From 6d3b3d6d74e1c425920d7d8f461db9b4719b7d80 Mon Sep 17 00:00:00 2001
From: Molly Miller <molly.miller@wire.com>
Date: Tue, 7 Jun 2022 15:31:08 +0100
Subject: [PATCH 1/4] Add docker image which includes pre-stop hook script.

This adds a container image derived from the Debian coturn image which includes
a pre-stop hook script. This hook script polls the Prometheus metrics endpoint
and waits until the number of active allocations reaches zero. This can be used
to detect when traffic is drained from a running coturn instance, in order to
perform a non-invasive graceful restart.
---
 .dockerignore                          |  1 +
 docker/coturn/wireapp/Dockerfile       | 15 +++++++++++++++
 docker/coturn/wireapp/pre-stop-hook.sh | 23 +++++++++++++++++++++++
 3 files changed, 39 insertions(+)
 create mode 100644 docker/coturn/wireapp/Dockerfile
 create mode 100644 docker/coturn/wireapp/pre-stop-hook.sh

diff --git a/.dockerignore b/.dockerignore
index 7451c5aba..e28ec0437 100644
--- a/.dockerignore
+++ b/.dockerignore
@@ -3,6 +3,7 @@
 !docker/coturn/alpine/
 !docker/coturn/debian/
 !docker/coturn/rootfs/
+!docker/coturn/wireapp/
 
 !cmake/
 !CMakeLists.txt
diff --git a/docker/coturn/wireapp/Dockerfile b/docker/coturn/wireapp/Dockerfile
new file mode 100644
index 000000000..3818681d1
--- /dev/null
+++ b/docker/coturn/wireapp/Dockerfile
@@ -0,0 +1,15 @@
+ARG coturn_image=coturn/coturn
+ARG coturn_tag=latest
+
+FROM ${coturn_image}:${coturn_tag}
+
+USER root
+
+RUN apt-get update \
+  && apt-get install -y --no-install-recommends --no-install-suggests \
+    curl grep coreutils
+
+COPY docker/coturn/wireapp/pre-stop-hook.sh /usr/local/bin/pre-stop-hook
+RUN chmod +x /usr/local/bin/pre-stop-hook
+
+USER nobody:nogroup
diff --git a/docker/coturn/wireapp/pre-stop-hook.sh b/docker/coturn/wireapp/pre-stop-hook.sh
new file mode 100644
index 000000000..e1ffec292
--- /dev/null
+++ b/docker/coturn/wireapp/pre-stop-hook.sh
@@ -0,0 +1,23 @@
+#!/bin/sh
+
+# FUTUREWORK: this will break with IPv6. this should be fixed so it works with
+# IPv6.
+
+set -uo pipefail
+
+SLEEPTIME=60
+
+host="$1"
+port="$2"
+
+url="http://$host:$port/metrics"
+
+while true; do
+    allocs=$(curl -s "$url" | grep -E '^turn_active_allocations' | cut -d' ' -f2)
+    if [ "$?" != 0 ]; then exit 1; fi
+
+    if [ -z "$allocs" ]; then exit 0; fi
+    if [ "$allocs" = 0 ]; then exit 0; fi
+
+    sleep "$SLEEPTIME"
+done

From d8974c6a22e58aaf2c92256e6b3ecb3a031d5e36 Mon Sep 17 00:00:00 2001
From: Molly Miller <molly.miller@wire.com>
Date: Wed, 8 Jun 2022 11:49:46 +0100
Subject: [PATCH 2/4] Change shebang to bash.

set -o pipefail is a bashism, but one which is useful to have.
---
 docker/coturn/wireapp/pre-stop-hook.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docker/coturn/wireapp/pre-stop-hook.sh b/docker/coturn/wireapp/pre-stop-hook.sh
index e1ffec292..f72f94117 100644
--- a/docker/coturn/wireapp/pre-stop-hook.sh
+++ b/docker/coturn/wireapp/pre-stop-hook.sh
@@ -1,4 +1,4 @@
-#!/bin/sh
+#!/bin/bash
 
 # FUTUREWORK: this will break with IPv6. this should be fixed so it works with
 # IPv6.

From 237ebac139a3b37b5589edae4f3196847c217d2f Mon Sep 17 00:00:00 2001
From: Molly Miller <molly.miller@wire.com>
Date: Wed, 8 Jun 2022 11:52:33 +0100
Subject: [PATCH 3/4] Add status reporting to pre-stop hook script.

---
 docker/coturn/wireapp/pre-stop-hook.sh | 22 +++++++++++++++++-----
 1 file changed, 17 insertions(+), 5 deletions(-)

diff --git a/docker/coturn/wireapp/pre-stop-hook.sh b/docker/coturn/wireapp/pre-stop-hook.sh
index f72f94117..5d4603701 100644
--- a/docker/coturn/wireapp/pre-stop-hook.sh
+++ b/docker/coturn/wireapp/pre-stop-hook.sh
@@ -12,12 +12,24 @@ port="$2"
 
 url="http://$host:$port/metrics"
 
+echo "Polling coturn status on $url"
+
 while true; do
     allocs=$(curl -s "$url" | grep -E '^turn_active_allocations' | cut -d' ' -f2)
-    if [ "$?" != 0 ]; then exit 1; fi
-
-    if [ -z "$allocs" ]; then exit 0; fi
-    if [ "$allocs" = 0 ]; then exit 0; fi
-
+    if [ "$?" != 0 ]; then
+        echo "Could not retrieve metrics from coturn!"
+        exit 1
+    fi
+
+    if [ -z "$allocs" ]; then
+        echo "No more active allocations, exiting"
+        exit 0
+    fi
+    if [ "$allocs" = 0 ]; then
+        echo "No more active allocations, exiting"
+        exit 0
+    fi
+
+    echo "Active allocations remaining, sleeping for $SLEEPTIME seconds"
     sleep "$SLEEPTIME"
 done

From 9e4b47ac86f1250b7985288c0e3791c9cd6a7749 Mon Sep 17 00:00:00 2001
From: Molly Miller <molly.miller@wire.com>
Date: Wed, 8 Jun 2022 11:55:37 +0100
Subject: [PATCH 4/4] Add some explanatory commentary to the wireapp
 Dockerfile.

---
 docker/coturn/wireapp/Dockerfile | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/docker/coturn/wireapp/Dockerfile b/docker/coturn/wireapp/Dockerfile
index 3818681d1..5915030da 100644
--- a/docker/coturn/wireapp/Dockerfile
+++ b/docker/coturn/wireapp/Dockerfile
@@ -1,3 +1,8 @@
+# This image derives from another coturn image, and adds a script which
+# polls the Prometheus metrics endpoint until there are no more active
+# allocations. This is intended to be used as a pre-stop hook to allow graceful
+# termination of the coturn process without disrupting active allocations.
+
 ARG coturn_image=coturn/coturn
 ARG coturn_tag=latest