[ISSUE-5705] Support for degraded health #5741
Conversation
seonWKim
requested review from
ikhoon,
jrhee17,
minwoox and
trustin
as code owners
seonWKim
force-pushed
the
feature/ISSUE-5705-degradable-health-checker
branch
from
f20ed57
to
665ec13
Compare
core/src/main/java/com/linecorp/armeria/server/healthcheck/HealthCheckService.java
Outdated
Show resolved
Hide resolved
core/src/main/java/com/linecorp/armeria/server/healthcheck/HealthCheckServiceBuilder.java
Outdated
Show resolved
Hide resolved
core/src/main/java/com/linecorp/armeria/server/healthcheck/HealthStatus.java
Show resolved
Hide resolved
core/src/main/java/com/linecorp/armeria/server/healthcheck/SettableHealthStatusChecker.java
Outdated
Show resolved
Hide resolved
core/src/main/java/com/linecorp/armeria/server/healthcheck/HealthCheckServiceBuilder.java
Outdated
Show resolved
Hide resolved
core/src/main/java/com/linecorp/armeria/server/healthcheck/HealthCheckService.java
Show resolved
Hide resolved
seonWKim
force-pushed
the
feature/ISSUE-5705-degradable-health-checker
branch
from
52fdd7b
to
aed0a93
Compare
core/src/main/java/com/linecorp/armeria/server/healthcheck/HealthStatus.java
Show resolved
Hide resolved
| final boolean useLongPolling; | ||
| if (longPollingTimeoutMillis > 0) { | ||
| final String expectedState = | ||
| Ascii.toLowerCase(req.headers().get(HttpHeaderNames.IF_NONE_MATCH, "")); | ||
| if ("\"healthy\"".equals(expectedState) || "w/\"healthy\"".equals(expectedState)) { | ||
| useLongPolling = isHealthy; | ||
| useLongPolling = healthStatus == HealthStatus.HEALTHY; |
There was a problem hiding this comment.
note: this change means if HEALTHY or UNHEALTHY isn't set, then long polling never works since armeria client only sends healthy or unhealthy depending on the status code.
There was a problem hiding this comment.
Oh, I see. Then, I think we can change the logic as follows:
When the expectedState is
healthy: use long polling when the status isHEALTHYorDEGRADEDunhealthy: use long polling when the status isUNHEALTHY,UNDER_MAINTENANCE,STOPPING
There was a problem hiding this comment.
I understood the objective of this issue to propagate the status to clients.
If we only maintain expectedState, I think clients may not receive the status on update for long polling health check requests.
If we would like to maintain backwards compatibility, we could define a separate syntax for status matching.
e.g.
If-None-Match=[healthy|unhealthy]: propagates a signal whenever a status changes between healthy <-> unhealthyIf-None-Match=status=[HEALTHY|DEGRADED|UNHEALTHY|UNDER_MAINTENANCE|STOPPING]: propagates a signal when the status does not match the status exactly
There was a problem hiding this comment.
I've added If-None-Match=status=[HEALTHY|DEGRADED|UNHEALTHY|UNDER_MAINTENANCE|STOPPING] and preserved If-None-Match=[healthy|unhealthy] in order to maintain backward compatibility.
- When
If-None-Match=[healthy|unhealthy]is present, return a response when the server becomeshealthy(HEALTHY,DEGRADED) orunhealthy(STOPPING,UNHEALTHY,UNDER_MAINTENANCE) - When
If-None-Match=status=[HEALTHY|DEGRADED|UNHEALTHY|UNDER_MAINTENANCE|STOPPING]is present, return a response when the server'sHealthStatusis changed.
| @@ -435,24 +435,35 @@ public HttpResponse serve(ServiceRequestContext ctx, HttpRequest req) throws Exc | |||
| if (updateResult != null) { | |||
| switch (updateResult) { | |||
| case HEALTHY: | |||
| serverHealth.setHealthy(true); | |||
| serverHealth.setHealthStatus(HealthStatus.HEALTHY); | |||
There was a problem hiding this comment.
Note: If the default HealthCheckUpdateHandler is used, only HEALTHY and UNHEALTHY will be returned.
I think users would find it surprising that the server is aware of options such as DEGRADED, etc.. but doesn't understand update semantics of such statuses
There was a problem hiding this comment.
Oh you're right. What do you think of adding an implementation of HealthCheckUpdateHandler to handle new status? 🤔
There was a problem hiding this comment.
Added HealthStatusUpdateHandler 😄
| * | ||
| * @return {@code this} | ||
| */ | ||
| public HealthCheckServiceBuilder degradedResponse(AggregatedHttpResponse degradedResponse) { |
There was a problem hiding this comment.
note: from the perspective of health checking in envoy, just sending a x-envoy-degraded header to denote an endpoint is probably enough. Checked that this won't interfere with ongoing xDS related changes.
There was a problem hiding this comment.
It seems envoy use headers to denote the specific status. What do you think would be more appropriate for this case to denote specific status? The headers or status field in the json?
There was a problem hiding this comment.
I think it's fine to let users customize the response for now - later depending on requirements we may just introduce a separate EnvoyHealthCheckService.
There was a problem hiding this comment.
We probably should do some research on the behavior of well known server implementations and make the default response covers them all, as a follow-up to this PR.
| "{\"healthy\":false}"); | ||
| private AggregatedHttpResponse healthyResponse = | ||
| AggregatedHttpResponse.of(HttpStatus.OK, MediaType.JSON_UTF_8, | ||
| "{\"healthy\":true,\"status\":\"HEALTHY\"}"); |
There was a problem hiding this comment.
Note: In case this point was missed, armeria client is ignoring the body at the moment and determining health status via status code.
There was a problem hiding this comment.
Oh right. HttpHealthChecker only checks the status code. Should we handle the changes in this PR as well?
There was a problem hiding this comment.
I'm unsure of how we want to expose health check information on the client-side at the moment. From an xDS perspective, other signals such as 1) the ratio of failed health checks 2) time since last health check 3) etc.. are exposed.
I think it's better to focus on implementing backwards compatible server-side changes in this PR, and client-side changes are dealt with separately (after a consensus is made on the API direction).
core/src/main/java/com/linecorp/armeria/server/healthcheck/HealthCheckService.java
Outdated
Show resolved
Hide resolved
core/src/main/java/com/linecorp/armeria/server/healthcheck/HealthStatus.java
Outdated
Show resolved
Hide resolved
core/src/main/java/com/linecorp/armeria/server/healthcheck/HealthStatus.java
Outdated
Show resolved
Hide resolved
| * Handler which updates the healthiness of the {@link Server}. Supports {@code PUT}, {@code POST} and | ||
| * {@code PATCH} requests and tells if the {@link Server} needs to be marked as healthy or unhealthy. | ||
| */ | ||
| public enum DefaultHealthCheckUpdateHandler implements HealthCheckUpdateHandler { |
There was a problem hiding this comment.
I changed the access modifier to public in order to let users select their update handler(DefaultHealthCheckUpdateHandlerorHealthStatusUpdateHandler`)
There was a problem hiding this comment.
Question) what do you think of just combining the two HealthCheckUpdateHandler and adding similar logic as HealthCheckService?
e.g.
if jsonNode.contains("healthy") {
// previous logic
} else if jsonNode.contains("status") {
// update to the status
} else {
// 400
}
There was a problem hiding this comment.
Once done, please don't forget to make this class package-private again.
…bleHealthChecker`
Co-authored-by: jrhee17 <[email protected]>
…cify HealthStatus
- Add javadoc on `HealthStatus` - Checks for IF-NONE-MATCH header for specific `HealthStatus` - Add `HealthStatusUpdateHandler`
seonWKim
force-pushed
the
feature/ISSUE-5705-degradable-health-checker
branch
from
1548102
to
487997f
Compare
|
Removed the |
| * Handler which updates the healthiness of the {@link Server}. Supports {@code PUT}, {@code POST} and | ||
| * {@code PATCH} requests and tells if the {@link Server} needs to be marked as healthy or unhealthy. | ||
| */ | ||
| public enum DefaultHealthCheckUpdateHandler implements HealthCheckUpdateHandler { |
There was a problem hiding this comment.
Question) what do you think of just combining the two HealthCheckUpdateHandler and adding similar logic as HealthCheckService?
e.g.
if jsonNode.contains("healthy") {
// previous logic
} else if jsonNode.contains("status") {
// update to the status
} else {
// 400
}
Looks better. I don't think we need to split them into different classes. 👍 |
There was a problem hiding this comment.
This is probably the last of my comments.
Please also address https://github.com/line/armeria/pull/5741/files#r1651918233 🙏
| @@ -46,22 +44,45 @@ public SettableHealthChecker() { | |||
| * changed using {@link #setHealthy(boolean)}. | |||
| */ | |||
| public SettableHealthChecker(boolean isHealthy) { | |||
| this.isHealthy = new AtomicBoolean(isHealthy); | |||
| this.healthStatus = isHealthy ? HealthStatus.HEALTHY : HealthStatus.UNHEALTHY; | |||
There was a problem hiding this comment.
| this.healthStatus = isHealthy ? HealthStatus.HEALTHY : HealthStatus.UNHEALTHY; | |
| healthStatus = isHealthy ? HealthStatus.HEALTHY : HealthStatus.UNHEALTHY; |
| * Returns the {@link HttpStatus} representing the health status of the {@link Server}. | ||
| * Override below method if you want more fine-grained health status. | ||
| */ | ||
| default HealthStatus healthStatus() { |
There was a problem hiding this comment.
Can you modify that ScheduledHealthChecker also uses the healthStatus API?
| return new CpuHealthChecker(targetSystemCpuUsage, targetProcessCpuUsage, | ||
| degradedTargetSystemCpuUsage, degradedTargetProcessCpuLoad); | ||
| } | ||
|
|
||
| /** | ||
| * Returns {@code true} if and only if the {@link Server} is healthy. | ||
| */ | ||
| boolean isHealthy(); |
There was a problem hiding this comment.
Note: I imagine that some time in the future we may likely end up deprecating this API since we're only using HealthChecker#healthStatus internally in HealthCheckService.
I prefer this be handled separately though if necessary.
There was a problem hiding this comment.
Meanwhile, can you go through the code in armeria and convert any usages using this API to use healthStatus instead?
Motivation:
Add support for degraded health.
Modifications:
HealthStatusenum which can represent the health status of a serverhealthStatus()method inHealthCheckerfor fine-grained representation of server's statusdegradedResponsewhich shows that the server's status is being degraded.I think adding new health check service which returns
HealthStatus(instead of boolean) might be an alternate option. But because this PR is before any reviews, I've just implemented feature on top ofHealthCheckService.Result:
Users can now receive notification for degraded server status like below
{"healthy":true, "degraded":true}degradedserver status in addtion to healthy and unhealthy.