lp://staging/~fwereade/pyjuju/fix-charm-upgrade
- Get this branch:
- bzr branch lp://staging/~fwereade/pyjuju/fix-charm-upgrade
Branch merges
- Kapil Thangavelu (community): Approve
- Jim Baker (community): Approve
-
Diff: 3535 lines (+1424/-808)15 files modifieddocs/source/internals/unit-agent-persistence.rst (+138/-0)
juju/agents/tests/test_unit.py (+79/-141)
juju/agents/unit.py (+59/-136)
juju/control/tests/test_resolved.py (+16/-8)
juju/control/tests/test_status.py (+11/-37)
juju/control/tests/test_upgrade_charm.py (+4/-2)
juju/errors.py (+11/-1)
juju/lib/statemachine.py (+105/-28)
juju/lib/tests/test_statemachine.py (+214/-76)
juju/state/service.py (+10/-10)
juju/tests/test_errors.py (+31/-9)
juju/unit/lifecycle.py (+122/-24)
juju/unit/tests/test_lifecycle.py (+121/-50)
juju/unit/tests/test_workflow.py (+435/-227)
juju/unit/workflow.py (+68/-59)
Branch information
Recent revisions
- 456. By William Reade
-
WorkflowState now (1) has a synchronize method that re-runs inflight
transitions after restart, and (2) requires external locking on state-
changing methods.(1) is a required change due to the verdict on fix-charm-upgrade (that is:
we don't want additional states for the upgrade process, and we should use
write-ahead logging to maintain state across process death); (2) is
consequently required because of the interaction between the upgrade flag
watch and the resolved watch, both of which take `state == "started"` to
mean "it's safe to fire a transition". This was a pre-existing bug, but was
IMO exacerbated severely by the fact that we now never leave the "started"
state while upgrading a charm -- enough so that I'm not comfortable
proposing a patch that fails to address this issue.This diff is *big*, but the vast majority of the changes are as a result of
the WorkflowState locking; in particular, many many tests set workflow state
in one way or another, and the necessary changes add a *lot* of noise. In
hindsight, the locking changes could have been made independently, but I
don't think the resulting pair of branches would actually be significantly
easier to deal with.Various explanatory notes follow:
* External WorkflowState locking (rather than automagic internal locking) was
chosen for simplicity's sake on the part of the client as well: when one
to fire a transition conditional on some state being active, it makes
sense to grab the lock, check, and fire the transition, in the certain
knowledge that nobody can have changed state underneath you.* The obvious problem with DeferredLock (that you can tell it's locked, but
not who owns the lock) has minimal impact, thanks to the unit tests.
Consider the following scenarios:* Code tries to lock, test not holding lock: we're fine.
* Code tries to lock, test is holding lock: bad test; deadlocks.
* Code fails to lock, test not holding lock: bad code: asserts.
* Code fails to lock, test is holding lock: bad code AND bad test.The final scenario is the only dangerous one, but it's just a special
case of the fact that you can *always* write a bad test that passes bad
code; I think attempting to solve this is out of scope for this universe.* WorkflowState.
fire_transition sets the inflight transition once it knows
the requested transition is valid, and only clears it explicitly if the
transition fails without an error transition to follow up (when a
transition succeeds, set_state implicitly clears inflight).* WorkflowState.
synchronize (1) detects and re-runs inflight transitions and
(2) has taken over responsibility for the automatic transitions (eg
None->installed- >started) which had previously been handled in UWS/RWS.
The overlapping concept of success_transition_ id has been dropped;
transitions can now be marked as "automatic".* WorkflowState.
set_inflight really wants to be private, but is exposed for
testing's sake; get_inflight needs to be exposed so that UWS.synchronize
doesn't inappropriately start the executor when recovering from mid-
upgrade process death.* Er...
* That's it.
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)
- Stacked on:
- lp://staging/pyjuju