Gracefully close websocket connections from the client

[evan-bradley]

On calling OpAMPClient.Stop for websocket clients, the client closes the TCP connection without performing a closing handshake, which from my testing throws a handful of errors in the client and the server.

This change attempts to gracefully close the connection by initiating a closing handshake as specified in RFC 6455. This gives the connection on both sides time to clean up before terminating the TCP connection, and is more compliant with the Websocket specification.

Testing with the Supervisor, this cleans up the following errors in the client:

2023-09-20T16:16:42.018-0400    ERROR   internal/wssender.go:77 Cannot write WS message: use of closed network connection
github.com/open-telemetry/opamp-go/client/internal.(*WSSender).sendMessage
        /home/ihsmwaqhcpfwcime/code/github.com/evan-bradley/opamp-go/client/internal/wssender.go:77
github.com/open-telemetry/opamp-go/client/internal.(*WSSender).sendNextMessage
        /home/ihsmwaqhcpfwcime/code/github.com/evan-bradley/opamp-go/client/internal/wssender.go:70
github.com/open-telemetry/opamp-go/client/internal.(*WSSender).run
        /home/ihsmwaqhcpfwcime/code/github.com/evan-bradley/opamp-go/client/internal/wssender.go:56

2023-09-20T16:16:42.018-0400    ERROR   internal/wsreceiver.go:53       Unexpected error while receiving: read tcp 127.0.0.1:45242->127.0.0.1:4320: use of closed network connection
github.com/open-telemetry/opamp-go/client/internal.(*wsReceiver).ReceiverLoop
        /home/ihsmwaqhcpfwcime/code/github.com/evan-bradley/opamp-go/client/internal/wsreceiver.go:53
github.com/open-telemetry/opamp-go/client.(*wsClient).runOneCycle
        /home/ihsmwaqhcpfwcime/code/github.com/evan-bradley/opamp-go/client/wsclient.go:243
github.com/open-telemetry/opamp-go/client.(*wsClient).runUntilStopped
        /home/ihsmwaqhcpfwcime/code/github.com/evan-bradley/opamp-go/client/wsclient.go:265
github.com/open-telemetry/opamp-go/client/internal.(*ClientCommon).StartConnectAndRun.func1
        /home/ihsmwaqhcpfwcime/code/github.com/evan-bradley/opamp-go/client/internal/clientcommon.go:199

This also cleans up the following error in the server that I have seen while running tests:

Cannot send message to WebSocket: write tcp 127.0.0.1:42589->127.0.0.1:48774: write: connection reset by peer

[codecov]

Codecov Report

Attention: 21 lines in your changes are missing coverage. Please review.

Files	Coverage Δ
client/httpclient.go	95.16% <100.00%> (+0.42%)	⬆️
client/internal/clientcommon.go	79.80% <100.00%> (ø)
client/internal/receivedprocessor.go	84.93% <100.00%> (+0.64%)	⬆️
client/types/callbacks.go	66.66% <ø> (ø)
server/callbacks.go	68.18% <100.00%> (-4.55%)	⬇️
server/wsconnection.go	100.00% <100.00%> (ø)
client/internal/packagessyncer.go	59.25% <0.00%> (ø)
server/serverimpl.go	58.92% <95.00%> (+0.37%)	⬆️
server/httpconnection.go	33.33% <0.00%> (ø)
client/internal/mockserver.go	82.35% <85.71%> (+0.31%)	⬆️
... and 2 more

... and 5 files with indirect coverage changes

📢 Thoughts on this report? Let us know!.

[srikanthccv]

Thanks, and this graceful close is good, but I think this also has the same issue. Isn't there a good chance that ReceiverLoop tries to read the message after the close message is sent? And the ReadMessage will return an error something like websocket: close sent?

[evan-bradley]

Isn't there a good chance that ReceiverLoop tries to read the message after the close message is sent?

In an ordinary circumstance it is expected that the ReceiverLoop will read one final message after the client sends its close message. The Websocket close handshake includes a close response from the server after the client sends its close message, so we will hit this condition and the receiver loop will close.

And the ReadMessage will return an error something like websocket: close sent?

The websocket: close sent error is only thrown for attempting to send messages. The code now waits for any pending messages to be sent to avoid this error. Any messages that the client implementation attempts to send after calling Stop will throw this error, but we could probably avoid that by throwing an error to the client implementation directly.

[srikanthccv]

The websocket: close sent error is only thrown for attempting to send messages.

Does it only happen for send? I also saw this happen for read messages in a simple setup right after the Close message is sent.

[evan-bradley]

To the best of my understanding that error will only be thrown when writing to the WebSocket connection. I did a search for the error and the only places it came up were when writing to the WebSocket: https://github.com/search?q=repo%3Agorilla%2Fwebsocket%20ErrCloseSent&type=code.

From a specification point of view, I don't think it would make sense to throw that error on reading from the WebSocket connection. For the closing handshake the client needs a close message from the peer, so it will need to read messages from the WebSocket until it reads the peer's close message.

[srikanthccv]

I couldn't recreate the error case I mentioned earlier. You are correct; this is clearly a better way to close.

[evan-bradley]

I couldn't recreate the error case I mentioned earlier.

Thanks for confirming. I think this should be ready for review now.

[tigrannajaryan]

Please document these fields.

[tigrannajaryan]

I think we also need to honour the ctx', so probably add a case <-ctx.Done():.

[tigrannajaryan]

What does a deadline of one second do? Is this the maximum time allowed for the message to reach our peer and to be acked? Seems too low in that case.

[evan-bradley]

This is the time the WebSocket client will wait for other writers that have a lock on the underlying connection to release their lock before aborting sending the control message. From what I can tell, writers will release their lock on the socket once it is written to without regard for whether the other end receives it. I'll raise it for now in case a client sends an enormous payload before shutting down, but for the average case I think roughly a second should be ample. Do you have any suggestions for what a good value might be here?

[tigrannajaryan]

I am not sure about the swapping of the order of "close" vs "wait". The comment "Close the connection to unblock the WSSender as well" seems to indicate closing is necessary to ensure wait complete. Is that the case or the comment was misleading?

[evan-bradley]

I may have misunderstood it, but to me the comment was misleading. Closing the connection doesn't appear to have any effect on the WSSender since the only way to shut down WSSender is by canceling the context, which is done by calling procCancel in this function.

I mostly reversed these for two reasons:

1. This allows us to clean up the application-level side of the connection before shutting down the transport-level component, which feels like the proper order of operations to me.
2. In the case where we had an error on receiving (e.g. we got bad proto data) and we're looking to reset the connection, this will allow us to send any remaining messages before closing it.

[tigrannajaryan]

Why specifically 3 seconds? Is this expected to do a network roundtrip? It seems too low in that case.

[evan-bradley]

I meant to revisit this, but I mostly kept this at a low value since it's just for acking that the connection is shut down and I couldn't find a standard timeout to use. I agree it could be too low, do you think a higher value like 10 seconds would make sense?

[tigrannajaryan]

Can this get stuck or take a very long time? Should we check for <-ctx.Done() too?

[evan-bradley]

I'm fine checking for ctx.Done just to be safe, but this realistically shouldn't get stuck for a long time since it is essentially triggered by procCancel in runOneCycle.

[tigrannajaryan]

Would it be safer to close the channel to signal stopping? Reading this code locally it is not apparent that there is only one reader of this signal. In fact it says "processors", plural, implying that there may be many readers, in which case only one will be notified by writing to the channel. As opposed to that closing the channel will notify them all and seems safer.

[evan-bradley]

The goal of this channel is to communicate between Stop and runOneCycle, since runOneCycle "owns" the background processors. I've renamed the channels and updated the comments to hopefully clarify this. Sending a message to the channel should be sufficient, but I've updated this line to close the channel to indicate that this is the last message on the channel.

[evan-bradley]

As a follow-up question, do we expect there will ever be more background processors? Right now it's just the sender, which seems like it should be sufficient for the foreseeable future. If we don't think there will be more, I will make the naming a little more specific.

[tigrannajaryan]

What is the purpose of this check? What happens if Stop() is called immediately after this check, is there a danger of race?

[evan-bradley]

What is the purpose of this check?

This check disallows client implementations from attempting to send messages after they have called Stop.

What happens if Stop() is called immediately after this check, is there a danger of race?

There is, that's a great observation. We need to inhibit stopping for the duration of these methods to prevent the messages from being lost without an error being returned. I've updated the concurrency control mechanisms to account for this.

[tigrannajaryan]

Reading c.conn requires locking a mutex because it may be written elsewhere. That is the reason we have conn as a local variable.

[evan-bradley]

Good catch, not sure where I missed that. I've updated all occurrences of this to lock.

[tigrannajaryan]

Same here. I don't think we should read c.conn, it can race with writes elsewhere.

[evan-bradley]

Again good catch, it should be fixed now.

[tigrannajaryan]

Is it safe to call CloseHandler() concurrently with other uses of the connection? We may be using the connection (e.g. writing or reading data) in background processes at the same time? I can't tell if it is safe from the docs.

[evan-bradley]

CloseHandler only returns the current close handler, it doesn't perform any reads from or writes to the connection. Our goal here is to wrap the close handler so we can signal when the WebSocket library is done closing.

[tigrannajaryan]

Same concurrency question for SetCloseHandler.

[evan-bradley]

SetCloseHandler only sets the close handler function, which will be called later when the client receives a close message from the server. We know that all writes have stopped once bgProcessingStopped has fired, which we wait on above in this method.

[tigrannajaryan]

Do we have a guarantee that conn is not written concurrently by the background processors?

[evan-bradley]

We should. bgProcessingStopped will emit a message when all background processors have stopped, and we wait on that above before starting the closing handshake.

[evan-bradley]

@srikanthccv @tigrannajaryan I'm growing increasingly concerned that the current implementation may be unnecessarily complex and hard to follow. I've done my best to leave comments explaining it, but it's possible I should revisit this as a larger refactor of how we manage the transport layer connection, readers, and writers. I still think what's here is an improvement over the way the connection is currently closed, but if there are concerns over verifying it's free of races, deadlocks, etc. we can look at other approaches.

Let me know your thoughts, maybe this is something we discuss at the next working group meeting.

[tigrannajaryan]

I'm growing increasingly concerned that the current implementation may be unnecessarily complex and hard to follow.

@evan-bradley this is my feeling as well. We could try to finalize this PR to handle this particular issue but I am also concerned that the codebase is not easy to understand and prove that it is correct, especially from concurrency perspective.

I would not mind a refactoring to make the code more understandable.

[evan-bradley]

I'm closing this for now in favor of addressing this more holistically by refactoring the client. I believe an approach of controlling the sender, receiver, and transport from separate goroutines that communicate with channels will likely be easiest to reason about and map well to how Go handles concurrency in the standard library. I'm not sure whether this approach is viable or whether I will be able to attempt it soon.