoa(n), r) if err != nil { b.Fatal(err) } r.Close() err = fds.AddFile(strconv.Itoa(n), w) if err != nil { b.Fatal(err) } w.Close() } b.ResetTimer() for i := 0; i < b.N; i++ { u, err := newUpgrader(stdEnv, Options{}) if err != nil { b.Fatal("Can't create Upgrader:", err) } if err := u.Ready(); err != nil { b.Fatal("Can't call Ready:", err) } u.Fds = fds if err := u.Upgrade(); err != nil { b.Fatal(err) } } b.StopTimer() for _, f := range fds.used { f.Close() } }) } }