Adds a service to put the instance out of traffic smoothly before shutdown

[ahogui12]

why
The DNS TTLs are about 30 seconds in our infra. When we let a time for the instance to cool off before shutting it down, it gives time to DNS re-resolving and avoid targeting a dead instance

Example
Templated file on Haproxy instance

[Unit]
Description=Consul maintenance task at shutdown
After=consul.service
After=haproxy.service

[Service]
Type=oneshot
RemainAfterExit=yes
ExecStop=/usr/local/bin/consul maint -enable -reason="Shutting down instance"
ExecStopPost=/usr/bin/sleep 30

[Install]
WantedBy=multi-user.target

After I type shutdown now there is a 30s timeframe where consul is under maintenance, but haproxy is still available

Note
I am not 100% sure there is no side effects. This works on Haproxy instance well and the wost case I can see is {{ consul_service_name }} is not templated correctly but in this case the service just won't start and we will see current behaviour.

[wazo-community-zuul]

Build failed.
https://zuul.wazo.community/zuul/t/local/buildset/c4e3eace24ef430fbcafc28744433ea4

❌ wazo-tox-molecule-bullseye FAILURE in 3m 54s

[sduthil]

That's a very good idea :) Thanks!

[sduthil]

This duration should be templated too. I would recommend a higher timeout, e.g. 45 seconds or 60 seconds, to avoid race conditions between DNS cache expiration and DNS client resolution that may happen simultaneously, or with a few seconds of delay.

Also, a higher value may require adding a TimeoutStopSec= (default 90 seconds).

This duration should only be that high for publicly exposed instances, such as HAProxies or Coturn services (maybe others?). Other internal services are resolved on-the-spot via the Consul resolver, and could do with a lower timeout, e.g. 5 or 10 seconds.

Do you know what happens if we systemctl restart haproxy for example? Do it wait for 30 seconds too?

[ahogui12]

For the TimeoutStopSec option, do you think we will happen to need more than 90 seconds ? Otherwise it stops the service (with an error for sure)

[ahogui12]

If systemctl restart haproxy , nothing happens, it still waits

[sduthil]

About the TimeoutStopSec option, it's only needed if we template the sleep duration. If it is templated, either document to not exceed 90seconds, or template the TimeoutStopSec as well.

About the restart, does it mean that running systemctl restart haproxy will enable Consul maintenance, wait 30 seconds, restart HAProxy, and leave Consul maintenance enabled? So restarting HAProxy would remove the instance from traffic?

[sduthil]

IMHO this should rather go in /etc/systemd/system/.... The /lib/systemd path is used for OS-delivered unit files.

[sduthil]

Suggested change

	mode: "0644"
	mode: "0660"

[ahogui12]

Not sure about this change, if I create a systemd service I end up with "0644"

root@i-0c539d980708b2e2a:~# systemctl edit --force --full ahoguin.service
root@i-0c539d980708b2e2a:~# ls -la /etc/systemd/system/
...
-rw-r--r--  1 root root  194 Apr 10 15:58 ahoguin.service

[sduthil]

In case the value for consul_service_name is wrong, I would prefer this not to fail silently. Will it fail at the state=started task?

If not, could we have some alert? Like an assert that the service file exists, which will fail the whole recipe and send a Mattermost alert?

Also, this implies that the Consul service is installed after the service it requires, not sure it's the case in every role...

[sduthil]

Do you know what happens if consul_service_name is incorrect?

[wazo-community-zuul]

Build failed.
https://zuul.wazo.community/zuul/t/local/buildset/1aff9ad6825e49a4aa1dcd34d139250f

❌ wazo-tox-molecule-bullseye FAILURE in 3m 08s

[wazo-community-zuul]

Build failed.
https://zuul.wazo.community/zuul/t/local/buildset/a1cbb8e1bb6c4e278c4eccab4aaff21c

❌ wazo-tox-molecule-bullseye FAILURE in 3m 08s

[wazo-community-zuul]

Build succeeded.
https://zuul.wazo.community/zuul/t/local/buildset/294858f1650c4a61a78022efbee12f38

✔️ wazo-tox-molecule-bullseye SUCCESS in 8m 06s