flwr 1.14.0__py3-none-any.whl → 1.15.0__py3-none-any.whl

flwr/server/app.py

@@ -18,7 +18,9 @@
 import argparse
 import csv
 import importlib.util
-import subprocess
+import multiprocessing
+import multiprocessing.context
+import os
 import sys
 import threading
 from collections.abc import Sequence
@@ -29,12 +31,8 @@ from typing import Any, Optional
 
 import grpc
 import yaml
-from cryptography.exceptions import UnsupportedAlgorithm
 from cryptography.hazmat.primitives.asymmetric import ec
-from cryptography.hazmat.primitives.serialization import (
-    load_ssh_private_key,
-    load_ssh_public_key,
-)
+from cryptography.hazmat.primitives.serialization import load_ssh_public_key
 
 from flwr.common import GRPC_MAX_MESSAGE_LENGTH, EventType, event
 from flwr.common.address import parse_address
@@ -42,7 +40,7 @@ from flwr.common.args import try_obtain_server_certificates
 from flwr.common.auth_plugin import ExecAuthPlugin
 from flwr.common.config import get_flwr_dir, parse_config_args
 from flwr.common.constant import (
-    AUTH_TYPE,
+    AUTH_TYPE_KEY,
     CLIENT_OCTET,
     EXEC_API_DEFAULT_SERVER_ADDRESS,
     FLEET_API_GRPC_BIDI_DEFAULT_ADDRESS,
@@ -50,7 +48,6 @@ from flwr.common.constant import (
     FLEET_API_REST_DEFAULT_ADDRESS,
     ISOLATION_MODE_PROCESS,
     ISOLATION_MODE_SUBPROCESS,
-    MISSING_EXTRA_REST,
     SERVER_OCTET,
     SERVERAPPIO_API_DEFAULT_SERVER_ADDRESS,
     SIMULATIONIO_API_DEFAULT_SERVER_ADDRESS,
@@ -58,16 +55,19 @@ from flwr.common.constant import (
     TRANSPORT_TYPE_GRPC_RERE,
     TRANSPORT_TYPE_REST,
 )
+from flwr.common.exit import ExitCode, flwr_exit
 from flwr.common.exit_handlers import register_exit_handlers
+from flwr.common.grpc import generic_create_grpc_server
 from flwr.common.logger import log, warn_deprecated_feature
 from flwr.common.secure_aggregation.crypto.symmetric_encryption import (
-    private_key_to_bytes,
     public_key_to_bytes,
 )
 from flwr.proto.fleet_pb2_grpc import (  # pylint: disable=E0611
     add_FleetServicer_to_server,
 )
 from flwr.proto.grpcadapter_pb2_grpc import add_GrpcAdapterServicer_to_server
+from flwr.server.serverapp.app import flwr_serverapp
+from flwr.simulation.app import flwr_simulation
 from flwr.superexec.app import load_executor
 from flwr.superexec.exec_grpc import run_exec_api_grpc
 
@@ -79,10 +79,7 @@ from .strategy import Strategy
 from .superlink.driver.serverappio_grpc import run_serverappio_api_grpc
 from .superlink.ffs.ffs_factory import FfsFactory
 from .superlink.fleet.grpc_adapter.grpc_adapter_servicer import GrpcAdapterServicer
-from .superlink.fleet.grpc_bidi.grpc_server import (
-    generic_create_grpc_server,
-    start_grpc_server,
-)
+from .superlink.fleet.grpc_bidi.grpc_server import start_grpc_server
 from .superlink.fleet.grpc_rere.fleet_servicer import FleetServicer
 from .superlink.fleet.grpc_rere.server_interceptor import AuthenticateServerInterceptor
 from .superlink.linkstate import LinkStateFactory
@@ -226,6 +223,13 @@ def start_server(  # pylint: disable=too-many-arguments,too-many-locals
         "enabled" if certificates is not None else "disabled",
     )
 
+    # Graceful shutdown
+    register_exit_handlers(
+        event_type=EventType.START_SERVER_LEAVE,
+        exit_message="Flower server terminated gracefully.",
+        grpc_servers=[grpc_server],
+    )
+
     # Start training
     hist = run_fl(
         server=initialized_server,
@@ -261,13 +265,16 @@ def run_superlink() -> None:
     simulationio_address, _, _ = _format_address(args.simulationio_api_address)
 
     # Obtain certificates
-    certificates = try_obtain_server_certificates(args, args.fleet_api_type)
+    certificates = try_obtain_server_certificates(args)
+
+    # Disable the user auth TLS check if args.disable_oidc_tls_cert_verification is
+    # provided
+    verify_tls_cert = not getattr(args, "disable_oidc_tls_cert_verification", None)
 
-    user_auth_config = _try_obtain_user_auth_config(args)
     auth_plugin: Optional[ExecAuthPlugin] = None
-    # user_auth_config is None only if the args.user_auth_config is not provided
-    if user_auth_config is not None:
-        auth_plugin = _try_obtain_exec_auth_plugin(user_auth_config)
+    # Load the auth plugin if the args.user_auth_config is provided
+    if cfg_path := getattr(args, "user_auth_config", None):
+        auth_plugin = _try_obtain_exec_auth_plugin(Path(cfg_path), verify_tls_cert)
 
     # Initialize StateFactory
     state_factory = LinkStateFactory(args.database)
@@ -293,7 +300,7 @@ def run_superlink() -> None:
     # Determine Exec plugin
     # If simulation is used, don't start ServerAppIo and Fleet APIs
     sim_exec = executor.__class__.__qualname__ == "SimulationEngine"
-    bckg_threads = []
+    bckg_threads: list[threading.Thread] = []
 
     if sim_exec:
         simulationio_server: grpc.Server = run_simulationio_api_grpc(
@@ -344,48 +351,40 @@ def run_superlink() -> None:
                 and importlib.util.find_spec("starlette")
                 and importlib.util.find_spec("uvicorn")
             ) is None:
-                sys.exit(MISSING_EXTRA_REST)
-
-            _, ssl_certfile, ssl_keyfile = (
-                certificates if certificates is not None else (None, None, None)
-            )
+                flwr_exit(ExitCode.COMMON_MISSING_EXTRA_REST)
 
             fleet_thread = threading.Thread(
                 target=_run_fleet_api_rest,
                 args=(
                     host,
                     port,
-                    ssl_keyfile,
-                    ssl_certfile,
+                    args.ssl_keyfile,
+                    args.ssl_certfile,
                     state_factory,
                     ffs_factory,
                     num_workers,
                 ),
+                daemon=True,
             )
             fleet_thread.start()
             bckg_threads.append(fleet_thread)
         elif args.fleet_api_type == TRANSPORT_TYPE_GRPC_RERE:
-            maybe_keys = _try_setup_node_authentication(args, certificates)
-            interceptors: Optional[Sequence[grpc.ServerInterceptor]] = None
-            if maybe_keys is not None:
-                (
-                    node_public_keys,
-                    server_private_key,
-                    server_public_key,
-                ) = maybe_keys
+            node_public_keys = _try_load_public_keys_node_authentication(args)
+            auto_auth = True
+            if node_public_keys is not None:
+                auto_auth = False
                 state = state_factory.state()
-                state.clear_supernode_auth_keys_and_credentials()
+                state.clear_supernode_auth_keys()
                 state.store_node_public_keys(node_public_keys)
-                state.store_server_private_public_key(
-                    private_key_to_bytes(server_private_key),
-                    public_key_to_bytes(server_public_key),
-                )
                 log(
                     INFO,
                     "Node authentication enabled with %d known public keys",
                     len(node_public_keys),
                 )
-                interceptors = [AuthenticateServerInterceptor(state_factory)]
+            else:
+                log(DEBUG, "Automatic node authentication enabled")
+
+            interceptors = [AuthenticateServerInterceptor(state_factory, auto_auth)]
 
             fleet_server = _run_fleet_api_grpc_rere(
                 address=fleet_address,
@@ -427,6 +426,7 @@ def run_superlink() -> None:
                 address,
                 cmd,
             ),
+            daemon=True,
         )
         scheduler_th.start()
         bckg_threads.append(scheduler_th)
@@ -434,17 +434,37 @@ def run_superlink() -> None:
     # Graceful shutdown
     register_exit_handlers(
         event_type=EventType.RUN_SUPERLINK_LEAVE,
+        exit_message="SuperLink terminated gracefully.",
         grpc_servers=grpc_servers,
-        bckg_threads=bckg_threads,
     )
 
-    # Block
-    while True:
-        if bckg_threads:
-            for thread in bckg_threads:
-                if not thread.is_alive():
-                    sys.exit(1)
-        exec_server.wait_for_termination(timeout=1)
+    # Block until a thread exits prematurely
+    while all(thread.is_alive() for thread in bckg_threads):
+        sleep(0.1)
+
+    # Exit if any thread has exited prematurely
+    # This code will not be reached if the SuperLink stops gracefully
+    flwr_exit(ExitCode.SUPERLINK_THREAD_CRASH)
+
+
+def _run_flwr_command(args: list[str], main_pid: int) -> None:
+    # Monitor the main process in case of SIGKILL
+    def main_process_monitor() -> None:
+        while True:
+            sleep(1)
+            if os.getppid() != main_pid:
+                os.kill(os.getpid(), 9)
+
+    threading.Thread(target=main_process_monitor, daemon=True).start()
+
+    # Run the command
+    sys.argv = args
+    if args[0] == "flwr-serverapp":
+        flwr_serverapp()
+    elif args[0] == "flwr-simulation":
+        flwr_simulation()
+    else:
+        raise ValueError(f"Unknown command: {args[0]}")
 
 
 def _flwr_scheduler(
@@ -454,15 +474,18 @@ def _flwr_scheduler(
     cmd: str,
 ) -> None:
     log(DEBUG, "Started %s scheduler thread.", cmd)
-
     state = state_factory.state()
+    run_id_to_proc: dict[int, multiprocessing.context.SpawnProcess] = {}
+
+    # Use the "spawn" start method for multiprocessing.
+    mp_spawn_context = multiprocessing.get_context("spawn")
 
     # Periodically check for a pending run in the LinkState
     while True:
-        sleep(3)
+        sleep(0.1)
         pending_run_id = state.get_pending_run_id()
 
-        if pending_run_id:
+        if pending_run_id and pending_run_id not in run_id_to_proc:
 
             log(
                 INFO,
@@ -479,50 +502,45 @@ def _flwr_scheduler(
                 "--insecure",
             ]
 
-            subprocess.Popen(  # pylint: disable=consider-using-with
-                command,
-                text=True,
+            proc = mp_spawn_context.Process(
+                target=_run_flwr_command, args=(command, os.getpid()), daemon=True
             )
+            proc.start()
+
+            # Store the process
+            run_id_to_proc[pending_run_id] = proc
+
+        # Clean up finished processes
+        for run_id, proc in list(run_id_to_proc.items()):
+            if not proc.is_alive():
+                del run_id_to_proc[run_id]
 
 
 def _format_address(address: str) -> tuple[str, str, int]:
     parsed_address = parse_address(address)
     if not parsed_address:
-        sys.exit(
-            f"Address ({address}) cannot be parsed (expected: URL or IPv4 or IPv6)."
+        flwr_exit(
+            ExitCode.COMMON_ADDRESS_INVALID,
+            f"Address ({address}) cannot be parsed.",
         )
     host, port, is_v6 = parsed_address
     return (f"[{host}]:{port}" if is_v6 else f"{host}:{port}", host, port)
 
 
-def _try_setup_node_authentication(
+def _try_load_public_keys_node_authentication(
     args: argparse.Namespace,
-    certificates: Optional[tuple[bytes, bytes, bytes]],
-) -> Optional[tuple[set[bytes], ec.EllipticCurvePrivateKey, ec.EllipticCurvePublicKey]]:
-    if (
-        not args.auth_list_public_keys
-        and not args.auth_superlink_private_key
-        and not args.auth_superlink_public_key
-    ):
-        return None
-
-    if (
-        not args.auth_list_public_keys
-        or not args.auth_superlink_private_key
-        or not args.auth_superlink_public_key
-    ):
-        sys.exit(
-            "Authentication requires providing file paths for "
-            "'--auth-list-public-keys', '--auth-superlink-private-key' and "
-            "'--auth-superlink-public-key'. Provide all three to enable authentication."
+) -> Optional[set[bytes]]:
+    """Return a set of node public keys."""
+    if args.auth_superlink_private_key or args.auth_superlink_public_key:
+        log(
+            WARN,
+            "The `--auth-superlink-private-key` and `--auth-superlink-public-key` "
+            "arguments are deprecated and will be removed in a future release. Node "
+            "authentication no longer requires these arguments.",
         )
 
-    if certificates is None:
-        sys.exit(
-            "Authentication requires secure connections. "
-            "Please provide certificate paths to `--ssl-certfile`, "
-            "`--ssl-keyfile`, and `—-ssl-ca-certfile` and try again."
-        )
+    if not args.auth_list_public_keys:
+        return None
 
     node_keys_file_path = Path(args.auth_list_public_keys)
     if not node_keys_file_path.exists():
@@ -535,35 +553,6 @@ def _try_setup_node_authentication(
 
     node_public_keys: set[bytes] = set()
 
-    try:
-        ssh_private_key = load_ssh_private_key(
-            Path(args.auth_superlink_private_key).read_bytes(),
-            None,
-        )
-        if not isinstance(ssh_private_key, ec.EllipticCurvePrivateKey):
-            raise ValueError()
-    except (ValueError, UnsupportedAlgorithm):
-        sys.exit(
-            "Error: Unable to parse the private key file in "
-            "'--auth-superlink-private-key'. Authentication requires elliptic "
-            "curve private and public key pair. Please ensure that the file "
-            "path points to a valid private key file and try again."
-        )
-
-    try:
-        ssh_public_key = load_ssh_public_key(
-            Path(args.auth_superlink_public_key).read_bytes()
-        )
-        if not isinstance(ssh_public_key, ec.EllipticCurvePublicKey):
-            raise ValueError()
-    except (ValueError, UnsupportedAlgorithm):
-        sys.exit(
-            "Error: Unable to parse the public key file in "
-            "'--auth-superlink-public-key'. Authentication requires elliptic "
-            "curve private and public key pair. Please ensure that the file "
-            "path points to a valid public key file and try again."
-        )
-
     with open(node_keys_file_path, newline="", encoding="utf-8") as csvfile:
         reader = csv.reader(csvfile)
         for row in reader:
@@ -577,28 +566,27 @@ def _try_setup_node_authentication(
                         "file. Please ensure that the CSV file path points to a valid "
                         "known SSH public keys files and try again."
                     )
-        return (
-            node_public_keys,
-            ssh_private_key,
-            ssh_public_key,
-        )
-
+    return node_public_keys
 
-def _try_obtain_user_auth_config(args: argparse.Namespace) -> Optional[dict[str, Any]]:
-    if getattr(args, "user_auth_config", None) is not None:
-        with open(args.user_auth_config, encoding="utf-8") as file:
-            config: dict[str, Any] = yaml.safe_load(file)
-            return config
-    return None
 
+def _try_obtain_exec_auth_plugin(
+    config_path: Path, verify_tls_cert: bool
+) -> Optional[ExecAuthPlugin]:
+    # Load YAML file
+    with config_path.open("r", encoding="utf-8") as file:
+        config: dict[str, Any] = yaml.safe_load(file)
 
-def _try_obtain_exec_auth_plugin(config: dict[str, Any]) -> Optional[ExecAuthPlugin]:
+    # Load authentication configuration
     auth_config: dict[str, Any] = config.get("authentication", {})
-    auth_type: str = auth_config.get(AUTH_TYPE, "")
+    auth_type: str = auth_config.get(AUTH_TYPE_KEY, "")
+
+    # Load authentication plugin
     try:
         all_plugins: dict[str, type[ExecAuthPlugin]] = get_exec_auth_plugins()
         auth_plugin_class = all_plugins[auth_type]
-        return auth_plugin_class(config=auth_config)
+        return auth_plugin_class(
+            user_auth_config_path=config_path, verify_tls_cert=verify_tls_cert
+        )
     except KeyError:
         if auth_type != "":
             sys.exit(
@@ -681,7 +669,7 @@ def _run_fleet_api_rest(
 
         from flwr.server.superlink.fleet.rest_rere.rest_api import app as fast_api_app
     except ModuleNotFoundError:
-        sys.exit(MISSING_EXTRA_REST)
+        flwr_exit(ExitCode.COMMON_MISSING_EXTRA_REST)
 
     log(INFO, "Starting Flower REST server")
 
@@ -791,12 +779,12 @@ def _add_args_common(parser: argparse.ArgumentParser) -> None:
     parser.add_argument(
         "--auth-superlink-private-key",
         type=str,
-        help="The SuperLink's private key (as a path str) to enable authentication.",
+        help="This argument is deprecated and will be removed in a future release.",
     )
     parser.add_argument(
         "--auth-superlink-public-key",
         type=str,
-        help="The SuperLink's public key (as a path str) to enable authentication.",
+        help="This argument is deprecated and will be removed in a future release.",
     )
 
 

flwr/server/compat/app_utils.py

@@ -95,7 +95,6 @@ def _update_client_manager(
             client_proxy = DriverClientProxy(
                 node_id=node_id,
                 driver=driver,
-                anonymous=False,
                 run_id=driver.run.run_id,
             )
             if client_manager.register(client_proxy):

flwr/server/compat/driver_client_proxy.py

@@ -28,12 +28,11 @@ from ..driver.driver import Driver
 class DriverClientProxy(ClientProxy):
     """Flower client proxy which delegates work using the Driver API."""
 
-    def __init__(self, node_id: int, driver: Driver, anonymous: bool, run_id: int):
+    def __init__(self, node_id: int, driver: Driver, run_id: int):
         super().__init__(str(node_id))
         self.node_id = node_id
         self.driver = driver
         self.run_id = run_id
-        self.anonymous = anonymous
 
     def get_properties(
         self,

flwr/server/driver/grpc_driver.py

@@ -24,29 +24,32 @@ from typing import Optional, cast
 import grpc
 
 from flwr.common import DEFAULT_TTL, Message, Metadata, RecordSet
-from flwr.common.constant import SERVERAPPIO_API_DEFAULT_CLIENT_ADDRESS
-from flwr.common.grpc import create_channel
+from flwr.common.constant import (
+    SERVERAPPIO_API_DEFAULT_CLIENT_ADDRESS,
+    SUPERLINK_NODE_ID,
+)
+from flwr.common.grpc import create_channel, on_channel_state_change
 from flwr.common.logger import log
 from flwr.common.retry_invoker import _make_simple_grpc_retry_invoker, _wrap_stub
-from flwr.common.serde import message_from_taskres, message_to_taskins, run_from_proto
+from flwr.common.serde import message_from_proto, message_to_proto, run_from_proto
 from flwr.common.typing import Run
+from flwr.proto.message_pb2 import Message as ProtoMessage  # pylint: disable=E0611
 from flwr.proto.node_pb2 import Node  # pylint: disable=E0611
 from flwr.proto.run_pb2 import GetRunRequest, GetRunResponse  # pylint: disable=E0611
 from flwr.proto.serverappio_pb2 import (  # pylint: disable=E0611
     GetNodesRequest,
     GetNodesResponse,
-    PullTaskResRequest,
-    PullTaskResResponse,
-    PushTaskInsRequest,
-    PushTaskInsResponse,
+    PullResMessagesRequest,
+    PullResMessagesResponse,
+    PushInsMessagesRequest,
+    PushInsMessagesResponse,
 )
 from flwr.proto.serverappio_pb2_grpc import ServerAppIoStub  # pylint: disable=E0611
-from flwr.proto.task_pb2 import TaskIns  # pylint: disable=E0611
 
 from .driver import Driver
 
 ERROR_MESSAGE_DRIVER_NOT_CONNECTED = """
-[Driver] Error: Not connected.
+[flwr-serverapp] Error: Not connected.
 
 Call `connect()` on the `GrpcDriverStub` instance before calling any of the other
 `GrpcDriverStub` methods.
@@ -76,7 +79,7 @@ class GrpcDriver(Driver):
         self._run: Optional[Run] = None
         self._grpc_stub: Optional[ServerAppIoStub] = None
         self._channel: Optional[grpc.Channel] = None
-        self.node = Node(node_id=0, anonymous=True)
+        self.node = Node(node_id=SUPERLINK_NODE_ID)
         self._retry_invoker = _make_simple_grpc_retry_invoker()
 
     @property
@@ -97,9 +100,10 @@ class GrpcDriver(Driver):
             insecure=(self._cert is None),
             root_certificates=self._cert,
         )
+        self._channel.subscribe(on_channel_state_change)
         self._grpc_stub = ServerAppIoStub(self._channel)
         _wrap_stub(self._grpc_stub, self._retry_invoker)
-        log(DEBUG, "[Driver] Connected to %s", self._addr)
+        log(DEBUG, "[flwr-serverapp] Connected to %s", self._addr)
 
     def _disconnect(self) -> None:
         """Disconnect from the ServerAppIo API."""
@@ -110,7 +114,7 @@ class GrpcDriver(Driver):
         self._channel = None
         self._grpc_stub = None
         channel.close()
-        log(DEBUG, "[Driver] Disconnected")
+        log(DEBUG, "[flwr-serverapp] Disconnected")
 
     def set_run(self, run_id: int) -> None:
         """Set the run."""
@@ -193,22 +197,22 @@ class GrpcDriver(Driver):
         This method takes an iterable of messages and sends each message
         to the node specified in `dst_node_id`.
         """
-        # Construct TaskIns
-        task_ins_list: list[TaskIns] = []
+        # Construct Messages
+        message_proto_list: list[ProtoMessage] = []
         for msg in messages:
             # Check message
             self._check_message(msg)
-            # Convert Message to TaskIns
-            taskins = message_to_taskins(msg)
+            # Convert to proto
+            msg_proto = message_to_proto(msg)
             # Add to list
-            task_ins_list.append(taskins)
+            message_proto_list.append(msg_proto)
         # Call GrpcDriverStub method
-        res: PushTaskInsResponse = self._stub.PushTaskIns(
-            PushTaskInsRequest(
-                task_ins_list=task_ins_list, run_id=cast(Run, self._run).run_id
+        res: PushInsMessagesResponse = self._stub.PushMessages(
+            PushInsMessagesRequest(
+                messages_list=message_proto_list, run_id=cast(Run, self._run).run_id
             )
         )
-        return list(res.task_ids)
+        return list(res.message_ids)
 
     def pull_messages(self, message_ids: Iterable[str]) -> Iterable[Message]:
         """Pull messages based on message IDs.
@@ -216,14 +220,15 @@ class GrpcDriver(Driver):
         This method is used to collect messages from the SuperLink that correspond to a
         set of given message IDs.
         """
-        # Pull TaskRes
-        res: PullTaskResResponse = self._stub.PullTaskRes(
-            PullTaskResRequest(
-                node=self.node, task_ids=message_ids, run_id=cast(Run, self._run).run_id
+        # Pull Messages
+        res: PullResMessagesResponse = self._stub.PullMessages(
+            PullResMessagesRequest(
+                message_ids=message_ids,
+                run_id=cast(Run, self._run).run_id,
             )
         )
-        # Convert TaskRes to Message
-        msgs = [message_from_taskres(taskres) for taskres in res.task_res_list]
+        # Convert Message from Protobuf representation
+        msgs = [message_from_proto(msg_proto) for msg_proto in res.messages_list]
         return msgs
 
     def send_and_receive(

flwr/server/driver/inmemory_driver.py

@@ -22,6 +22,7 @@ from typing import Optional, cast
 from uuid import UUID
 
 from flwr.common import DEFAULT_TTL, Message, Metadata, RecordSet
+from flwr.common.constant import SUPERLINK_NODE_ID
 from flwr.common.serde import message_from_taskres, message_to_taskins
 from flwr.common.typing import Run
 from flwr.proto.node_pb2 import Node  # pylint: disable=E0611
@@ -49,7 +50,7 @@ class InMemoryDriver(Driver):
         self._run: Optional[Run] = None
         self.state = state_factory.state()
         self.pull_interval = pull_interval
-        self.node = Node(node_id=0, anonymous=True)
+        self.node = Node(node_id=SUPERLINK_NODE_ID)
 
     def _check_message(self, message: Message) -> None:
         # Check if the message is valid

flwr/server/serverapp/app.py

@@ -16,7 +16,6 @@
 
 
 import argparse
-import sys
 from logging import DEBUG, ERROR, INFO
 from pathlib import Path
 from queue import Queue
@@ -38,6 +37,7 @@ from flwr.common.constant import (
     Status,
     SubStatus,
 )
+from flwr.common.exit import ExitCode, flwr_exit
 from flwr.common.logger import (
     log,
     mirror_output_to_queue,
@@ -72,19 +72,18 @@ def flwr_serverapp() -> None:
 
     args = _parse_args_run_flwr_serverapp().parse_args()
 
-    log(INFO, "Starting Flower ServerApp")
+    log(INFO, "Start `flwr-serverapp` process")
 
     if not args.insecure:
-        log(
-            ERROR,
-            "`flwr-serverapp` does not support TLS yet. "
-            "Please use the '--insecure' flag.",
+        flwr_exit(
+            ExitCode.COMMON_TLS_NOT_SUPPORTED,
+            "`flwr-serverapp` does not support TLS yet.",
         )
-        sys.exit(1)
 
     log(
         DEBUG,
-        "Starting isolated `ServerApp` connected to SuperLink's ServerAppIo API at %s",
+        "`flwr-serverapp` will attempt to connect to SuperLink's "
+        "ServerAppIo API at %s",
         args.serverappio_api_address,
     )
     run_serverapp(
@@ -117,11 +116,13 @@ def run_serverapp(  # pylint: disable=R0914, disable=W0212, disable=R0915
     log_uploader = None
     success = True
     hash_run_id = None
+    run_status = None
     while True:
 
         try:
             # Pull ServerAppInputs from LinkState
             req = PullServerAppInputsRequest()
+            log(DEBUG, "[flwr-serverapp] Pull ServerAppInputs")
             res: PullServerAppInputsResponse = driver._stub.PullServerAppInputs(req)
             if not res.HasField("run"):
                 sleep(3)
@@ -144,7 +145,7 @@ def run_serverapp(  # pylint: disable=R0914, disable=W0212, disable=R0915
                 stub=driver._stub,
             )
 
-            log(DEBUG, "ServerApp process starts FAB installation.")
+            log(DEBUG, "[flwr-serverapp] Start FAB installation.")
             install_from_fab(fab.content, flwr_dir=flwr_dir_, skip_prompt=True)
 
             fab_id, fab_version = get_fab_metadata(fab.content)
@@ -165,7 +166,7 @@ def run_serverapp(  # pylint: disable=R0914, disable=W0212, disable=R0915
 
             log(
                 DEBUG,
-                "Flower will load ServerApp `%s` in %s",
+                "[flwr-serverapp] Will load ServerApp `%s` in %s",
                 server_app_attr,
                 app_path,
             )
@@ -191,6 +192,7 @@ def run_serverapp(  # pylint: disable=R0914, disable=W0212, disable=R0915
 
             # Send resulting context
             context_proto = context_to_proto(updated_context)
+            log(DEBUG, "[flwr-serverapp] Will push ServerAppOutputs")
             out_req = PushServerAppOutputsRequest(
                 run_id=run.run_id, context=context_proto
             )