CDS: destroy cluster info on master thread

[lambdai]

Not ready to commit. Just a strawman.

The goal is to destroy cluster info on master thread by posting to master dispatcher.

See some issues:

1. cluster info are not guaranteed to be destroyed if post happens immediately after master dispatcher stops. I don't think it is big but we might see that ssl context is not destroyed because the clusterInfo has strong reference( a shared pointer)
2. master to master post. Not ideal but we need a thread id in dispatcher to avoid master-to-master post.

Commit Message:
Additional Description:
Risk Level:
Testing:
Docs Changes:
Release Notes:
Platform Specific Features:
[Optional Runtime guard:]
Fix #13209
[Optional Deprecated:]

[lambdai]

CC @mattklein123 for early comment

[lambdai]

Post cluster info to master thread by this

[lambdai]

Also prevent master-master post by returning false

[mattklein123]

At a high level I'm not crazy about this, but maybe it's the only way to fix this issue. Did you look at what it would take to fix the actual issue of why ClusterInfo is storing such complex information that needs to be deleted on the main thread? Can we decouple that somehow? IMO as I mentioned in the linked issue I think there is stuff in ClusterInfo that shouldn't be there?

If we do stick with this approach I left a few comments and this also needs a main merge. Thank you!

/wait

[mattklein123]

How can this happen? All workers should shut down and join before the main thread finishes running. Even if things are cleaned up after the join, it should be possibly to delete everything on the main thread. Perhaps in this case there needs to be some other cleanup/execution queue for posts that should be run even after the main thread dispatcher has exited?

[lambdai]

Yes, possible, I just want to raise the concern here we need some extra shutdown steps.

[lambdai]

Update: The current order is

1. master stop dispatching
2. shutdown TLS
3. stop workers

Master must refuse clusterInfo destroy closure before TLS shutdown(step2）. Otherwise the clusterInfo may trigger other TLS op and break TLS.

Alternatively we run some clean up in master queue, and disable TLS during the clean up.

[lambdai]

Edit: add const std::map<std::string, ProtocolOptionsConfigConstSharedPtr> extension_protocol_options_;
The major concerns are

  TransportSocketMatcherPtr socket_matcher_;
  const std::unique_ptr<Server::Configuration::CommonFactoryContext> factory_context_;
  std::vector<Network::FilterFactoryCb> filter_factories_;
  const std::map<std::string, ProtocolOptionsConfigConstSharedPtr> extension_protocol_options_;

[lambdai]

filter_factories and factory_context_(underlying transport socket) are extended to filter impl or customized cluster.

I don't have the full context. It seems listener guaranteed these dependencies destroyed in master thread
under the assumption that connections are destroyed in workers prior to destroying ListenerImpl.

[mattklein123]

Can you time box trying to dig into the actual underlying problem of the transport socket sharing and whether we can decouple that somehow?

[lambdai]

Can you time box trying to dig into the actual underlying problem of the transport socket sharing and whether we can decouple that somehow?

I did some homework last night and I can add my comments in #13209

[lambdai]

Fixing regression

[github-actions]

This pull request has been automatically marked as stale because it has not had activity in the last 30 days. It will be closed in 7 days if no further activity occurs. Please feel free to give a status update now, ping for review, or re-open when it's ready. Thank you for your contributions!

[github-actions]

This pull request has been automatically closed because it has not had activity in the last 37 days. Please feel free to give a status update now, ping for review, or re-open when it's ready. Thank you for your contributions!