pitchfork 0.5.0 → 0.7.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: ccd444fbdc89d5a253819e7be03e5d097c5aaf8b061980e15d4ec5326d2c54b5
-  data.tar.gz: f300bd3135e8d8d9e15f14dfe2780c75521ececeb72b8245fef0380e2ba338f5
+  metadata.gz: 05372d35dd4784eb22e204b614b1c7add13fd0e298495543c5395e2f03b42073
+  data.tar.gz: 14f241efeb95774f6de6e9fc8926815eb7f10c25965a09a0700f77dae75dbb92
 SHA512:
-  metadata.gz: b054a33d46f4b60c14e44fbac330bc4318a1b52259e89f2e8a1c16a58d8467f02eef981dbe018906a0c7a027c98db75a8efd483619d7ea5e2ece234b30b3846f
-  data.tar.gz: b12a622275fe638d49be5d9457d11309421119f9628044dec9898231f83425cab6aa6434b9f42372c5f8954b261f7e979e300a41fa75c39172fb8e1832cb0805
+  metadata.gz: f26ebeeb3bc9f7533d25cc41b29a317fb8a80ce108a1859657adfa80b9eb8f88812cfe85dfecf0fbd8093b6e91f45c6ce51ab7b9a15864d96b9d0f5f77835786
+  data.tar.gz: 8d1f09bb24226f2c89b2db2d549c28508a9f2ea716a1612fcc3367d27445657b9d9da281e623af696dc803acd649847a724366306caf672dbc523a3e7495579b

data/.github/workflows/ci.yml

@@ -10,7 +10,6 @@ jobs:
       fail-fast: false
       matrix:
         os: ["ubuntu-latest"]
-        redis: ["6.2"]
         ruby: ["3.2", "3.1", "3.0", "2.7", "2.6"]
     runs-on: ubuntu-latest
     steps:

data/CHANGELOG.md

@@ -1,5 +1,24 @@
 # Unreleased
 
+# 0.7.0
+
+- Set nicer `proctile` to better see the state of the process tree at a glance.
+- Pass the last request env to `after_request_complete` callback.
+- Fix the slow rollout of workers on a new generation.
+- Expose `Pitchfork::Info.fork_safe?` and `Pitchfork::Info.no_longer_fork_safe!`.
+
+# 0.6.0
+
+- Expose `Pitchfork::Info.workers_count` and `.live_workers_count` to be consumed by application health checks.
+- Implement `before_worker_exit` callback.
+- Make each mold and worker a process group leader.
+- Get rid of `Pitchfork::PrereadInput`.
+- Add `Pitchfork.shutting_down?` to allow health check endpoints to fail sooner on graceful shutdowns.
+- Treat `TERM` as graceful shutdown rather than quick shutdown.
+- Implement `after_worker_hard_timeout` callback.
+
+# 0.5.0
+
 - Added a soft timeout in addition to the historical Unicorn hard timeout.
   On soft timeout, the `after_worker_timeout` callback is invoked.
 - Implement `after_request_complete` callback.

data/Dockerfile

@@ -1,4 +1,4 @@
 FROM ruby:3.2
-RUN apt-get update -y && apt-get install -y ragel socat netcat smem apache2-utils
+RUN apt-get update -y && apt-get install -y ragel socat netcat-traditional smem apache2-utils
 WORKDIR /app
 CMD [ "bash" ]

data/Gemfile.lock

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    pitchfork (0.5.0)
+    pitchfork (0.7.0)
       rack (>= 2.0)
       raindrops (~> 0.7)
 
@@ -9,8 +9,8 @@ GEM
   remote: https://rubygems.org/
   specs:
     minitest (5.15.0)
-    nio4r (2.5.8)
-    puma (6.1.1)
+    nio4r (2.5.9)
+    puma (6.3.0)
       nio4r (~> 2.0)
     rack (3.0.8)
     raindrops (0.20.1)

data/benchmark/cow_benchmark.rb

@@ -13,5 +13,5 @@ sleep 3
 puts "Memory Usage:"
 puts Net::HTTP.get(URI(app_url))
 
-Process.kill("TERM", pid)
+Process.kill("INT", pid)
 Process.wait

data/docs/CONFIGURATION.md

@@ -336,6 +336,21 @@ really have to, make sure to configure the `cleanup` timeout so that the
 callback has time to complete before the "hard" timeout triggers.
 By default the cleanup timeout is 2 seconds.
 
+### `after_worker_hard_timeout`
+
+Called in the master process when a worker hard timeout is elapsed:
+
+```ruby
+after_worker_timeout do |server, worker|
+  $stderr.puts "Worker hard timeout, pid=#{worker.pid}"
+end
+```
+
+Once the callback complete, the worker will be signaled with `SIGKILL`.
+
+This callback being called in an indication that something is preventing the
+soft timeout from working.
+
 ### `after_worker_exit`
 
 Called in the master process after a worker exits.
@@ -356,7 +371,7 @@ Called in the worker processes after a request has completed.
 Can be used for out of band work, or to exit unhealthy workers.
 
 ```ruby
-after_request_complete do |server, worker|
+after_request_complete do |server, worker, env|
   if something_wrong?
     exit
   end

data/docs/FORK_SAFETY.md

@@ -76,10 +76,12 @@ impact of discovering such bug.
 
 ## Known Incompatible Gems
 
-- [The `grpc` isn't fork safe](https://github.com/grpc/grpc/issues/8798) and doesn't provide any before or after fork callback to re-establish connection.
-  It can only be used in forking environment if the client is never used in the parent before fork.
-  If you application uses `grpc`, you shouldn't enable reforking.
-  But frankly, that gem is such a tire fire, you shouldn't use it regardless.
-  If you really have to consume a gRPC API, you can consider `grpc_kit` as a replacement.
+- The `grpc` isn't fork safe by default, but starting from version `1.57.0`, it does provide an experimental
+  fork safe option that requires setting an environment variable before loading the library, and calling
+  `GRPC.prefork`, `GRPC.postfork_parent` and `GRPC.postfork_child` around fork calls.
+  (https://github.com/grpc/grpc/pull/33430)
 
-No other gem is known to be incompatible, but if you find one please open an issue to add it to the list.
+- The `ruby-vips` gem binds the `libvips` image processing library that isn't fork safe.
+  (https://github.com/libvips/libvips/discussions/3577)
+
+No other gem is known to be incompatible for now, but if you find one please open an issue to add it to the list.

data/docs/SIGNALS.md

@@ -6,9 +6,9 @@ processes are documented here as well.
 
 ### Master Process
 
-* `INT/TERM` - quick shutdown, kills all workers immediately
+* `INT` - quick shutdown, kills all workers immediately
 
-* `QUIT` - graceful shutdown, waits for workers to finish their
+* `QUIT/TERM` - graceful shutdown, waits for workers to finish their
   current request before finishing.
 
 * `USR2` - trigger a manual refork. A worker is promoted as
@@ -29,10 +29,10 @@ Sending signals directly to the worker processes should not normally be
 needed.  If the master process is running, any exited worker will be
 automatically respawned.
 
-* `INT/TERM` - Quick shutdown, immediately exit.
+* `INT` - Quick shutdown, immediately exit.
   The master process will respawn a worker to replace this one.
   Immediate shutdown is still triggered using kill(2) and not the
   internal pipe as of unicorn 4.8
 
-* `QUIT` - Gracefully exit after finishing the current request.
+* `QUIT/TERM` - Gracefully exit after finishing the current request.
   The master process will respawn a worker to replace this one.

data/lib/pitchfork/configurator.rb

@@ -26,11 +26,15 @@ module Pitchfork
     }
 
     # Default settings for Pitchfork
+    default_logger = Logger.new($stderr)
+    default_logger.formatter = Logger::Formatter.new
+    default_logger.progname = "[Pitchfork]"
+
     DEFAULTS = {
       :soft_timeout => 20,
       :cleanup_timeout => 2,
       :timeout => 22,
-      :logger => Logger.new($stderr),
+      :logger => default_logger,
       :worker_processes => 1,
       :after_worker_fork => lambda { |server, worker|
         server.logger.info("worker=#{worker.nr} gen=#{worker.generation} pid=#{$$} spawned")
@@ -38,6 +42,7 @@ module Pitchfork
       :after_mold_fork => lambda { |server, worker|
         server.logger.info("mold gen=#{worker.generation} pid=#{$$} spawned")
       },
+      :before_worker_exit => nil,
       :after_worker_exit => lambda { |server, worker, status|
         m = if worker.nil?
           "repead unknown process (#{status.inspect})"
@@ -56,6 +61,7 @@ module Pitchfork
         server.logger.info("worker=#{worker.nr} gen=#{worker.generation} ready")
       },
       :after_worker_timeout => nil,
+      :after_worker_hard_timeout => nil,
       :after_request_complete => nil,
       :early_hints => false,
       :refork_condition => nil,
@@ -139,12 +145,20 @@ module Pitchfork
       set_hook(:after_worker_timeout, block_given? ? block : args[0], 3)
     end
 
+    def after_worker_hard_timeout(*args, &block)
+      set_hook(:after_worker_hard_timeout, block_given? ? block : args[0], 2)
+    end
+
+    def before_worker_exit(*args, &block)
+      set_hook(:before_worker_exit, block_given? ? block : args[0], 2)
+    end
+
     def after_worker_exit(*args, &block)
       set_hook(:after_worker_exit, block_given? ? block : args[0], 3)
     end
 
     def after_request_complete(*args, &block)
-      set_hook(:after_request_complete, block_given? ? block : args[0])
+      set_hook(:after_request_complete, block_given? ? block : args[0], 3)
     end
 
     def timeout(seconds, cleanup: 2)

data/lib/pitchfork/flock.rb

@@ -19,6 +19,10 @@ module Pitchfork
       nil
     end
 
+    def to_io
+      @file
+    end
+
     def unlink
       File.unlink(@file.path)
     rescue Errno::ENOENT

data/lib/pitchfork/http_server.rb

@@ -2,6 +2,8 @@
 require 'pitchfork/pitchfork_http'
 require 'pitchfork/flock'
 require 'pitchfork/soft_timeout'
+require 'pitchfork/shared_memory'
+require 'pitchfork/info'
 
 module Pitchfork
   # This is the process manager of Pitchfork. This manages worker
@@ -44,14 +46,15 @@ module Pitchfork
       end
 
       def call(original_thread) # :nodoc:
-        @server.logger.error("worker=#{@worker.nr} pid=#{@worker.pid} timed out, exiting")
-        if @callback
-          @callback.call(@server, @worker, Info.new(original_thread, @rack_env))
+        begin
+          @server.logger.error("worker=#{@worker.nr} pid=#{@worker.pid} timed out, exiting")
+          if @callback
+            @callback.call(@server, @worker, Info.new(original_thread, @rack_env))
+          end
+        rescue => error
+          Pitchfork.log_error(@server.logger, "after_worker_timeout error", error)
         end
-      rescue => error
-        Pitchfork.log_error(@server.logger, "after_worker_timeout error", error)
-      ensure
-        exit
+        @server.worker_exit(@worker)
       end
 
       def finished # :nodoc:
@@ -76,8 +79,8 @@ module Pitchfork
                   :listener_opts, :children,
                   :orig_app, :config, :ready_pipe,
                   :default_middleware, :early_hints
-    attr_writer   :after_worker_exit, :after_worker_ready, :after_request_complete, :refork_condition,
-                  :after_worker_timeout
+    attr_writer   :after_worker_exit, :before_worker_exit, :after_worker_ready, :after_request_complete,
+                  :refork_condition, :after_worker_timeout, :after_worker_hard_timeout
 
     attr_reader :logger
     include Pitchfork::SocketHelper
@@ -88,7 +91,7 @@ module Pitchfork
     # in new projects
     LISTENERS = []
 
-    NOOP = '.'
+    NOOP = '.'.freeze
 
     # :startdoc:
     # This Hash is considered a stable interface and changing its contents
@@ -126,6 +129,7 @@ module Pitchfork
       @respawn = false
       @last_check = Pitchfork.time_now
       @promotion_lock = Flock.new("pitchfork-promotion")
+      Info.keep_io(@promotion_lock)
 
       options = options.dup
       @ready_pipe = options.delete(:ready_pipe)
@@ -134,6 +138,8 @@ module Pitchfork
       self.config = Pitchfork::Configurator.new(options)
       self.listener_opts = {}
 
+      proc_name role: 'monitor', status: START_CTX[:argv].join(' ')
+
       # We use @control_socket differently in the master and worker processes:
       #
       # * The master process never closes or reinitializes this once
@@ -163,7 +169,9 @@ module Pitchfork
       # list of signals we care about and trap in master.
       @queue_sigs = [
         :QUIT, :INT, :TERM, :USR2, :TTIN, :TTOU ]
-      Worker.preallocate_drops(worker_processes)
+
+      Info.workers_count = worker_processes
+      SharedMemory.preallocate_drops(worker_processes)
     end
 
     # Runs the thing.  Returns self so you can run join on it
@@ -175,6 +183,7 @@ module Pitchfork
       # It's also used by newly spawned children to send their soft_signal pipe
       # to the master when they are spawned.
       @control_socket.replace(Pitchfork.socketpair)
+      Info.keep_ios(@control_socket)
       @master_pid = $$
 
       # setup signal handlers before writing pid file in case people get
@@ -259,6 +268,7 @@ module Pitchfork
           io = server_cast(io)
         end
         logger.info "listening on addr=#{sock_name(io)} fd=#{io.fileno}"
+        Info.keep_io(io)
         LISTENERS << io
         io
       rescue Errno::EADDRINUSE => err
@@ -282,7 +292,8 @@ module Pitchfork
     def join
       @respawn = true
 
-      proc_name 'master'
+      proc_name role: 'monitor', status: START_CTX[:argv].join(' ')
+
       logger.info "master process ready" # test_exec.rb relies on this message
       if @ready_pipe
         begin
@@ -312,7 +323,7 @@ module Pitchfork
       if REFORKING_AVAILABLE && @respawn && @children.molds.empty?
         logger.info("No mold alive, shutting down")
         @exit_status = 1
-        @sig_queue << :QUIT
+        @sig_queue << :TERM
         @respawn = false
       end
 
@@ -332,15 +343,21 @@ module Pitchfork
         end
 
         master_sleep(sleep_time) if sleep
-      when :QUIT # graceful shutdown
-        logger.info "QUIT received, starting graceful shutdown"
+      when :QUIT, :TERM # graceful shutdown
+        SharedMemory.shutting_down!
+        logger.info "#{message} received, starting graceful shutdown"
         return StopIteration
-      when :TERM, :INT # immediate shutdown
+      when :INT # immediate shutdown
+        SharedMemory.shutting_down!
         logger.info "#{message} received, starting immediate shutdown"
         stop(false)
         return StopIteration
       when :USR2 # trigger a promotion
-        trigger_refork
+        if @respawn
+          trigger_refork
+        else
+          logger.error "Can't trigger a refork as the server is shutting down"
+        end
       when :TTIN
         @respawn = true
         self.worker_processes += 1
@@ -359,7 +376,7 @@ module Pitchfork
         logger.info("mold pid=#{new_mold.pid} gen=#{new_mold.generation} ready")
         old_molds.each do |old_mold|
           logger.info("Terminating old mold pid=#{old_mold.pid} gen=#{old_mold.generation}")
-          old_mold.soft_kill(:QUIT)
+          old_mold.soft_kill(:TERM)
         end
       else
         logger.error("Unexpected message in sig_queue #{message.inspect}")
@@ -369,15 +386,17 @@ module Pitchfork
 
     # Terminates all workers, but does not exit master process
     def stop(graceful = true)
+      proc_name role: 'monitor', status: 'shutting down'
       @respawn = false
+      SharedMemory.shutting_down!
       wait_for_pending_workers
       self.listeners = []
       limit = Pitchfork.time_now + timeout
       until @children.workers.empty? || Pitchfork.time_now > limit
         if graceful
-          soft_kill_each_child(:QUIT)
+          soft_kill_each_child(:TERM)
         else
-          kill_each_child(:TERM)
+          kill_each_child(:INT)
         end
         if monitor_loop(false) == StopIteration
           return StopIteration
@@ -387,6 +406,19 @@ module Pitchfork
       @promotion_lock.unlink
     end
 
+    def worker_exit(worker)
+      proc_name status: "exiting"
+
+      if @before_worker_exit
+        begin
+          @before_worker_exit.call(self, worker)
+        rescue => error
+          Pitchfork.log_error(logger, "before_worker_exit error", error)
+        end
+      end
+      Process.exit
+    end
+
     def rewindable_input
       Pitchfork::HttpParser.input_class.method_defined?(:rewind)
     end
@@ -473,10 +505,19 @@ module Pitchfork
         else # worker is out of time
           next_sleep = 0
           if worker.mold?
-            logger.error "mold pid=#{worker.pid} deadline=#{deadline} timed out, killing"
+            logger.error "mold pid=#{worker.pid} timed out, killing"
           else
-            logger.error "worker=#{worker.nr} pid=#{worker.pid} deadline=#{deadline} timed out, killing"
+            logger.error "worker=#{worker.nr} pid=#{worker.pid} timed out, killing"
+          end
+
+          if @after_worker_hard_timeout
+            begin
+              @after_worker_hard_timeout.call(self, worker)
+            rescue => error
+              Pitchfork.log_error(@logger, "after_worker_hard_timeout callback", error)
+            end
           end
+
           kill_worker(:KILL, worker.pid) # take no prisoners for hard timeout violations
         end
       end
@@ -486,7 +527,7 @@ module Pitchfork
 
     def trigger_refork
       unless REFORKING_AVAILABLE
-        logger.error("This system doesn't support PR_SET_CHILD_SUBREAPER, can't promote a worker")
+        logger.error("This system doesn't support PR_SET_CHILD_SUBREAPER, can't refork")
       end
 
       unless @children.pending_promotion?
@@ -495,7 +536,6 @@ module Pitchfork
         else
           logger.error("No children at all???")
         end
-      else
       end
     end
 
@@ -519,6 +559,7 @@ module Pitchfork
 
         after_fork_internal
         worker_loop(worker)
+        worker_exit(worker)
       end
 
       worker
@@ -577,7 +618,7 @@ module Pitchfork
     def maintain_worker_count
       (off = @children.workers_count - worker_processes) == 0 and return
       off < 0 and return spawn_missing_workers
-      @children.each_worker { |w| w.nr >= worker_processes and w.soft_kill(:QUIT) }
+      @children.each_worker { |w| w.nr >= worker_processes and w.soft_kill(:TERM) }
     end
 
     def restart_outdated_workers
@@ -593,8 +634,13 @@ module Pitchfork
       if workers_to_restart > 0
         outdated_workers = @children.workers.select { |w| !w.exiting? && w.generation < @children.mold.generation }
         outdated_workers.each do |worker|
-          logger.info("worker=#{worker.nr} pid=#{worker.pid} gen=#{worker.generation} restarting")
-          worker.soft_kill(:QUIT)
+          if worker.soft_kill(:TERM)
+            logger.info("Sent SIGTERM to worker=#{worker.nr} pid=#{worker.pid} gen=#{worker.generation}")
+            workers_to_restart -= 1
+          else
+            logger.info("Failed to send SIGTERM to worker=#{worker.nr} pid=#{worker.pid} gen=#{worker.generation}")
+          end
+          break if workers_to_restart <= 0
         end
       end
     end
@@ -649,6 +695,9 @@ module Pitchfork
       env = nil
       @request = Pitchfork::HttpParser.new
       env = @request.read(client)
+
+      proc_name status: "processing: #{env["PATH_INFO"]}"
+
       timeout_handler.rack_env = env
       env["pitchfork.timeout"] = timeout_handler
 
@@ -663,12 +712,12 @@ module Pitchfork
       status, headers, body = @app.call(env)
 
       begin
-        return if @request.hijacked?
+        return env if @request.hijacked?
 
         if 100 == status.to_i
           e100_response_write(client, env)
           status, headers, body = @app.call(env)
-          return if @request.hijacked?
+          return env if @request.hijacked?
         end
         @request.headers? or headers = nil
         http_response_write(client, status, headers, body, @request)
@@ -683,11 +732,14 @@ module Pitchfork
         end
         client.close # flush and uncork socket immediately, no keepalive
       end
+      env
     rescue => e
       handle_error(client, e)
+      env
     ensure
       env["rack.after_reply"].each(&:call) if env
       timeout_handler.finished
+      env
     end
 
     def nuke_listeners!(readers)
@@ -702,16 +754,16 @@ module Pitchfork
     # traps for USR2, and HUP may be set in the after_fork Proc
     # by the user.
     def init_worker_process(worker)
+      proc_name role: "(gen:#{worker.generation}) worker[#{worker.nr}]", status: "init"
       worker.reset
       worker.register_to_master(@control_socket[1])
-      # we'll re-trap :QUIT later for graceful shutdown iff we accept clients
+      # we'll re-trap :QUIT and :TERM later for graceful shutdown iff we accept clients
       exit_sigs = [ :QUIT, :TERM, :INT ]
       exit_sigs.each { |sig| trap(sig) { exit!(0) } }
       exit!(0) if (@sig_queue & exit_sigs)[0]
       (@queue_sigs - exit_sigs).each { |sig| trap(sig, nil) }
       trap(:CHLD, 'DEFAULT')
       @sig_queue.clear
-      proc_name "(gen:#{worker.generation}) worker[#{worker.nr}]"
       @children = nil
 
       after_worker_fork.call(self, worker) # can drop perms and create listeners
@@ -722,14 +774,16 @@ module Pitchfork
       readers = LISTENERS.dup
       readers << worker
       trap(:QUIT) { nuke_listeners!(readers) }
+      trap(:TERM) { nuke_listeners!(readers) }
       readers
     end
 
     def init_mold_process(mold)
-      proc_name "(gen: #{mold.generation}) mold"
+      proc_name role: "(gen:#{mold.generation}) mold", status: "ready"
       after_mold_fork.call(self, mold)
       readers = [mold]
       trap(:QUIT) { nuke_listeners!(readers) }
+      trap(:TERM) { nuke_listeners!(readers) }
       readers
     end
 
@@ -754,6 +808,8 @@ module Pitchfork
       ready = readers.dup
       @after_worker_ready.call(self, worker)
 
+      proc_name status: "ready"
+
       while readers[0]
         begin
           worker.update_deadline(@timeout)
@@ -765,12 +821,16 @@ module Pitchfork
             if client
               case client
               when Message::PromoteWorker
-                spawn_mold(worker.generation)
+                if Info.fork_safe?
+                  spawn_mold(worker.generation)
+                else
+                  logger.error("worker=#{worker.nr} gen=#{worker.generation} is no longer fork safe, can't refork")
+                end
               when Message
                 worker.update(client)
               else
-                process_client(client, prepare_timeout(worker))
-                @after_request_complete&.call(self, worker)
+                request_env = process_client(client, prepare_timeout(worker))
+                @after_request_complete&.call(self, worker, request_env)
                 worker.increment_requests_count
               end
               worker.update_deadline(@timeout)
@@ -780,7 +840,7 @@ module Pitchfork
           # timeout so we can update .deadline and keep parent from SIGKILL-ing us
           worker.update_deadline(@timeout)
 
-          if @refork_condition && !worker.outdated?
+          if @refork_condition && Info.fork_safe? && !worker.outdated?
             if @refork_condition.met?(worker, logger)
               if spawn_mold(worker.generation)
                 logger.info("Refork condition met, promoting ourselves")
@@ -789,6 +849,7 @@ module Pitchfork
             end
           end
 
+          proc_name status: "waiting"
           waiter.get_readers(ready, readers, @timeout * 500) # to milliseconds, but halved
         rescue => e
           Pitchfork.log_error(@logger, "listen loop error", e) if readers[0]
@@ -880,6 +941,8 @@ module Pitchfork
     def build_app!
       return unless app.respond_to?(:arity)
 
+      proc_name status: "booting"
+
       self.app = case app.arity
       when 0
         app.call
@@ -890,9 +953,11 @@ module Pitchfork
       end
     end
 
-    def proc_name(tag)
-      $0 = ([ File.basename(START_CTX[0]), tag
-            ]).concat(START_CTX[:argv]).join(' ')
+    def proc_name(role: nil, status: nil)
+      @proctitle_role = role if role
+      @proctitle_status = status if status
+
+      Process.setproctitle("#{File.basename(START_CTX[0])} #{@proctitle_role} - #{@proctitle_status}")
     end
 
     def bind_listeners!

data/lib/pitchfork/info.rb

@@ -0,0 +1,78 @@
+# frozen_string_literal: true
+
+require 'pitchfork/shared_memory'
+
+module Pitchfork
+  module Info
+    @workers_count = 0
+    @fork_safe = true
+    @kept_ios = ObjectSpace::WeakMap.new
+
+    class << self
+      attr_accessor :workers_count
+
+      def keep_io(io)
+        raise ArgumentError, "#{io.inspect} doesn't respond to :to_io" unless io.respond_to?(:to_io)
+        @kept_ios[io] = io
+        io
+      end
+
+      def keep_ios(ios)
+        ios.each { |io| keep_io(io) }
+      end
+
+      def close_all_ios!
+        ignored_ios = [$stdin, $stdout, $stderr]
+
+        @kept_ios.each_value do |io_like|
+          ignored_ios << (io_like.is_a?(IO) ? io_like : io_like.to_io)
+        end
+
+        ObjectSpace.each_object(IO) do |io|
+          closed = begin
+            io.closed?
+          rescue IOError
+            true
+          end
+
+          if !closed && io.autoclose? && !ignored_ios.include?(io)
+            if io.is_a?(TCPSocket)
+              # If we inherited a TCP Socket, calling #close directly could send FIN or RST.
+              # So we first reopen /dev/null to avoid that.
+              io.reopen(File::NULL)
+            end
+            begin
+              io.close
+            rescue Errno::EBADF
+            end
+          end
+        end
+      end
+
+      def fork_safe?
+        @fork_safe
+      end
+
+      def no_longer_fork_safe!
+        @fork_safe = false
+      end
+
+      def live_workers_count
+        now = Pitchfork.time_now(true)
+        (0...workers_count).count do |nr|
+          SharedMemory.worker_deadline(nr).value > now
+        end
+      end
+
+      # Returns true if the server is shutting down.
+      # This can be useful to implement health check endpoints, so they
+      # can fail immediately after TERM/QUIT/INT was received by the master
+      # process.
+      # Otherwise they may succeed while Pitchfork is draining requests causing
+      # more requests to be sent.
+      def shutting_down?
+        SharedMemory.shutting_down?
+      end
+    end
+  end
+end

data/lib/pitchfork/shared_memory.rb

@@ -0,0 +1,71 @@
+# frozen_string_literal: true
+
+require 'raindrops'
+
+module Pitchfork
+  module SharedMemory
+    extend self
+
+    PER_DROP = Raindrops::PAGE_SIZE / Raindrops::SIZE
+    CURRENT_GENERATION_OFFSET = 0
+    SHUTDOWN_OFFSET = 1
+    MOLD_TICK_OFFSET = 2
+    WORKER_TICK_OFFSET = 3
+
+    DROPS = [Raindrops.new(PER_DROP)]
+
+    def current_generation
+      DROPS[0][CURRENT_GENERATION_OFFSET]
+    end
+
+    def current_generation=(value)
+      DROPS[0][CURRENT_GENERATION_OFFSET] = value
+    end
+
+    def shutting_down!
+      DROPS[0][SHUTDOWN_OFFSET] = 1
+    end
+
+    def shutting_down?
+      DROPS[0][SHUTDOWN_OFFSET] > 0
+    end
+
+    class Field
+      def initialize(offset)
+        @drop = DROPS.fetch(offset / PER_DROP)
+        @offset = offset % PER_DROP
+      end
+
+      def value
+        @drop[@offset]
+      end
+
+      def value=(value)
+        @drop[@offset] = value
+      end
+    end
+
+    def mold_deadline
+      self[MOLD_TICK_OFFSET]
+    end
+
+    def worker_deadline(worker_nr)
+      self[WORKER_TICK_OFFSET + worker_nr]
+    end
+
+    def [](offset)
+      Field.new(offset)
+    end
+
+    # Since workers are created from another process, we have to
+    # pre-allocate the drops so they are shared between everyone.
+    #
+    # However this doesn't account for TTIN signals that increase the
+    # number of workers, but we should probably remove that feature too.
+    def preallocate_drops(workers_count)
+      0.upto(((WORKER_TICK_OFFSET + workers_count) / PER_DROP.to_f).ceil) do |i|
+        DROPS[i] ||= Raindrops.new(PER_DROP)
+      end
+    end
+  end
+end

data/lib/pitchfork/version.rb

@@ -1,7 +1,7 @@
 # frozen_string_literal: true
 
 module Pitchfork
-  VERSION = "0.5.0"
+  VERSION = "0.7.0"
   module Const
     UNICORN_VERSION = '6.1.0'
   end

data/lib/pitchfork/worker.rb

@@ -1,5 +1,5 @@
 # -*- encoding: binary -*-
-require "raindrops"
+require 'pitchfork/shared_memory'
 
 module Pitchfork
   # This class and its members can be considered a stable interface
@@ -24,7 +24,8 @@ module Pitchfork
       @exiting = false
       @requests_count = 0
       if nr
-        build_raindrops(nr)
+        @deadline_drop = SharedMemory.worker_deadline(nr)
+        self.deadline = 0
       else
         promoted!
       end
@@ -47,7 +48,7 @@ module Pitchfork
     end
 
     def outdated?
-      CURRENT_GENERATION_DROP[0] > @generation
+      SharedMemory.current_generation > @generation
     end
 
     def update(message)
@@ -73,7 +74,7 @@ module Pitchfork
     def finish_promotion(control_socket)
       message = Message::MoldReady.new(@nr, @pid, generation)
       control_socket.sendmsg(message)
-      CURRENT_GENERATION_DROP[0] = @generation
+      SharedMemory.current_generation = @generation
     end
 
     def promote(generation)
@@ -92,8 +93,8 @@ module Pitchfork
     def promoted!
       @mold = true
       @nr = nil
-      @drop_offset = 0
-      @deadline_drop = MOLD_DROP
+      @deadline_drop = SharedMemory.mold_deadline
+      self.deadline = 0
       self
     end
 
@@ -173,20 +174,12 @@ module Pitchfork
 
     # called in the worker process
     def deadline=(value) # :nodoc:
-      if mold?
-        MOLD_DROP[0] = value
-      else
-        @deadline_drop[@drop_offset] = value
-      end
+      @deadline_drop.value = value
     end
 
     # called in the master process
     def deadline # :nodoc:
-      if mold?
-        MOLD_DROP[0]
-      else
-        @deadline_drop[@drop_offset]
-      end
+      @deadline_drop.value
     end
 
     def reset
@@ -199,12 +192,13 @@ module Pitchfork
 
     # called in both the master (reaping worker) and worker (SIGQUIT handler)
     def close # :nodoc:
+      self.deadline = 0
       @master.close if @master
       @to_io.close if @to_io
     end
 
     def create_socketpair!
-      @to_io, @master = Pitchfork.socketpair
+      @to_io, @master = Info.keep_ios(Pitchfork.socketpair)
     end
 
     def after_fork_in_child
@@ -214,46 +208,24 @@ module Pitchfork
     private
 
     def pipe=(socket)
+      raise ArgumentError, "pipe can't be nil" unless socket
+      Info.keep_io(socket)
       @master = MessageSocket.new(socket)
     end
 
     def send_message_nonblock(message)
       success = false
+      return false unless @master
       begin
         case @master.sendmsg_nonblock(message, exception: false)
         when :wait_writable
         else
           success = true
         end
-      rescue Errno::EPIPE, Errno::ECONNRESET, Errno::ECONNREFUSED
+      rescue Errno::EPIPE, Errno::ECONNRESET, Errno::ECONNREFUSED, Errno::ENOTCONN
         # worker will be reaped soon
       end
       success
     end
-
-    MOLD_DROP = Raindrops.new(1)
-    CURRENT_GENERATION_DROP = Raindrops.new(1)
-    PER_DROP = Raindrops::PAGE_SIZE / Raindrops::SIZE
-    TICK_DROPS = []
-
-    class << self
-      # Since workers are created from another process, we have to
-      # pre-allocate the drops so they are shared between everyone.
-      #
-      # However this doesn't account for TTIN signals that increase the
-      # number of workers, but we should probably remove that feature too.
-      def preallocate_drops(workers_count)
-        0.upto(workers_count / PER_DROP) do |i|
-          TICK_DROPS[i] = Raindrops.new(PER_DROP)
-        end
-      end
-    end
-
-    def build_raindrops(drop_nr)
-      drop_index = drop_nr / PER_DROP
-      @drop_offset = drop_nr % PER_DROP
-      @deadline_drop = TICK_DROPS[drop_index] ||= Raindrops.new(PER_DROP)
-      @deadline_drop[@drop_offset] = 0
-    end
   end
 end

data/lib/pitchfork.rb

@@ -26,9 +26,10 @@ module Pitchfork
   # application dispatch.  This is always raised with an empty backtrace
   # since there is nothing in the application stack that is responsible
   # for client shutdowns/disconnects.  This exception is visible to Rack
-  # applications unless PrereadInput middleware is loaded.  This
-  # is a subclass of the standard EOFError class and applications should
-  # not rescue it explicitly, but rescue EOFError instead.
+  # applications.  This is a subclass of the standard EOFError class and
+  # applications should not rescue it explicitly, but rescue EOFError instead.
+  # Such an error is likely an indication that the reverse proxy in front
+  # of Pitchfork isn't properly buffering requests.
   ClientShutdown = Class.new(EOFError)
 
   BootFailure = Class.new(StandardError)
@@ -120,8 +121,11 @@ module Pitchfork
     end
   end
 
-  def self.clean_fork(&block)
+  def self.clean_fork(setpgid: true, &block)
     if pid = Process.fork
+      if setpgid
+        Process.setpgid(pid, pid) # Make into a group leader
+      end
       return pid
     end
 

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: pitchfork
 version: !ruby/object:Gem::Version
-  version: 0.5.0
+  version: 0.7.0
 platform: ruby
 authors:
 - Jean Boussier
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2023-06-21 00:00:00.000000000 Z
+date: 2023-08-18 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: raindrops
@@ -101,12 +101,13 @@ files:
 - lib/pitchfork/http_parser.rb
 - lib/pitchfork/http_response.rb
 - lib/pitchfork/http_server.rb
+- lib/pitchfork/info.rb
 - lib/pitchfork/launcher.rb
 - lib/pitchfork/mem_info.rb
 - lib/pitchfork/message.rb
-- lib/pitchfork/preread_input.rb
 - lib/pitchfork/refork_condition.rb
 - lib/pitchfork/select_waiter.rb
+- lib/pitchfork/shared_memory.rb
 - lib/pitchfork/socket_helper.rb
 - lib/pitchfork/soft_timeout.rb
 - lib/pitchfork/stream_input.rb

data/lib/pitchfork/preread_input.rb

@@ -1,33 +0,0 @@
-# -*- encoding: binary -*-
-
-module Pitchfork
-  # This middleware is used to ensure input is buffered to memory
-  # or disk (depending on size) before the application is dispatched
-  # by entirely consuming it (from TeeInput) beforehand.
-  #
-  # Usage (in config.ru):
-  #
-  #     require 'pitchfork/preread_input'
-  #     if defined?(Pitchfork)
-  #       use Pitchfork::PrereadInput
-  #     end
-  #     run YourApp.new
-  class PrereadInput
-
-    # :stopdoc:
-    def initialize(app)
-      @app = app
-    end
-
-    def call(env)
-      buf = ""
-      input = env["rack.input"]
-      if input.respond_to?(:rewind)
-        true while input.read(16384, buf)
-        input.rewind
-      end
-      @app.call(env)
-    end
-    # :startdoc:
-  end
-end