multi: introduce status server and sub-server manager

[ellemouton]

This PR does a few things:

1. Adds a new subServerMgr that handles the connections to Loop, Pool & Faraday. This will also make it easy for us to add another sub server in future. This is also nice because it makes it easier in the next steps to treat these sub-servers ,& any errors we may get from them, differently to how we would treat errors from LND or LiTd.
2. Adds a new Status server that is "always-on". This will allow the UI to query info about the status of any of LiTs sub-servers (including LND, Loop, Pool, Faraday and LiT itself).
3. Does a big refactor so that Litd does not ever shutdown unless requested to via a shutdown signal. This ensures that the Status server can always be reached.

$ litcli status 

{
        "sub_servers": {
                "faraday": {
                        "running": true,
                        "error": ""
                },
                "lit": {
                        "running": true,
                        "error": ""
                },
                "lnd": {
                        "running": true,
                        "error": ""
                },
                "loop": {
                        "running": true,
                        "error": ""
                },
                "pool": {
                        "running": false,
                        "error": "could not start pool: <something something>"
                }
        }
}

TODO:

• documentation explaining the difference (and reasoning) between the lnd 10009 (gRPC only) and the litd 8443
• More itests to cover the startup process

Fixes #421
Fixes #420
Fixes #290

[ellemouton]

@guggero - as discussed offline, I have requested your review here but am mainly looking for approach comments to begin with. And also, no rush on this as I will be afk for the next 2 weeks

[guggero]

Very nice work 💯 This is an important step towards making it possible to unlock lnd from the UI and also to make everything more user friendly.
Will need to do a second pass with a focus on security but looks pretty good for its WIP status!

[guggero]

Do we need to explicitly mention this only applies to the HTTP(S)Listen port (default 8443)? Just to distinguish it more from the 10009 lnd RPC port.

[guggero]

We should also update doc/config-lnd-integrated.md and perhaps explain the difference (and reasoning) between the lnd 10009 (gRPC only) and the litd 8443 (grpc-web, REST, gRPC proxy, UI) a bit more explicitly?
Also this change should be made very explicit in the release notes (not sure where to put the reminder for us).

[Roasbeef]

Yeah good call here, as it would also be a breaking change (CLI/config wise).

[guggero]

I'm not sure if returning false here is a good idea, as the request will just be passed to the next handler. Instead I think we should check whether it's a request we would handle (the same conditions as we check below) and return an error page (perhaps 503 service unavailable) if we did and only false if we didn't?

[ellemouton]

good point!

[guggero]

Could turn this into a function by taking the cfg as a parameter and returning the conn. Then we could place this function and the dialBackend() and dialBufConnBackend() into a different file to reduce the size of this one a bit. Maybe lnd_connection.go or something like that?

[ellemouton]

sounds gooood

[guggero]

👍

[guggero]

Since we start the main web server this early, we have to guard the g.restHandler from being called if it's nil (. Otherwise a REST request coming in too early would panic. Or we move the call to createRESTProxy() to before this call even.

[guggero]

Hmm, no, creating the REST proxy before the main web server is started will probably not work since the REST proxy will attempt to connect to the main web server on creation.

[guggero]

That makes me wonder if we could extract the main web server into its own struct that owns the REST proxy and RPC proxy (and probably also the status server)? Then the start/stop would be a bit more abstracted as well. But not sure how large of a diff that is.

[ellemouton]

good catch!
Ok so looks like, for now, moving the createRESTProxy() call to before the startMainWebServer call does actually do the trick. Makes sense cause it has always been called in that order.

[guggero]

Do we really need to spin up our own grpc-web and gRPC server? Can't we instead have this as a sub component of the rpcProxy that already does all of this for us?

[ellemouton]

yeah good point

[ellemouton]

Just realised why I did it this way initially - the reason is that if we fail to start LND, then we never get to the registration and serving of the status server. So I think we need to re-add this actually

[guggero]

Again, it feels like this should just be hooked up in the right order to allow the existing rpcProxy to do this.

[guggero]

We'll need to make sure we don't create any authentication by-passes by accident, for example when starting up the individual daemons. Maybe adding a few extra itests around the whole startup process would be a good idea.

[ellemouton]

thanks for the initial review @guggero!

I have addressed most of your comments.

I just still need to add the extra documentation& also add more itests around the startup process. Will re-request once I have done that.

[ellemouton]

good point!

[ellemouton]

sounds gooood

[ellemouton]

even for logs? thought it only mattered for error variables

[ellemouton]

good catch!
Ok so looks like, for now, moving the createRESTProxy() call to before the startMainWebServer call does actually do the trick. Makes sense cause it has always been called in that order.

[ellemouton]

yeah good point

[lightninglabs-deploy]

@ellemouton, remember to re-request review from reviewers when ready

[ellemouton]

!lightninglabs-deploy mute

[ellemouton]

muting for the time being. Will pick up again one I have more room on my plate.

Although would be cool to get back to this soon as I think it could make the addition of taro easier

[Roasbeef]

Yeah good call here, as it would also be a breaking change (CLI/config wise).

[Roasbeef]

Could use an atomic bool alternatively.

[Roasbeef]

Still getting thru the diff, but could also use an event type to allow callers to get notifications for when things are fully up vs polling.

[ellemouton]

The hasStarted thing is more for the sake of external callers who are making calls to Litd before it has fully started up.

[Roasbeef]

Why this vs a gRPC status/error like we do on the lnd side?

[Roasbeef]

Comment above may moreso apply here. Another route would be an http middleware chain (gRPC package) that checked this field and returned a response if things weren't fully active yet.

[ellemouton]

good idea! will give it a spin

[Roasbeef]

Arg passed but not used anywhere (in this commit at least).

[ellemouton]

this diff removes an arg

[Roasbeef]

Doesn't need a mutex to protect access?

[ellemouton]

done

[Roasbeef]

Should be tracked by a wait group.

[Roasbeef]

Any reason lnd isn't also managed as a sub-server? I guess since it's sort of the "root" sub-server that all the rest depend on?

[ellemouton]

I guess since it's sort of the "root" sub-server that all the rest depend on?

Yes exactly. It is handled as a special case (see next commit) since Litd cant really continue operation if the start or connection to LND fails

[Roasbeef]

Re that comment re converting many of the closures to be an interface, given this is just a pass thru call (same args and return value), a wrapper struct that embeds all the main daemon configs would take care of this nicely.

[ellemouton]

changed to interfaces - turned out nicely I think

[positiveblue]

Thank you for these changes @ellemouton , they'll make my life easier for integrating the taro daemon 💯

[positiveblue]

Should this function return false if p.hasStarted() is false?

[ellemouton]

See previous discussion on this: #442 (comment)

We dont want to return false here cause then Litd will pass it on to other services. We instead want to exit early

[positiveblue]

I wonder if we can simplify this logic if it looked like:

// old checkSubSystemStarted now called
func (p *rpcProxy) hasRegisteredMatchingMethod(uri string) error {
        // HandledBy checks for status server, lnd, lit and all the subservers
        system, err := p.subServerMgr.HandledBy(uri)
        if err != nil {
                fmt.Errorf("no matching method ...", err)
        }

        // getSubServerState returns alwasy true for status + state for the other subsystems
        started, startErr := p.statusServer.getSubServerState(system)
	if !started {
		return fmt.Errorf("%s is not running: %s", system, startErr)
	}

	return nil
}

[ellemouton]

but we do want to check lit's other parts (LND and Lit) if the sub-server manager does not handle the request URI. So not sure I follow?

[positiveblue]

Do we plan onStartError, onStartSuccess to do more things in the future beyond setting the status for this subserver? If not we can directly set the status using subServerCfg.name

[ellemouton]

great point - removed

[positiveblue]

here remote == (remoteCfg != nil)?

[ellemouton]

no - remoteCfg is always set by default.

[positiveblue]

The func name can be more accurate if we use something like ConnectRemoteSubServers given that we are not starting anything.

[ellemouton]

good point! done!

[ellemouton]

I need to switch away from this for a bit now so just making a note of some issues that the current version still has:

• THe itests seem to not exit
• we currently construct the autopilot server and session server before getting to the registration of rpc servers. This means that if the setup of those fail, then we cant access the status server to see this. And the reason we ordered it this way is so that LND can register non-nil servers. so a bit of a catch 22 here...
• I think to solve the above, we might need to add a new grpc server that just servers the status server. So that it is not dependent on the start up of LND. see here

[ellemouton]

replaced by #516 & #541