This changes improve the binary upgrade behaviour using USR2:
- only one binary upgrade can happen at a time: the old arbiter needs to be
killed to promote the new arbiter.
- if a new arbiter is already spawned, until one is killed USR2 has no action
- if a new arbiter has been spawned, the unix socket won't be unlinked
- until the old arbiter have been killed the newly created pidfile has the name
<pidfile>.2 and the name Master.2 .
Note: there is no dialog between both arbiters to handle this features.
Instead they will supervise each others until one is killed. So isolation is
still guaranted.
fix#1267
- rename LockFile.lock to acquire
- rename LockFile.unlock to release
- move the lockfile management in sepate functions inside the arbiter
- remove the "closed" argument from the socket.close method and add a new "destroy" function that will be called whent the socket can be unlinked (cal release)
- fix tests
This change add proper file locking to gunicorn. By default "gunicorn.lock" is created in the temporary directory when a unix socket is bound. In case someone want to fix the lock file path or use multiple gunicorn instance the "--lock-file" setting can be used to set the path of this file.
fix#1259
Killing ourself when using the `--reload` option trigger an infinite loop under some monitoring services like the one in pycharm and don't reload the file.
Instead set self.alive as False which will trigger later the worker exit. Note that if we want to force the exit we could also use sys.exit(0) .
fix#1129
in python 3.5 the select is blocking when waiting for it which prevent quick
exit on SIGTERM.
The problem is described:
https://www.python.org/dev/peps/pep-0475/#backward-compatibility
This change fix it by listening for signal event on the worker pipe. Once an
event is triggered it will forcefully wake up the select and return.
fix#1256
The run loop has to change slightly to support graceful shutdown.
There is no way to interrupt a call to `futures.wait` so instead
the pattern, used by the async workers, is to sleep for only one
second at the most. The poll is extended to a one second timeout
to match.
Since threads are preemptively scheduled, it's possible that the
listener is closed when the request is actually handled. For this
reason it is necessary to slightly refactor the TConn class to store
the listening socket name. The name is checked once at the start of
the worker run loop.
Ref #922
Close all the listeners when the arbiter shuts down. By doing so,
workers can close the socket at the beginning of a graceful shut
down thereby informing the operating system that the socket can
be cleaned up. With this change, graceful exits with such workers
will refuse new connections while draining, allowing load balancers
to respond more quickly and avoiding leaving connections dangling
in the listen backlog, unaccepted.
Ref #922
By having a `getattr` implementation that proxies to the `sock`
attribute, there is a risk of infinite recursion when the socket
attribute is absent. After closing the socket and destroying it,
the recursion can be prevented by setting the attribute to `None`.
Since the changes from #1126, errors are not raised into the main
loop during a non-graceful shutdown. Therefore, these exception
clauses shouldn't be needed anymore.
Just like in the gevent worker, a blocking call should only be executed
from within a coroutine. The AssertionError around the main loop of the
eventlet worker can be removed, since it was there to catch
the exception raised by the sleep.
Currently if you configure statsd_host, a configured logger_class will never be used.
I think this makes a user configured logger class always take priority.
(This is PoC change, I will come back and add tests/docs if it's worth pursuing)
Manually including the traceback in the log msg causes some issues when
interacting with log formats, and in one case was causing the traceback
to be printed twice.
