Skip to content
Merged
Show file tree
Hide file tree
Changes from 9 commits
Commits
Show all changes
25 commits
Select commit Hold shift + click to select a range
1570d2c
Added Fatal Action extension point.
KBaichoo Oct 20, 2020
2ac60e6
Various changes: cleaning up interfaces, among others.
KBaichoo Oct 22, 2020
32fb212
Cleaned up tests, and interfaces.
KBaichoo Oct 26, 2020
341d969
added release notes.
KBaichoo Oct 26, 2020
91030d9
Fixed failing tests.
KBaichoo Oct 26, 2020
502e609
Added Fatal Actions to extending envoy documentation.
KBaichoo Oct 26, 2020
ee15888
Clang-tidy and test fixes.
KBaichoo Oct 26, 2020
564668d
Fixed asan issue.
KBaichoo Oct 27, 2020
c4e105c
Modified death message as it relies on signal handlers that can get h…
KBaichoo Oct 28, 2020
4170d6d
Changed the FatalAction functions to return a status to account for m…
KBaichoo Oct 30, 2020
c5dfe7a
Fixed Asan hijacking signals for tests where the death test message m…
KBaichoo Nov 3, 2020
5faddf0
Merge remote-tracking branch 'upstream/master' into fh-extension-pt
KBaichoo Nov 3, 2020
9bc90ba
Minor nits.
KBaichoo Nov 5, 2020
a35f53a
Merge remote-tracking branch 'upstream/master' into fh-extension-pt
KBaichoo Nov 5, 2020
4f96adf
Made test size larger to see if that helps with windows timeout.
KBaichoo Nov 5, 2020
d8a605d
Removed annotations to debug test.
KBaichoo Nov 5, 2020
b70ae54
Added comments about Fatal Action extension interface.
KBaichoo Nov 11, 2020
565025e
Cleaned up api comment nits.
KBaichoo Nov 12, 2020
ac0f168
Added test guard.
KBaichoo Nov 13, 2020
f3e1911
Spelling fix.
KBaichoo Nov 13, 2020
bff6e4f
Merge remote-tracking branch 'upstream/master' into fh-extension-pt
KBaichoo Nov 16, 2020
b023b5c
Minor comments, updated docs.
KBaichoo Nov 16, 2020
bcaee64
Cleaned up code, updated relaxed memory order usages.
KBaichoo Nov 17, 2020
0dce2af
Moved atomic ops to use sequential consistency since the module isn't…
KBaichoo Nov 18, 2020
9fcfd5f
Removed redundant seq_cst since atomic ops have it as the default param.
KBaichoo Nov 18, 2020
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
13 changes: 12 additions & 1 deletion api/envoy/config/bootstrap/v3/bootstrap.proto
Original file line number Diff line number Diff line change
Expand Up @@ -40,7 +40,7 @@ option (udpa.annotations.file_status).package_version_status = ACTIVE;
// <config_overview_bootstrap>` for more detail.

// Bootstrap :ref:`configuration overview <config_overview_bootstrap>`.
// [#next-free-field: 28]
// [#next-free-field: 29]
message Bootstrap {
option (udpa.annotations.versioning).previous_message_type =
"envoy.config.bootstrap.v2.Bootstrap";
Expand Down Expand Up @@ -243,6 +243,10 @@ message Bootstrap {
// Each item contains extension specific configuration.
repeated core.v3.TypedExtensionConfig bootstrap_extensions = 21;

// Specifies optional extensions instantiated at startup time and
// invoked during crash time on the request that caused the crash.
repeated FatalAction fatal_actions = 28;

// Configuration sources that will participate in
// *udpa.core.v1.ResourceLocator* authority resolution. The algorithm is as
// follows:
Expand Down Expand Up @@ -420,6 +424,13 @@ message Watchdog {
type.v3.Percent multikill_threshold = 5;
}

// Fatal actions to run while crashing.
// We will run all safe actions before we run unsafe actions.
message FatalAction {
// Extension specific configuration for the action.

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@envoyproxy/api-shepherds per discussion earlier today, should we have some declaration of the interface that extensions must conform to? The problem with that in general is that this might be different in Envoy/gRPC, but in this specific case, this is a bootstrap and Envoy-only extension point, so I think that would be pretty useful.

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Discussed this a bit out of band with Harvey.

The comments for the extension now point to the interface it's expected to confirm to, and where extensions should live.

Thoughts @envoyproxy/api-shepherds ? Thanks!

core.v3.TypedExtensionConfig config = 1;
}

// Runtime :ref:`configuration overview <config_runtime>` (deprecated).
message Runtime {
option (udpa.annotations.versioning).previous_message_type = "envoy.config.bootstrap.v2.Runtime";
Expand Down
16 changes: 15 additions & 1 deletion api/envoy/config/bootstrap/v4alpha/bootstrap.proto

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

1 change: 1 addition & 0 deletions docs/root/extending/extending.rst
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,7 @@ types including:
* :ref:`Watchdog action <envoy_v3_api_msg_config.bootstrap.v3.Watchdog.WatchdogAction>`
* :ref:`Internal redirect policy <envoy_v3_api_field_config.route.v3.InternalRedirectPolicy.predicates>`
* :ref:`Compression libraries <arch_overview_compression_libraries>`
* :ref:`Fatal actions <envoy_v3_api_field_config.bootstrap.v3.Bootstrap.fatal_actions>`

As of this writing there is no high level extension developer documentation. The
:repo:`existing extensions <source/extensions>` are a good way to learn what is possible.
Expand Down
1 change: 1 addition & 0 deletions docs/root/version_history/current.rst
Original file line number Diff line number Diff line change
Expand Up @@ -37,6 +37,7 @@ New Features
* mongo_proxy: the list of commands to produce metrics for is now :ref:`configurable <envoy_v3_api_field_extensions.filters.network.mongo_proxy.v3.MongoProxy.commands>`.
* ratelimit: added support for use of various :ref:`metadata <envoy_v3_api_field_config.route.v3.RateLimit.Action.metadata>` as a ratelimit action.
* ratelimit: added :ref:`disable_x_envoy_ratelimited_header <envoy_v3_api_msg_extensions.filters.http.ratelimit.v3.RateLimit>` option to disable `X-Envoy-RateLimited` header.
* signal: added an extension point for custom actions to run on the thread that has encountered a fatal error. Actions are configurable via :ref:`fatal_actions <envoy_v3_api_field_config.bootstrap.v3.Bootstrap.fatal_actions>`.
* tcp: added a new :ref:`envoy.overload_actions.reject_incoming_connections <config_overload_manager_overload_actions>` action to reject incoming TCP connections.

Deprecated
Expand Down
13 changes: 12 additions & 1 deletion generated_api_shadow/envoy/config/bootstrap/v3/bootstrap.proto

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

12 changes: 12 additions & 0 deletions include/envoy/server/BUILD
Original file line number Diff line number Diff line change
Expand Up @@ -339,3 +339,15 @@ envoy_cc_library(
"//include/envoy/config:typed_config_interface",
],
)

envoy_cc_library(
name = "fatal_action_interface",
hdrs = ["fatal_action_config.h"],
deps = [
"//include/envoy/config:typed_config_interface",
"//include/envoy/event:dispatcher_interface",
"//include/envoy/protobuf:message_validator_interface",
"//include/envoy/server:instance_interface",
"@envoy_api//envoy/config/bootstrap/v3:pkg_cc_proto",
],
)
55 changes: 55 additions & 0 deletions include/envoy/server/fatal_action_config.h
Original file line number Diff line number Diff line change
@@ -0,0 +1,55 @@
#pragma once

#include <memory>

#include "envoy/common/pure.h"
#include "envoy/config/bootstrap/v3/bootstrap.pb.h"
#include "envoy/config/typed_config.h"
#include "envoy/event/dispatcher.h"
#include "envoy/protobuf/message_validator.h"
#include "envoy/server/instance.h"

namespace Envoy {
namespace Server {
namespace Configuration {

class FatalAction {
public:
virtual ~FatalAction() = default;
/**
* Callback function to run when we are crashing.
* @param current_object the object we were working on when we started
* crashing.
*/
virtual void run(const ScopeTrackedObject* current_object) PURE;

virtual bool isAsyncSignalSafe() const PURE;
Comment thread
mattklein123 marked this conversation as resolved.
};

using FatalActionPtr = std::unique_ptr<FatalAction>;

/**
* Implemented by each custom FatalAction and registered via Registry::registerFactory()
* or the convenience class RegisterFactory.
*/
class FatalActionFactory : public Config::TypedFactory {
public:
~FatalActionFactory() override = default;

/**
* Creates a particular FatalAction implementation.
*
* @param config supplies the configuration for the action.
* @param context supplies the GuardDog Action's context.
* @return FatalActionsPtr the FatalActions object.
*/
virtual FatalActionPtr
createFatalActionFromProto(const envoy::config::bootstrap::v3::FatalAction& config,
Instance* server) PURE;

std::string category() const override { return "envoy.fatal_action"; }
};

} // namespace Configuration
} // namespace Server
} // namespace Envoy
12 changes: 12 additions & 0 deletions source/common/event/dispatcher_impl.h
Original file line number Diff line number Diff line change
Expand Up @@ -91,6 +91,18 @@ class DispatcherImpl : Logger::Loggable<Logger::Id::main>,
}
}

void
runFatalActionsOnTrackedObject(const FatalAction::FatalActionPtrList& actions) const override {
if (run_tid_.isEmpty() || (run_tid_ != api_.threadFactory().currentThreadId())) {
return;
}

// Run the actions
for (const auto& action : actions) {
action->run(current_object_);
}
}
Comment thread
KBaichoo marked this conversation as resolved.
Outdated

private:
TimerPtr createTimerInternal(TimerCb cb);
void updateApproximateMonotonicTimeInternal();
Expand Down
11 changes: 11 additions & 0 deletions source/common/signal/BUILD
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,8 @@ envoy_cc_library(
srcs = ["fatal_error_handler.cc"],
hdrs = ["fatal_error_handler.h"],
deps = [
":fatal_action_lib",
"//include/envoy/event:dispatcher_interface",
"//source/common/common:macros",
],
)
Expand All @@ -30,3 +32,12 @@ envoy_cc_library(
"//source/server:backtrace_lib",
],
)

envoy_cc_library(
name = "fatal_action_lib",
hdrs = ["fatal_action.h"],
deps = [
"//include/envoy/server:fatal_action_interface",
"//include/envoy/thread:thread_interface",
],
)
34 changes: 34 additions & 0 deletions source/common/signal/fatal_action.h
Original file line number Diff line number Diff line change
@@ -0,0 +1,34 @@
#pragma once

#include <ostream>

#include "envoy/common/pure.h"
#include "envoy/server/fatal_action_config.h"
#include "envoy/thread/thread.h"

namespace Envoy {
namespace FatalAction {

using FatalActionPtrList = std::list<Server::Configuration::FatalActionPtr>;

// A simple class which manages the Fatal Actions registered via the
// extension point.
class FatalActionManager {
public:
FatalActionManager(FatalActionPtrList safe_actions, FatalActionPtrList unsafe_actions,
Thread::ThreadFactory& thread_factory)
: safe_actions_(std::move(safe_actions)), unsafe_actions_(std::move(unsafe_actions)),
thread_factory_(thread_factory) {}

const FatalActionPtrList& getSafeActions() const { return safe_actions_; }
const FatalActionPtrList& getUnsafeActions() const { return unsafe_actions_; }
Thread::ThreadFactory& getThreadFactory() const { return thread_factory_; }

private:
FatalActionPtrList safe_actions_;
FatalActionPtrList unsafe_actions_;
Thread::ThreadFactory& thread_factory_;
};

} // namespace FatalAction
} // namespace Envoy
Loading