RubyGems - pitchfork - Versions diffs - 0.4.0 → 0.5.0 - Mend

pitchfork 0.4.0 → 0.5.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of pitchfork might be problematic. Click here for more details.

Files changed (13) hide show

checksums.yaml +4 -4
data/CHANGELOG.md +10 -0
data/Gemfile.lock +2 -2
data/docs/Application_Timeouts.md +1 -1
data/docs/CONFIGURATION.md +77 -11
data/ext/pitchfork_http/pitchfork_http.c +166 -166
data/lib/pitchfork/chunked.rb +1 -1
data/lib/pitchfork/configurator.rb +17 -6
data/lib/pitchfork/http_server.rb +104 -25
data/lib/pitchfork/soft_timeout.rb +113 -0
data/lib/pitchfork/version.rb +1 -1
data/lib/pitchfork/worker.rb +12 -8
metadata +3 -2

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: f37584c7333941059ab10086a74d1102b1969c2fefb7a759fc13f9e4f837891e
-  data.tar.gz: bc69759f0a53d98d81648ee60b833e6c49fd3f88d53f7ac319e9acff845c7cf1
+  metadata.gz: ccd444fbdc89d5a253819e7be03e5d097c5aaf8b061980e15d4ec5326d2c54b5
+  data.tar.gz: f300bd3135e8d8d9e15f14dfe2780c75521ececeb72b8245fef0380e2ba338f5
 SHA512:
-  metadata.gz: 69d796bf414bb4bf7b7867e61229fa12764ca12dd1aaf2b36a615c2b806a64aa665b4c1483147e6d39a4d49df340ad31406f0db294da52e9a8a5740b186233a9
-  data.tar.gz: 51dc5852d5bc26fbba0f1824beb76977653ae089d589e33a1d7defca89b9b2235f466c5fc59419f56d0944b6c5ee819e1f966e9c32eac3d79029d951a6071c38
+  metadata.gz: b054a33d46f4b60c14e44fbac330bc4318a1b52259e89f2e8a1c16a58d8467f02eef981dbe018906a0c7a027c98db75a8efd483619d7ea5e2ece234b30b3846f
+  data.tar.gz: b12a622275fe638d49be5d9457d11309421119f9628044dec9898231f83425cab6aa6434b9f42372c5f8954b261f7e979e300a41fa75c39172fb8e1832cb0805

data/CHANGELOG.md CHANGED Viewed

@@ -1,5 +1,15 @@
 # Unreleased
+- Added a soft timeout in addition to the historical Unicorn hard timeout.
+  On soft timeout, the `after_worker_timeout` callback is invoked.
+- Implement `after_request_complete` callback.
+# 0.4.1
+- Avoid a Rack 3 deprecation warning.
+- Fix handling on non-ASCII cookies.
+- Log unknown process being reaped at INFO level.
 # 0.4.0
 - Preserve the current thread when reforking.

data/Gemfile.lock CHANGED Viewed

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    pitchfork (0.4.0)
+    pitchfork (0.5.0)
       rack (>= 2.0)
       raindrops (~> 0.7)
@@ -12,7 +12,7 @@ GEM
     nio4r (2.5.8)
     puma (6.1.1)
       nio4r (~> 2.0)
-    rack (3.0.7)
+    rack (3.0.8)
     raindrops (0.20.1)
     rake (13.0.6)
     rake-compiler (1.2.1)

data/docs/Application_Timeouts.md CHANGED Viewed

@@ -70,5 +70,5 @@ handle network/server failures.
 The `timeout` mechanism in pitchfork is an extreme solution that should
 be avoided whenever possible.
 It will help preserve the platform if your application or a dependency
-has a bug that cause it to either get stuck or two slow, but it is not a
+has a bug that cause it to either get stuck or be too slow, but it is not a
 solution to such bugs, merely a mitigation.

data/docs/CONFIGURATION.md CHANGED Viewed

@@ -173,33 +173,55 @@ The following options may be specified (but are generally not needed):
 ### `timeout`
 ```ruby
-timeout 10
+timeout 10, cleanup: 3
 ```
-Sets the timeout of worker processes to a number of seconds.
-Workers handling the request/app.call/response cycle taking longer than
-this time period will be forcibly killed (via `SIGKILL`).
+Sets the timeout for worker processes to a number of seconds.
-This timeout mecanism shouldn't be routinely relying on, and should
+Note that Pitchfork has two layers of timeout.
+A first "soft" timeout will invoke the `after_worker_timeout` from
+within the worker (but from a background thread) and then call `exit`
+to terminate the worker cleanly.
+The second "hard" timeout, is the sum of `timeout` and `cleanup`.
+Workers taking longer than this time period to be ready to handle a new
+request will be forcibly killed (via `SIGKILL`).
+Neither of these timeout mecanisms should be routinely relied on, and should
 instead be considered as a last line of defense in case you application
 is impacted by bugs causing unexpectedly slow response time, or fully stuck
 processes.
+If some of the application endpoints require an unreasonably large timeout,
+rather than to increase the global application timeout, it is possible to
+adjust it on a per request basis via the rack request environment:
+```ruby
+class MyMiddleware
+  def call(env)
+    if slow_endpoint?(env)
+      # Give 10 more seconds
+      env["pitchfork.timeout"]&.extend_deadline(10)
+    end
+    @app.call(env)
+  end
+end
+```
 Make sure to read the guide on [application timeouts](Application_Timeouts.md).
-This configuration defaults to a (too) generous 20 seconds, it is
-highly recommended to set a stricter one based on your application
-profile.
+This configuration defaults to a (too) generous 20 seconds for the soft timeout
+and an extra 2 seconds for the hard timeout. It is highly recommended to set a
+stricter one based on your application profile.
-This timeout is enforced by the master process itself and not subject
-to the scheduling limitations by the worker process.
 Due the low-complexity, low-overhead implementation, timeouts of less
 than 3.0 seconds can be considered inaccurate and unsafe.
 For running Pitchfork behind nginx, it is recommended to set
 "fail_timeout=0" for in your nginx configuration like this
 to have nginx always retry backends that may have had workers
-SIGKILL-ed due to timeouts.
+exit or be SIGKILL-ed due to timeouts.
 ```
    upstream pitchfork_backend {
@@ -284,6 +306,36 @@ after_worker_ready do |server, worker|
 end
 ```
+### `after_worker_timeout`
+Called by the worker process when the request timeout is elapsed:
+```ruby
+after_worker_timeout do |server, worker, timeout_info|
+  timeout_info.copy_thread_variables!
+  timeout_info.thread.kill
+  server.logger.error("Request timed out: #{timeout_info.rack_env.inspect}")
+  $stderr.puts timeout_info.thread.backtrace
+end
+```
+Note that this callback is invoked from a different thread. You can access the
+main thread via `timeout_info.thread`, as well as the rack environment via `timeout_info.rack_env`.
+If you need to invoke cleanup code that rely on thread local state, you can copy
+that state with `timeout_info.copy_thread_variables!`, but it's best avoided as the
+thread local state could contain thread unsafe objects.
+Also note that at this stage, the thread is still alive, if your callback does
+substantial work, you may want to kill the thread.
+After the callback is executed the worker will exit with status `0`.
+It is recommended not to do slow operations in this callback, but if you
+really have to, make sure to configure the `cleanup` timeout so that the
+callback has time to complete before the "hard" timeout triggers.
+By default the cleanup timeout is 2 seconds.
 ### `after_worker_exit`
 Called in the master process after a worker exits.
@@ -297,6 +349,20 @@ after_worker_exit do |server, worker, status|
 end
 ```
+### `after_request_complete`
+Called in the worker processes after a request has completed.
+Can be used for out of band work, or to exit unhealthy workers.
+```ruby
+after_request_complete do |server, worker|
+  if something_wrong?
+    exit
+  end
+end
+```
 ## Reforking
 ### `refork_after`