unicorn.git  about / heads / tags
Rack HTTP server for Unix and fast clients
blob 2093bb3f390de5418f5d23d10a0756cab4186bde 21095 bytes (raw)
$ git show v0.5.2:lib/unicorn.rb	# shows this blob on the CLI

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
 
require 'logger'
require 'fcntl'

require 'unicorn/socket'
require 'unicorn/const'
require 'unicorn/http_request'
require 'unicorn/http_response'
require 'unicorn/configurator'
require 'unicorn/util'

# Unicorn module containing all of the classes (include C extensions) for running
# a Unicorn web server.  It contains a minimalist HTTP server with just enough
# functionality to service web application requests fast as possible.
module Unicorn
  class << self
    def run(app, options = {})
      HttpServer.new(app, options).start.join
    end
  end

  # This is the process manager of Unicorn. This manages worker
  # processes which in turn handle the I/O and application process.
  # Listener sockets are started in the master process and shared with
  # forked worker children.
  class HttpServer
    attr_reader :logger
    include ::Unicorn::SocketHelper

    SIG_QUEUE = []
    DEFAULT_START_CTX = {
      :argv => ARGV.map { |arg| arg.dup },
      # don't rely on Dir.pwd here since it's not symlink-aware, and
      # symlink dirs are the default with Capistrano...
      :cwd => `/bin/sh -c pwd`.chomp("\n"),
      :zero => $0.dup,
    }.freeze

    Worker = Struct.new(:nr, :tempfile) unless defined?(Worker)
    class Worker
      # worker objects may be compared to just plain numbers
      def ==(other_nr)
        self.nr == other_nr
      end
    end

    # Creates a working server on host:port (strange things happen if
    # port isn't a Number).  Use HttpServer::run to start the server and
    # HttpServer.workers.join to join the thread that's processing
    # incoming requests on the socket.
    def initialize(app, options = {})
      start_ctx = options.delete(:start_ctx)
      @start_ctx = DEFAULT_START_CTX.dup
      @start_ctx.merge!(start_ctx) if start_ctx
      @app = app
      @workers = Hash.new
      @io_purgatory = [] # prevents IO objects in here from being GC-ed
      @request = @rd_sig = @wr_sig = nil
      @reexec_pid = 0
      @init_listeners = options[:listeners] ? options[:listeners].dup : []
      @config = Configurator.new(options.merge(:use_defaults => true))
      @listener_opts = {}
      @config.commit!(self, :skip => [:listeners, :pid])
      @listeners = []
    end

    # Runs the thing.  Returns self so you can run join on it
    def start
      BasicSocket.do_not_reverse_lookup = true

      # inherit sockets from parents, they need to be plain Socket objects
      # before they become UNIXServer or TCPServer
      inherited = ENV['UNICORN_FD'].to_s.split(/,/).map do |fd|
        io = Socket.for_fd(fd.to_i)
        set_server_sockopt(io, @listener_opts[sock_name(io)])
        @io_purgatory << io
        logger.info "inherited addr=#{sock_name(io)} fd=#{fd}"
        server_cast(io)
      end

      config_listeners = @config[:listeners].dup
      @listeners.replace(inherited)

      # we start out with generic Socket objects that get cast to either
      # TCPServer or UNIXServer objects; but since the Socket objects
      # share the same OS-level file descriptor as the higher-level *Server
      # objects; we need to prevent Socket objects from being garbage-collected
      config_listeners -= listener_names
      if config_listeners.empty? && @listeners.empty?
        config_listeners << Unicorn::Const::DEFAULT_LISTEN
      end
      config_listeners.each { |addr| listen(addr) }
      raise ArgumentError, "no listeners" if @listeners.empty?
      self.pid = @config[:pid]
      build_app! if @preload_app
      File.open(@stderr_path, "a") { |fp| $stderr.reopen(fp) } if @stderr_path
      File.open(@stdout_path, "a") { |fp| $stdout.reopen(fp) } if @stdout_path
      $stderr.sync = $stdout.sync = true
      spawn_missing_workers
      self
    end

    # replaces current listener set with +listeners+.  This will
    # close the socket if it will not exist in the new listener set
    def listeners=(listeners)
      cur_names, dead_names = [], []
      listener_names.each do |name|
        if "/" == name[0..0]
          # mark unlinked sockets as dead so we can rebind them
          (File.socket?(name) ? cur_names : dead_names) << name
        else
          cur_names << name
        end
      end
      set_names = listener_names(listeners)
      dead_names += cur_names - set_names
      dead_names.uniq!

      @listeners.delete_if do |io|
        if dead_names.include?(sock_name(io))
          @io_purgatory.delete_if do |pio|
            pio.fileno == io.fileno && (pio.close rescue nil).nil? # true
          end
          (io.close rescue nil).nil? # true
        else
          set_server_sockopt(io, @listener_opts[sock_name(io)])
          false
        end
      end

      (set_names - cur_names).each { |addr| listen(addr) }
    end

    # sets the path for the PID file of the master process
    def pid=(path)
      if path
        if x = valid_pid?(path)
          return path if @pid && path == @pid && x == $$
          raise ArgumentError, "Already running on PID:#{x} " \
                               "(or pid=#{path} is stale)"
        end
      end
      unlink_pid_safe(@pid) if @pid
      File.open(path, 'wb') { |fp| fp.syswrite("#$$\n") } if path
      @pid = path
    end

    # add a given address to the +listeners+ set, idempotently
    # Allows workers to add a private, per-process listener via the
    # @after_fork hook.  Very useful for debugging and testing.
    def listen(address, opt = {}.merge(@listener_opts[address] || {}))
      return if String === address && listener_names.include?(address)

      if io = bind_listen(address, opt)
        unless TCPServer === io || UNIXServer === io
          @io_purgatory << io
          io = server_cast(io)
        end
        logger.info "listening on addr=#{sock_name(io)} fd=#{io.fileno}"
        @listeners << io
      else
        logger.error "adding listener failed addr=#{address} (in use)"
        raise Errno::EADDRINUSE, address
      end
    end

    # monitors children and receives signals forever
    # (or until a termination signal is sent).  This handles signals
    # one-at-a-time time and we'll happily drop signals in case somebody
    # is signalling us too often.
    def join
      # this pipe is used to wake us up from select(2) in #join when signals
      # are trapped.  See trap_deferred
      @rd_sig, @wr_sig = IO.pipe unless (@rd_sig && @wr_sig)
      mode = nil
      respawn = true

      QUEUE_SIGS.each { |sig| trap_deferred(sig) }
      trap(:CHLD) { |sig_nr| awaken_master }
      proc_name 'master'
      logger.info "master process ready" # test_exec.rb relies on this message
      begin
        loop do
          reap_all_workers
          case (mode = SIG_QUEUE.shift)
          when nil
            murder_lazy_workers
            spawn_missing_workers if respawn
            master_sleep
          when :QUIT # graceful shutdown
            break
          when :TERM, :INT # immediate shutdown
            stop(false)
            break
          when :USR1 # rotate logs
            logger.info "master reopening logs..."
            Unicorn::Util.reopen_logs
            logger.info "master done reopening logs"
            kill_each_worker(:USR1)
          when :USR2 # exec binary, stay alive in case something went wrong
            reexec
          when :WINCH
            if Process.ppid == 1 || Process.getpgrp != $$
              respawn = false
              logger.info "gracefully stopping all workers"
              kill_each_worker(:QUIT)
            else
              logger.info "SIGWINCH ignored because we're not daemonized"
            end
          when :HUP
            respawn = true
            if @config.config_file
              load_config!
              redo # immediate reaping since we may have QUIT workers
            else # exec binary and exit if there's no config file
              logger.info "config_file not present, reexecuting binary"
              reexec
              break
            end
          else
            logger.error "master process in unknown mode: #{mode}"
          end
        end
      rescue Errno::EINTR
        retry
      rescue Object => e
        logger.error "Unhandled master loop exception #{e.inspect}."
        logger.error e.backtrace.join("\n")
        retry
      end
      stop # gracefully shutdown all workers on our way out
      logger.info "master complete"
      unlink_pid_safe(@pid) if @pid
    end

    # Terminates all workers, but does not exit master process
    def stop(graceful = true)
      kill_each_worker(graceful ? :QUIT : :TERM)
      timeleft = @timeout
      step = 0.2
      reap_all_workers
      until @workers.empty?
        sleep(step)
        reap_all_workers
        (timeleft -= step) > 0 and next
        kill_each_worker(:KILL)
      end
    ensure
      self.listeners = []
    end

    private

    # list of signals we care about and trap in master.
    QUEUE_SIGS = [ :WINCH, :QUIT, :INT, :TERM, :USR1, :USR2, :HUP ].freeze

    # defer a signal for later processing in #join (master process)
    def trap_deferred(signal)
      trap(signal) do |sig_nr|
        if SIG_QUEUE.size < 5
          SIG_QUEUE << signal
          awaken_master
        else
          logger.error "ignoring SIG#{signal}, queue=#{SIG_QUEUE.inspect}"
        end
      end
    end

    # wait for a signal hander to wake us up and then consume the pipe
    # Wake up every second anyways to run murder_lazy_workers
    def master_sleep
      begin
        ready = IO.select([@rd_sig], nil, nil, 1)
        ready && ready[0] && ready[0][0] or return
        loop { @rd_sig.read_nonblock(Const::CHUNK_SIZE) }
      rescue Errno::EAGAIN, Errno::EINTR
      end
    end

    def awaken_master
      begin
        @wr_sig.write_nonblock('.') # wakeup master process from IO.select
      rescue Errno::EAGAIN, Errno::EINTR
        # pipe is full, master should wake up anyways
        retry
      end
    end

    # reaps all unreaped workers
    def reap_all_workers
      begin
        loop do
          pid, status = Process.waitpid2(-1, Process::WNOHANG)
          pid or break
          if @reexec_pid == pid
            logger.error "reaped #{status.inspect} exec()-ed"
            @reexec_pid = 0
            self.pid = @pid.chomp('.oldbin') if @pid
            proc_name 'master'
          else
            worker = @workers.delete(pid)
            worker.tempfile.close rescue nil
            logger.info "reaped #{status.inspect} " \
                        "worker=#{worker.nr rescue 'unknown'}"
          end
        end
      rescue Errno::ECHILD
      end
    end

    # reexecutes the @start_ctx with a new binary
    def reexec
      if @reexec_pid > 0
        begin
          Process.kill(0, @reexec_pid)
          logger.error "reexec-ed child already running PID:#{@reexec_pid}"
          return
        rescue Errno::ESRCH
          @reexec_pid = 0
        end
      end

      if @pid
        old_pid = "#{@pid}.oldbin"
        prev_pid = @pid.dup
        begin
          self.pid = old_pid  # clear the path for a new pid file
        rescue ArgumentError
          logger.error "old PID:#{valid_pid?(old_pid)} running with " \
                       "existing pid=#{old_pid}, refusing rexec"
          return
        rescue Object => e
          logger.error "error writing pid=#{old_pid} #{e.class} #{e.message}"
          return
        end
      end

      @reexec_pid = fork do
        listener_fds = @listeners.map { |sock| sock.fileno }
        ENV['UNICORN_FD'] = listener_fds.join(',')
        Dir.chdir(@start_ctx[:cwd])
        cmd = [ @start_ctx[:zero] ] + @start_ctx[:argv]

        # avoid leaking FDs we don't know about, but let before_exec
        # unset FD_CLOEXEC, if anything else in the app eventually
        # relies on FD inheritence.
        purgatory = [] # prevent GC of IO objects
        (3..1024).each do |io|
          next if listener_fds.include?(io)
          io = IO.for_fd(io) rescue nil
          io or next
          purgatory << io
          io.fcntl(Fcntl::F_SETFD, Fcntl::FD_CLOEXEC)
        end
        logger.info "executing #{cmd.inspect} (in #{Dir.pwd})"
        @before_exec.call(self)
        exec(*cmd)
      end
      proc_name 'master (old)'
    end

    # forcibly terminate all workers that haven't checked in in @timeout
    # seconds.  The timeout is implemented using an unlinked tempfile
    # shared between the parent process and each worker.  The worker
    # runs File#chmod to modify the ctime of the tempfile.  If the ctime
    # is stale for >@timeout seconds, then we'll kill the corresponding
    # worker.
    def murder_lazy_workers
      now = Time.now
      @workers.each_pair do |pid, worker|
        (now - worker.tempfile.ctime) <= @timeout and next
        logger.error "worker=#{worker.nr} PID:#{pid} is too old, killing"
        kill_worker(:KILL, pid) # take no prisoners for @timeout violations
        worker.tempfile.close rescue nil
      end
    end

    def spawn_missing_workers
      return if @workers.size == @worker_processes
      (0...@worker_processes).each do |worker_nr|
        @workers.values.include?(worker_nr) and next
        begin
          Dir.chdir(@start_ctx[:cwd])
        rescue Errno::ENOENT => err
          logger.fatal "#{err.inspect} (#{@start_ctx[:cwd]})"
          SIG_QUEUE << :QUIT # forcibly emulate SIGQUIT
          return
        end
        tempfile = Tempfile.new('') # as short as possible to save dir space
        tempfile.unlink # don't allow other processes to find or see it
        worker = Worker.new(worker_nr, tempfile)
        @before_fork.call(self, worker)
        pid = fork { worker_loop(worker) }
        @workers[pid] = worker
      end
    end

    # once a client is accepted, it is processed in its entirety here
    # in 3 easy steps: read request, call app, write app response
    def process_client(client)
      # one syscall less than "client.nonblock = false":
      client.fcntl(Fcntl::F_SETFL, File::RDWR)
      HttpResponse.write(client, @app.call(@request.read(client)))
    # if we get any error, try to write something back to the client
    # assuming we haven't closed the socket, but don't get hung up
    # if the socket is already closed or broken.  We'll always ensure
    # the socket is closed at the end of this function
    rescue EOFError,Errno::ECONNRESET,Errno::EPIPE,Errno::EINVAL,Errno::EBADF
      client.write_nonblock(Const::ERROR_500_RESPONSE) rescue nil
    rescue HttpParserError # try to tell the client they're bad
      client.write_nonblock(Const::ERROR_400_RESPONSE) rescue nil
    rescue Object => e
      client.write_nonblock(Const::ERROR_500_RESPONSE) rescue nil
      logger.error "Read error: #{e.inspect}"
      logger.error e.backtrace.join("\n")
    ensure
      begin
        client.closed? or client.close
      rescue Object => e
        logger.error "Client error: #{e.inspect}"
        logger.error e.backtrace.join("\n")
      end
      @request.reset
    end

    # gets rid of stuff the worker has no business keeping track of
    # to free some resources and drops all sig handlers.
    # traps for USR1, USR2, and HUP may be set in the @after_fork Proc
    # by the user.
    def init_worker_process(worker)
      QUEUE_SIGS.each { |sig| trap(sig, 'DEFAULT') }
      trap(:CHLD, 'DEFAULT')
      SIG_QUEUE.clear
      proc_name "worker[#{worker.nr}]"
      @rd_sig.close if @rd_sig
      @wr_sig.close if @wr_sig
      @workers.values.each { |other| other.tempfile.close rescue nil }
      @start_ctx = @workers = @rd_sig = @wr_sig = nil
      @listeners.each { |sock| sock.fcntl(Fcntl::F_SETFD, Fcntl::FD_CLOEXEC) }
      worker.tempfile.fcntl(Fcntl::F_SETFD, Fcntl::FD_CLOEXEC)
      @after_fork.call(self, worker) # can drop perms
      @request = HttpRequest.new(logger)
      build_app! unless @preload_app
    end

    # runs inside each forked worker, this sits around and waits
    # for connections and doesn't die until the parent dies (or is
    # given a INT, QUIT, or TERM signal)
    def worker_loop(worker)
      master_pid = Process.ppid # slightly racy, but less memory usage
      init_worker_process(worker)
      nr = 0 # this becomes negative if we need to reopen logs
      tempfile = worker.tempfile
      ready = @listeners
      client = nil
      rd, wr = IO.pipe
      rd.fcntl(Fcntl::F_SETFD, Fcntl::FD_CLOEXEC)
      wr.fcntl(Fcntl::F_SETFD, Fcntl::FD_CLOEXEC)

      # closing anything we IO.select on will raise EBADF
      trap(:USR1) { nr = -65536; rd.close rescue nil }
      trap(:QUIT) { @listeners.each { |sock| sock.close rescue nil } }
      [:TERM, :INT].each { |sig| trap(sig) { exit(0) } } # instant shutdown
      @logger.info "worker=#{worker.nr} ready"

      while master_pid == Process.ppid
        if nr < 0
          @logger.info "worker=#{worker.nr} reopening logs..."
          Unicorn::Util.reopen_logs
          @logger.info "worker=#{worker.nr} done reopening logs"
          wr.close rescue nil
          rd, wr = IO.pipe
          rd.fcntl(Fcntl::F_SETFD, Fcntl::FD_CLOEXEC)
          wr.fcntl(Fcntl::F_SETFD, Fcntl::FD_CLOEXEC)
        end
        # we're a goner in @timeout seconds anyways if tempfile.chmod
        # breaks, so don't trap the exception.  Using fchmod() since
        # futimes() is not available in base Ruby and I very strongly
        # prefer temporary files to be unlinked for security,
        # performance and reliability reasons, so utime is out.  No-op
        # changes with chmod doesn't update ctime on all filesystems; so
        # we change our counter each and every time (after process_client
        # and before IO.select).
        tempfile.chmod(nr = 0)

        begin
          ready.each do |sock|
            begin
              client = begin
                sock.accept_nonblock
              rescue Errno::EAGAIN
                next
              end
              process_client(client)
            rescue Errno::ECONNABORTED
              # client closed the socket even before accept
              client.close rescue nil
            ensure
              tempfile.chmod(nr += 1)
              break if nr < 0
            end
          end
          client = nil

          # make the following bet: if we accepted clients this round,
          # we're probably reasonably busy, so avoid calling select()
          # and do a speculative accept_nonblock on every listener
          # before we sleep again in select().
          if nr != 0 # (nr < 0) => reopen logs
            ready = @listeners
          else
            begin
              tempfile.chmod(nr += 1)
              # timeout used so we can detect parent death:
              ret = IO.select(@listeners, nil, [rd], @timeout/2.0) or next
              ready = ret[0]
            rescue Errno::EINTR
              ready = @listeners
            rescue Errno::EBADF => e
              nr < 0 or exit(@listeners[0].closed? ? 0 : 1)
            end
          end
        rescue SignalException, SystemExit => e
          raise e
        rescue Object => e
          if alive
            logger.error "Unhandled listen loop exception #{e.inspect}."
            logger.error e.backtrace.join("\n")
          end
        end
      end
    end

    # delivers a signal to a worker and fails gracefully if the worker
    # is no longer running.
    def kill_worker(signal, pid)
      begin
        Process.kill(signal, pid)
      rescue Errno::ESRCH
        worker = @workers.delete(pid) and worker.tempfile.close rescue nil
      end
    end

    # delivers a signal to each worker
    def kill_each_worker(signal)
      @workers.keys.each { |pid| kill_worker(signal, pid) }
    end

    # unlinks a PID file at given +path+ if it contains the current PID
    # useful as an at_exit handler.
    def unlink_pid_safe(path)
      (File.read(path).to_i == $$ and File.unlink(path)) rescue nil
    end

    # returns a PID if a given path contains a non-stale PID file,
    # nil otherwise.
    def valid_pid?(path)
      if File.exist?(path) && (pid = File.read(path).to_i) > 1
        begin
          Process.kill(0, pid)
          return pid
        rescue Errno::ESRCH
        end
      end
      nil
    end

    def load_config!
      begin
        logger.info "reloading config_file=#{@config.config_file}"
        @config[:listeners].replace(@init_listeners)
        @config.reload
        @config.commit!(self)
        kill_each_worker(:QUIT)
        logger.info "done reloading config_file=#{@config.config_file}"
      rescue Object => e
        logger.error "error reloading config_file=#{@config.config_file}: " \
                     "#{e.class} #{e.message}"
      end
    end

    # returns an array of string names for the given listener array
    def listener_names(listeners = @listeners)
      listeners.map { |io| sock_name(io) }
    end

    def build_app!
      @app = @app.call if @app.respond_to?(:arity) && @app.arity == 0
    end

    def proc_name(tag)
      $0 = ([ File.basename(@start_ctx[:zero]), tag ] +
              @start_ctx[:argv]).join(' ')
    end

  end
end

git clone https://yhbt.net/unicorn.git