mobile: support handling requests on worker thread#44295
mobile: support handling requests on worker thread#44295danzh2010 wants to merge 23 commits intoenvoyproxy:mainfrom
Conversation
…pdate tests Signed-off-by: Dan Zhang <danzh@google.com>
Signed-off-by: Dan Zhang <danzh@google.com>
Signed-off-by: Dan Zhang <danzh@google.com>
…performance Signed-off-by: Dan Zhang <danzh@google.com>
Signed-off-by: Dan Zhang <danzh@google.com>
Signed-off-by: Dan Zhang <danzh@google.com>
Signed-off-by: Dan Zhang <danzh@google.com>
…ly and update tests' Signed-off-by: Dan Zhang <danzh@google.com>
Signed-off-by: Dan Zhang <danzh@google.com>
Signed-off-by: Dan Zhang <danzh@google.com>
Signed-off-by: Dan Zhang <danzh@google.com>
|
CC @envoyproxy/api-shepherds: Your approval is needed for changes made to |
danzh2010
changed the title
Signed-off-by: Dan Zhang <danzh@google.com>
|
/assign @paul-r-gall |
Signed-off-by: Dan Zhang <danzh@google.com>
… of client_. Signed-off-by: Dan Zhang <danzh@google.com>
…Change ASSERT to RELEASE_ASSERT in ApiListenerManagerImpl::httpClient() to ensure it's checked in opt builds.\n- Add info log when worker thread is started.\n- Comment out trace log level setting in rtds_integration_test.cc.\n- Format client_test.cc. Signed-off-by: Dan Zhang <danzh@google.com>
| @@ -458,4 +458,14 @@ message ValidationListenerManager { | |||
| // Listener Manager via the bootstrap's :ref:`listener_manager <envoy_v3_api_field_config.bootstrap.v3.Bootstrap.listener_manager>`. | |||
| // [#not-implemented-hide:] | |||
| message ApiListenerManager { | |||
There was a problem hiding this comment.
Why is this message in this file to begin with, rather than being in bootstrap.proto? It seems like this wouldn't ever be used outside of the bootstrap, so it doesn't really belong with the rest of the xDS API.
There was a problem hiding this comment.
My guess is that all the listener manager extensions go into this file.
| message ApiListenerManager { | ||
| enum ThreadingModel { | ||
| // Handle HTTP requests on the main Envoy thread which also processes platform-raised events and runs xDS clients. | ||
| MainThreadOnly = 0; |
There was a problem hiding this comment.
Protobuf enum elements should be in all-caps, like MAIN_THREAD_ONLY.
Signed-off-by: Dan Zhang <danzh@google.com>
|
/retest |
Signed-off-by: Dan Zhang <danzh@google.com>
Signed-off-by: Dan Zhang <danzh@google.com>
|
This is ready for review! |
|
@abeyad i think this is waiting on your sign off |
|
friendly ping? |
| return *this; | ||
| } | ||
|
|
||
| EngineBuilder& EngineBuilder::enableEarlyData(bool early_data_on) { |
There was a problem hiding this comment.
why are early data changes in this PR?
There was a problem hiding this comment.
Some tests accidentally enable early data due to turning off cert validation offloading in some test combination. And early data request doesn't have ssl_start_time populated in final_stream_intel which breaks test assumption. But I figured out another way to bypass the validation. So I reverted early data related change.
|
|
||
| #if defined(__APPLE__) | ||
| if (respect_system_proxy_settings_) { | ||
| if (respect_system_proxy_settings_ && !use_worker_thread_) { |
There was a problem hiding this comment.
are we using "no separate worker thread" here to mean "not mobile"? I think that would be a dangerous assumption. For non-mobile use cases, respect_system_proxy_settings_ should be set to false anyway.
There was a problem hiding this comment.
"no separate worker thread" means "mobile". Or I should say we only allow respect_system_proxy_settings_ when "no separate worker thread" otherwise the knob is no-op.
There was a problem hiding this comment.
I'm not sure why we check both here though. We should only check respect_system_proxy_settings_. If we think it's related, when we set "enableStandaloneWorkerThread()", we should also set respect_system_proxy_settings_ to false there, but I don't even think we need to do that. Unless I'm misunderstanding?
There was a problem hiding this comment.
The check here just enforces these 2 knobs won't take effect at the same time if a user misconfigured the builder. The knobs can be called in any sequence on the builder, so if we want to enforce this in the setter, we need to do it in both setters. I slightly prefer adding some enforcement somehow otherwise the Engine can still run but will run into data race?
There was a problem hiding this comment.
I agree with preventing the system proxy settings from being invoked unless it's on mobile. I'm concerned that the code is very confusing as to why it checks if a worker thread is enabled or not when deciding whether to register the apple system proxy settings.
Ideally, this would be solved by different EngineBuilders for Envoy "Client" vs. Envoy "Mobile", that can enforce the various constraints for the mobile vs. non-mobile use case. There's already an ifdef guard for __APPLE__ guarding this code, but I suppose that would still execute on MacOS and other non-iOS Apple devices.
Also, ideally, EngineBuilder::build() would return StatusOr<EngineSharedPtr> instead of just EngineSharedPtr. That way, we could return a status error if the config is in a logically inconsistent state. But that would be a separate change.
For now, I'm OK with keeping this check as long as we write clear code comments explaining why we are also checking for !use_worker_thread_
There was a problem hiding this comment.
I moved the enforcement to both enableWorkerThread() and respectSystemProxySetings() so that the former takes precedence. Likewise for platform cert validation. PTAL.
| EngineBuilder& enableBrotliDecompression(bool brotli_decompression_on); | ||
| EngineBuilder& enableSocketTagging(bool socket_tagging_on); | ||
| EngineBuilder& enableHttp3(bool http3_on); | ||
| EngineBuilder& setUseWorkerThread(bool use_worker_thread); |
There was a problem hiding this comment.
How about enableStandaloneWorkerThread? We should also add comments to clarify what this method does i.e. what a separate worker/network thread means
| worker_started_notification.WaitForNotification(); | ||
| ENVOY_LOG_MISC(info, "Worker thread has been started"); | ||
|
|
||
| worker_->httpClient(); // Verify if it's null right after startup |
There was a problem hiding this comment.
what does this comment mean here?
There was a problem hiding this comment.
httpClient() ASSERT on client_ to be not null.
Signed-off-by: Dan Zhang <danzh@google.com>
Signed-off-by: Dan Zhang <danzh@google.com>
…ker thread Signed-off-by: Dan Zhang <danzh@google.com>
abeyad
left a comment
abeyad
left a comment
There was a problem hiding this comment.
@markdroth friendly ping on the API review, thanks!
Signed-off-by: Dan Zhang <danzh@google.com>
Signed-off-by: Dan Zhang <danzh@google.com>
6 participants
Commit Message: add a config knob
threading_modelin ApiListenerManager. And add an interfaceenableWorkerThread()in C++ and python EngineBuilder to allow choosing a threading model for mobile engine. In addition to the exitingMAIN_THREAD_ONLYmodel mostly used for mobile deployment, this PR introduces aSTANDALONE_WORKER_THREADmodel which will drive http requests in a standalone worker thread. This allows E-M to be more like Envoy which also run HTTP listeners and xDS processing on different threads so that network events won't be blocked by xDS config updates.Note that in
STANDALONE_WORKER_THREADmode certificates validation offloading and system proxy setting is NOT supported as this threading model is not meant to be used by mobile applications.Risk Level: low, behind knobs
Testing: existing integration tests pass
Docs Changes: N/A
Release Notes: N/A