Implemented graceful shutdown for websockets

[lorenzo]

Description

Implements graceful shutdown for websockets. When the sockets are not actively receiving data they will receive a closing message and the server will promptly shut down.

Affected components

• Server

Solution and Design

The general design I followed:

• Keep the knowledge of how to close connections inside the Websocket
  module
• Add a field to WsServer to hold a channel, the channel signals when
  the application is stopping
• Return a callback to Main that can be invoked to send a message to
  the channel

Steps to test and verify

• Start the server
• Use gql with any subscription
• Send a TERM signal to the process. It should stop immediately

[netlify]

Deploy preview for hasura-docs ready!

Built with commit c35b47e

https://deploy-preview-2827--hasura-docs.netlify.com

[hasura-bot]

Review app for commit dc2906b deployed to Heroku: https://hge-ci-pull-2827.herokuapp.com
Docker image for server: hasura/graphql-engine:pull2827-dc2906b7

[lexi-lambda]

Thanks, this generally looks great to me, though I left one small comment.

[lexi-lambda]

👍 for pulling this out.

[lorenzo]

@lexi-lambda added your suggestions, thanks for the review!

[hasura-bot]

Review app for commit b64cda2 deployed to Heroku: https://hge-ci-pull-2827.herokuapp.com
Docker image for server: hasura/graphql-engine:pull2827-b64cda21

[lorenzo]

@lexi-lambda I figured that my implementation was not entirely correct as new WS connections were not being rejected properly. By moving the logic one layer above I was able to achieve that goal.

[hasura-bot]

Review app for commit d15cf86 deployed to Heroku: https://hge-ci-pull-2827.herokuapp.com
Docker image for server: hasura/graphql-engine:pull2827-d15cf86e

[lexi-lambda]

Thanks for the changes. I’m not opposed to the new approach, but I’ll admit: I don’t understand it (and I’d like to make sure I do). I’d have thought that closing the socket would be sufficient to prevent new websocket connections, since, well… how could new connections be received at all if the server isn’t listening anymore? Can you explain to me why that wasn’t enough?

[hasura-bot]

Review app for commit cdcc5bf deployed to Heroku: https://hge-ci-pull-2827.herokuapp.com
Docker image for server: hasura/graphql-engine:pull2827-cdcc5bf6

[lorenzo]

@lexi-lambda That's a great question and I was also mystified at how new connections were apparently making their way in. My working theory right now is that those connections were already accepted before closing the socket but had not been yet handled by the Websockets server code. Those still in transit connections would apparently cause a race condition where they were accepted and then served as live queries after the call to closing all connections was already made.

I'm actually not sure how to validate my theory as true, but it seemed to solve an edge case when rapidly trying to create new WS connections as I send the TERM signal. Does this make any sense at all to you, sorry for not being more clear about this myself?

[lexi-lambda]

My working theory right now is that those connections were already accepted before closing the socket but had not been yet handled by the Websockets server code. Those still in transit connections would apparently cause a race condition where they were accepted and then served as live queries after the call to closing all connections was already made.

Aha, that makes sense to me, thanks for explaining. The guard does seem necessary, then, but I have a couple small requests:

1. Could you add support for shutting the server down to Hasura.GraphQL.Transport.WebSocket.Server instead of Hasura.GraphQL.Transport.WebSocket? The former module is somewhat poorly named, as it doesn’t really have anything to do with GraphQL, but I think this functionality belongs there, since it’s really agnostic to what the server is being used for.

   The approach I have in mind is to add a _wssIsShuttingDown :: !(TVar Bool) field to WSServer (and though this is subjective, I think a Bool is fine here; I think introducing a different sum type is premature), then add a shutdownWSServer export.

2. I think it would be nice to return an HTTP 503 Service Unavailable response here rather than HTTP 500 Internal Server Error, since it’s more descriptive.

   I would also include a Retry-After: 0 header in the response, since in a cluster of Hasura instances, we’d like the client to retry connecting immediately. (Unfortunately, AFAIK no browsers will actually automatically retry the request even if the header is present, so it probably isn’t actually that useful, but it feels like good HTTP hygiene.)

[lorenzo]

1. ; I think introducing a different sum type is premature)

That was actually my first attempt and I immediately confused myself by writing the function assertAcceptingConnection True = ... did True mean accepting connections or the opposite? (it was the opposite)

In the light that it took 5 seconds for me to get boolean blindness I resolved to make a cheap sum type

1. The approach I have in mind is to add a _wssIsShuttingDown :: !(TVar Bool) field to WSServer

You may remember that was the first version of this PR you reviewed. I got confused by the module naming thinking that it actually implemented a server-like structure, or that at least the code handling the very beginnings of a connection happened there.

I think that those 2 modules should swap names: Hasura.GraphQL.Transport.WebSocket is actually implementing the server (accepts connections, rejects, checks for the right route, and actaully create a server-like struct which in the case of WAI is a curried function expecting a connection)

I will attempt to put the logic back there in the best way it makes sense to me now. Let me know if this is what you had in mind.

[hasura-bot]

Review app for commit 66356fd deployed to Heroku: https://hge-ci-pull-2827.herokuapp.com
Docker image for server: hasura/graphql-engine:pull2827-66356fd4

[lorenzo]

@lexi-lambda can you please review again?

[hasura-bot]

Review app for commit e408213 deployed to Heroku: https://hge-ci-pull-2827.herokuapp.com
Docker image for server: hasura/graphql-engine:pull2827-e408213e

[lorenzo]

@lexi-lambda Alright, I tried your suggestion and really liked how much safer the code looks like now. I had to do a few changes in order to keep things atomic, but I'm feeling more confident now that this is the right design.

[hasura-bot]

Review app for commit 48a96ec deployed to Heroku: https://hge-ci-pull-2827.herokuapp.com
Docker image for server: hasura/graphql-engine:pull2827-48a96ecc

[hasura-bot]

Review app for commit d377c9a deployed to Heroku: https://hge-ci-pull-2827.herokuapp.com
Docker image for server: hasura/graphql-engine:pull2827-d377c9a5

[hasura-bot]

Review app for commit 0f7bd96 deployed to Heroku: https://hge-ci-pull-2827.herokuapp.com
Docker image for server: hasura/graphql-engine:pull2827-0f7bd96b

[hasura-bot]

Review app for commit 768baf6 deployed to Heroku: https://hge-ci-pull-2827.herokuapp.com
Docker image for server: hasura/graphql-engine:pull2827-768baf6a

[lorenzo]

@lexi-lambda can you please review again?

[hasura-bot]

Review app for commit c35b47e deployed to Heroku: https://hge-ci-pull-2827.herokuapp.com
Docker image for server: hasura/graphql-engine:pull2827-c35b47e5

[lexi-lambda]

This looks great to me; many thanks for your patience working out the subtleties!

[lorenzo]

Thanks @lexi-lambda I’m actually glad that you were so thorough, I’m happy with his more robust solution.

[hasura-bot]

Review app https://hge-ci-pull-2827.herokuapp.com is deleted