Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Feature]: (Option to) Shutdown server gracefully when destroyed before deleting it #751

Closed
LionC opened this issue Sep 14, 2023 · 6 comments
Closed

[Feature]: (Option to) Shutdown server gracefully when destroyed before deleting it #751

LionC opened this issue Sep 14, 2023 · 6 comments
Labels
enhancement

Comments

@LionC
Copy link
Contributor

LionC commented Sep 14, 2023
edited
Loading

What whould you like to see?

Currently, when destroying an hcloud_server resource, the server is outright deleted via the API (happening here I think) without shutting it down properly.

This causes services that might want to terminate gracefully to not have the chance to do so. It would be nice if it was possible to shut down the server properly before deleting it - maybe via an option in the resource if that change would be considered breaking otherwise.

I would be happy to attempt an implementation if this is something the team would approve.
@apricote
Copy link
Member

In general this sounds like a nice option to have! One issue I can think of (see hetznercloud/cli#489) is that "graceful shutdown" is not implemented directly in the API. There are two endpoints which do this:

  • power off: once issued, this will immediately stop the server without giving it any time to process the shut down. AFAIK this is what happens if the server is deleted.
  • shut down: this will send the ACPI shutdown request to the server. The action that is returned from this endpoint only means "the request was sent", not that the server actually shut down. The OS is responsible for handling the ACPI request and we do not really know when it was processed. Only solution I can think of is a timeout, after which we proceed with the deletion, or polling the server object to watch for status: off

@LionC
Copy link
Contributor Author

LionC commented Sep 14, 2023

  • shut down: this will send the ACPI shutdown request to the server. The action that is returned from this endpoint only means "the request was sent", not that the server actually shut down. The OS is responsible for handling the ACPI request and we do not really know when it was processed. Only solution I can think of is a timeout, after which we proceed with the deletion, or polling the server object to watch for status: off

Polling would probably be the more desirable solution, maybe with a configurable timeout with a sensible default. But a hard timeout after which the server is deleted would also be better than no solution.

I would be happy to try an implementation for the polling solution.

@apricote
Copy link
Member

I would be happy to try an implementation for the polling solution.

That would be awesome! Feel free to open a draft PR if you have any questions :)

@LionC
Copy link
Contributor Author

LionC commented Sep 14, 2023

Should it be the new default behaviour (meaning we do not believe / support users relying on the server being insta-nuked on destruction)? Or should it be an opt-in option?

@apricote
Copy link
Member

I would make it an opt-in behaviour, as it differs from the standard behaviour of the API and other tools

@LionC LionC mentioned this issue Sep 16, 2023
Merged
@LionC
Copy link
Contributor Author

LionC commented Sep 16, 2023

@apricote draft PR open

@LionC LionC closed this as completed Oct 2, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@apricote @LionC