feat: Wait shutdown-grace-seconds to flush async db writes to disk

[chillyvee]

Description

server/start.go by default exits the main() routine before databases have a chance to flush async writes to disk (such as pebbledb)

Since there is no master registry of all open databases that can be used for orderly flushing of all open databases, databases should be allowed to catch interrupt signals (like the main daemon) and be given time to flush to disk to avoid data loss.

Add Close() for snapshot manager
Add application.db and snapshots/metadata.db to BaseApp.Close()

---

Author Checklist

All items are required. Please add a note to the item if the item is not applicable and
please add links to any relevant follow up issues.

I have...

• included the correct type prefix in the PR title
• added ! to the type prefix if API or client breaking change
• targeted the correct branch (see PR Targeting)
• provided a link to the relevant issue or specification
• followed the guidelines for building modules
• included the necessary unit and integration tests
• added a changelog entry to CHANGELOG.md
• included comments for documenting Go code
• updated the relevant documentation or specification
• reviewed "Files changed" and left comments if necessary
• run make lint and make test
• confirmed all CI checks have passed

Reviewers Checklist

All items are required. Please add a note if the item is not applicable and please add
your handle next to the items reviewed if you only reviewed selected items.

I have...

• confirmed the correct type prefix in the PR title
• confirmed ! in the type prefix if API or client breaking change
• confirmed all author checklist items have been addressed
• reviewed state machine logic
• reviewed API design and naming
• reviewed documentation is accurate
• reviewed tests and test coverage
• manually tested (if applicable)

[yihuang]

You can probably implement the app.Close method, which is called in graceful shutdown.

[chillyvee]

You can probably implement the app.Close method, which is called in graceful shutdown.

Thank you for the comment. Will try it.

[chillyvee]

Do you know where the database handle to data/evidence.db is held?

[alexanderbez]

Since the server package's signal capturing mechanism executes a callback function that performs all cleanup, instead the app should pass what it wants cleaned up to that call IMO

[chillyvee]

Since the server package's signal capturing mechanism executes a callback function that performs all cleanup, instead the app should pass what it wants cleaned up to that call IMO

Are you referring to cleanupFn from func startApp(svrCtx *Context, appCreator types.AppCreator, opts StartCmdOptions) (app types.Application, cleanupFn func(), err error) ?

A callback to add items to clean up makes sense, but since start.go/startApp opens db, should start.go clean itself up rather than relying on the chain app.go to ask?

cosmos-sdk/baseapp/baseapp.go creates the snapshotmanager, so is it better that cosmos-sdk clean that up rather than rely on a callback supplied by the application chain?

if app/app.go opens a new database, then cleanupFn should clean up that new database that cosmos-sdk does not manage

[chillyvee]

@alexanderbez Confirming whether you agree that:

1. it is okay for cosmos-sdk to close the database handles that it opens (rather than relying on the app.go chain logic)
2. app specific databases be closed by request from the app

[alexanderbez]

I would say this makes sense to me, yes!

[chillyvee]

Following guidance, cometbft closes databases it opens OnStop:
cometbft/cometbft#1210

[chillyvee]

github dependency test does not see the new snapshot manager Close() method

local go test succeeds with manager.Close() call

app.snapshotManager.Close undefined (type *snapshots.Manager has no field or method Close)

defined here:
https://github.com/cosmos/cosmos-sdk/pull/17094/files#diff-127e2148fdc244ca5bc1bf693f0d9d2020a46b6bf32cc1377801b6c49ceb9205R555

[julienrbrt]

github dependency test does not see the new snapshot manager Close() method

This is because store it is own go.mod. You could split the PR and scope one on store changes the the other one for integrating the changes (using then a pseudo version from main). That's better than adding replaces imho.

[julienrbrt]

Lets add a changelog under store/CHANGELOG.md for this.

[chillyvee]

In #17294

[chillyvee]

snapshot manager Close() split into #17294

[chillyvee]

This PR is rebased on #17294

pseudo version for go.mod after #17294 merge?

[julienrbrt]

This PR is rebased on #17294

pseudo version for go.mod after #17294 merge?

👍
Yes, pseudo version from main.

[chillyvee]

Hi! Could you fix the conflicts and look at the last comment?

Conflict resolved.

Last comment from yihuang?

[julienrbrt]

Hi! Could you fix the conflicts and look at the last comment?

Conflict resolved.

Last comment from yihuang?

Yes

[chillyvee]

Hi! Could you fix the conflicts and look at the last comment?

Conflict resolved.
Last comment from yihuang?

Yes

Let's wait for an update from @yihuang to see how soon a root cause solution is available.

If a solution isn't available soon, it might be good to use the grace period now and reduce data loss on program exit (this is a current problem). We can remove the grace feature later.

[yihuang]

Hi! Could you fix the conflicts and look at the last comment?

Conflict resolved.
Last comment from yihuang?

Yes

Let's wait for an update from @yihuang to see how soon a root cause solution is available.

If a solution isn't available soon, it might be good to use the grace period now and reduce data loss on program exit (this is a current problem). We can remove the grace feature later.

sorry for the delay, our chain binary still uses sdk 0.46, which is known to be not good at graceful shutdown.
but I just tested with simd in latest cosmos-sdk, it's very stable that app.Close is always called when kill the node, I also added several seconds of time.Sleep in it, and it'll wait for it to return, there's big cleanup regarding the graceful shutdown has done in recent sdk.

[chillyvee]

I just tested with simd in latest cosmos-sdk, it's very stable that app.Close is always called when kill the node, I also added several seconds of time.Sleep in it, and it'll wait for it to return, there's big cleanup regarding the graceful shutdown has done in recent sdk.

@yihuang Do you think it's better to remove the new grace-seconds and only keep the DB close calls in baseapp/baseapp.go Close() ?

Is there any way to backport the Close()/Cleanup so that previous SDK versions can shutdown properly? Or must all chains upgrade to 0.49/0.50 to shutdown properly?

[yihuang]

I just tested with simd in latest cosmos-sdk, it's very stable that app.Close is always called when kill the node, I also added several seconds of time.Sleep in it, and it'll wait for it to return, there's big cleanup regarding the graceful shutdown has done in recent sdk.

@yihuang Do you think it's better to remove the new grace-seconds and only keep the DB close calls in baseapp/baseapp.go Close() ?

I think so, the issue probably don't reproduce in main branch, but I guess we can add this in 0.46 backport if is reproduce there?

Is there any way to backport the Close()/Cleanup so that previous SDK versions can shutdown properly? Or must all chains upgrade to 0.49/0.50 to shutdown properly?

I did an try before, but there are too many API breaking changes to be accepted: #16203

[chillyvee]

I just tested with simd in latest cosmos-sdk, it's very stable that app.Close is always called when kill the node, I also added several seconds of time.Sleep in it, and it'll wait for it to return, there's big cleanup regarding the graceful shutdown has done in recent sdk.

@yihuang Do you think it's better to remove the new grace-seconds and only keep the DB close calls in baseapp/baseapp.go Close() ?

I think so, the issue probably don't reproduce in main branch, but I guess we can add this in 0.46 backport if is reproduce there?

How about we move the db close calls in baseapp.go to a new PR to close the databases on exit.

This PR can be just for the shutdown-grace backport for versions that don't shutdown gracefully like 0.45/0.46/0.47(juno)

[yihuang]

I just tested with simd in latest cosmos-sdk, it's very stable that app.Close is always called when kill the node, I also added several seconds of time.Sleep in it, and it'll wait for it to return, there's big cleanup regarding the graceful shutdown has done in recent sdk.

@yihuang Do you think it's better to remove the new grace-seconds and only keep the DB close calls in baseapp/baseapp.go Close() ?

I think so, the issue probably don't reproduce in main branch, but I guess we can add this in 0.46 backport if is reproduce there?

How about we move the db close calls in baseapp.go to a new PR to close the databases on exit.

This PR can be just for the shutdown-grace backport for versions that don't shutdown gracefully like 0.45/0.46/0.47(juno)

Yeah, sounds good to me.

[chillyvee]

How about we move the db close calls in baseapp.go to a new PR to close the databases on exit.
This PR can be just for the shutdown-grace backport for versions that don't shutdown gracefully like 0.45/0.46/0.47(juno)

Yeah, sounds good to me.

Moved database close calls to #17667

[chillyvee]

This PR can be just for the shutdown-grace backport for versions that don't shutdown gracefully like 0.45/0.46/0.47(juno)

[julienrbrt]

@Mergifyio backport release/v0.50.x

[mergify]

backport release/v0.50.x

✅ Backports have been created

• #18431 feat: Wait shutdown-grace-seconds to flush async db writes to disk (backport #17094) has been created for branch release/v0.50.x but encountered conflicts