rnshah9
diff --git a/‎CHANGELOG
Lines changed: 35 additions & 0 deletions b/‎CHANGELOG
Lines changed: 35 additions & 0 deletions
diff --git a/‎arangod/Agency/Inception.cpp
Lines changed: 44 additions & 21 deletions b/‎arangod/Agency/Inception.cpp
Lines changed: 44 additions & 21 deletions
diff --git a/‎arangod/Auth/TokenCache.cpp
Lines changed: 8 additions & 1 deletion b/‎arangod/Auth/TokenCache.cpp
Lines changed: 8 additions & 1 deletion
diff --git a/‎arangod/Auth/TokenCache.h
Lines changed: 18 additions & 9 deletions b/‎arangod/Auth/TokenCache.h
Lines changed: 18 additions & 9 deletions
diff --git a/‎arangod/Cluster/HeartbeatThread.cpp
Lines changed: 1 addition & 1 deletion b/‎arangod/Cluster/HeartbeatThread.cpp
Lines changed: 1 addition & 1 deletion
@@ -1,6 +1,41 @@
 devel
 -----
 
+* The API `/_admin/status` now returns a progress attribute that shows the 
+  server's current state (starting, stopping, etc.), with details about which 
+  feature is currently started, stopped etc. During recovery, the current WAL 
+  recovery sequence number is also reported in a sub-attribute of the 
+  `progress` attribute. Clients can query this attribute to track the 
+  progress of the WAL recovery.
+  The additional progress attribute returned by `/_admin/status` is most
+  useful when using the `--server.early-connections true` setting. With that
+  setting, the server will respond to incoming requests to a limited set of
+  APIs already during server startup. When the setting is not used, the REST
+  interface will be opened relatively late during the startup sequence, so
+  that the progress attribute will likely not be very useful anymore.
+
+* Optionally start up HTTP interface of servers earlier, so that ping probes 
+  from tools can already be responded to when the server is not fully started.
+  By default, the HTTP interface is opened at the same point during the startup
+  sequence as before, but it can optionally be opened earlier by setting the 
+  new startup option `--server.early-connections` to `true`. This will 
+  open the HTTP interface early in the startup, so that the server can respond
+  to a limited set of REST APIs even during recovery. This can be useful 
+  because the recovery procedure can take time proportional to the amount of 
+  data to recover.
+  When the `--server.early-connections` option is set to `true`, the
+  server will respond to requests to the following APIs during the startup
+  already:
+  - `/_api/version`
+  - `/_admin/version`
+  - `/_admin/status`
+  All other APIs will be responded to with an HTTP response code 503, so that 
+  callers can see that the server is not fully ready.
+  If authentication is used, then only JWT authentication can be used during
+  the early startup phase. Incoming requests relying on other authentication
+  mechanisms that require access to the database data will also be responded to
+  with HTTP 503 errors, even if correct credentials are used.
+
 * Fix behavior when accessing a view instead of a collection by name in a REST
   document operation. Now return a proper error.
 
 
@@ -26,12 +26,14 @@
 #include "Agency/Agent.h"
 #include "ApplicationFeatures/ApplicationServer.h"
 #include "Basics/ConditionLocker.h"
-#include "Basics/application-exit.h"
 #include "Basics/MutexLocker.h"
+#include "Basics/StaticStrings.h"
+#include "Basics/application-exit.h"
 #include "Cluster/ServerState.h"
 #include "Logger/LogMacros.h"
 #include "Network/Methods.h"
 #include "Network/NetworkFeature.h"
+#include "Random/RandomGenerator.h"
 
 #include <chrono>
 #include <thread>
@@ -40,39 +42,45 @@ using namespace arangodb::consensus;
 
 namespace {
 void handleGossipResponse(arangodb::network::Response const& r,
+                          std::string const& endpoint,
                           arangodb::consensus::Agent* agent, size_t version) {
   using namespace arangodb;
-  std::string newLocation;
-
   if (r.ok()) {
     velocypack::Slice payload = r.slice();
 
     switch (r.statusCode()) {
-      case 200:  // Digest other configuration
+      case 200: {
+        // Digest other configuration
         LOG_TOPIC("4995a", DEBUG, Logger::AGENCY)
             << "Got result of gossip message, code: 200"
             << " body: " << payload.toJson();
         agent->gossip(payload, true, version);
         break;
+      }
 
-      case 307:  // Add new endpoint to gossip peers
+      case 307: {
+        // Add new endpoint to gossip peers
         bool found;
-        newLocation = r.response().header.metaByKey("location", found);
+        std::string newLocation =
+            r.response().header.metaByKey(StaticStrings::Location, found);
 
         if (found) {
-          if (newLocation.compare(0, 5, "https") == 0) {
-            newLocation = newLocation.replace(0, 5, "ssl");
-          } else if (newLocation.compare(0, 4, "http") == 0) {
-            newLocation = newLocation.replace(0, 4, "tcp");
+          if (newLocation.starts_with("https")) {
+            newLocation =
+                newLocation.replace(0, std::string_view("https").size(), "ssl");
+          } else if (newLocation.starts_with("http")) {
+            newLocation =
+                newLocation.replace(0, std::string_view("http").size(), "tcp");
           } else {
             LOG_TOPIC("60be0", FATAL, Logger::AGENCY)
-                << "Invalid URL specified as gossip endpoint";
+                << "Invalid URL specified as gossip endpoint by " << endpoint
+                << ": " << newLocation;
             FATAL_ERROR_EXIT();
           }
 
           LOG_TOPIC("4c822", DEBUG, Logger::AGENCY)
-              << "Got redirect to " << newLocation
-              << ". Adding peer to gossip peers";
+              << "Got redirect to " << newLocation << ". Adding peer "
+              << newLocation << " to gossip peers";
           bool added = agent->addGossipPeer(newLocation);
           if (added) {
             LOG_TOPIC("d41c8", DEBUG, Logger::AGENCY)
@@ -86,18 +94,33 @@ void handleGossipResponse(arangodb::network::Response const& r,
               << "Redirect lacks 'Location' header";
         }
         break;
+      }
+
+      case 503: {
+        // service unavailable
+        LOG_TOPIC("f9c3f", INFO, Logger::AGENCY)
+            << "Gossip endpoint " << endpoint << " is still unavailable";
+        uint32_t sleepTime = 250 + RandomGenerator::interval(uint32_t(250));
+        std::this_thread::sleep_for(std::chrono::milliseconds(sleepTime));
+        break;
+      }
 
-      default:
+      default: {
+        // unexpected error
         LOG_TOPIC("bed89", ERR, Logger::AGENCY)
-            << "Got error " << r.statusCode() << " from gossip endpoint";
-        std::this_thread::sleep_for(std::chrono::seconds(40));
+            << "Got error " << r.statusCode() << " from gossip endpoint "
+            << endpoint;
+        std::this_thread::sleep_for(std::chrono::seconds(30));
         break;
+      }
     }
   }
 
   LOG_TOPIC("e2ef9", DEBUG, Logger::AGENCY)
-      << "Got error from gossip message, status:" << fuerte::to_string(r.error);
+      << "Got error from gossip message to " << endpoint
+      << ", status: " << fuerte::to_string(r.error);
 }
+
 }  // namespace
 
 Inception::Inception(Agent& agent)
@@ -166,7 +189,7 @@ void Inception::gossip() {
         network::sendRequest(cp, p, fuerte::RestVerb::Post, path, buffer,
                              reqOpts)
             .thenValue([=, this](network::Response r) {
-              ::handleGossipResponse(r, &_agent, version);
+              ::handleGossipResponse(r, p, &_agent, version);
             });
       }
     }
@@ -197,7 +220,7 @@ void Inception::gossip() {
         network::sendRequest(cp, pair.second, fuerte::RestVerb::Post, path,
                              buffer, reqOpts)
             .thenValue([=, this](network::Response r) {
-              ::handleGossipResponse(r, &_agent, version);
+              ::handleGossipResponse(r, pair.second, &_agent, version);
             });
       }
     }
@@ -333,7 +356,7 @@ bool Inception::restartingActiveAgent() {
                                            path, greetBuffer, reqOpts)
                           .get();
 
-        if (comres.ok()) {
+        if (comres.combinedResult().ok()) {
           try {
             VPackSlice theirConfig = comres.slice();
 
@@ -479,7 +502,7 @@ void Inception::reportVersionForEp(std::string const& endpoint,
 // @brief Thread main
 void Inception::run() {
   auto server = ServerState::instance();
-  while (server->isMaintenance() && !this->isStopping() &&
+  while (server->isStartupOrMaintenance() && !this->isStopping() &&
          !_agent.isStopping()) {
     std::this_thread::sleep_for(std::chrono::milliseconds(1000));
     LOG_TOPIC("1b613", DEBUG, Logger::AGENCY)
 
@@ -90,12 +90,19 @@ std::string auth::TokenCache::jwtSecret() const {
 // should only lock if required, otherwise we will serialize all
 // requests whether we need to or not
 auth::TokenCache::Entry auth::TokenCache::checkAuthentication(
-    AuthenticationMethod authType, std::string const& secret) {
+    AuthenticationMethod authType, ServerState::Mode mode,
+    std::string const& secret) {
   switch (authType) {
     case AuthenticationMethod::BASIC:
+      if (mode == ServerState::Mode::STARTUP) {
+        // during the startup phase, we have no access to the underlying
+        // database data, so we cannot validate the credentials.
+        return auth::TokenCache::Entry::Unauthenticated();
+      }
       return checkAuthenticationBasic(secret);
 
     case AuthenticationMethod::JWT:
+      // JWTs work fine even during the startup phase
       return checkAuthenticationJWT(secret);
 
     default:
 
@@ -30,11 +30,17 @@
 #include "Basics/Result.h"
 #include "Basics/debugging.h"
 #include "Basics/system-functions.h"
+#include "Cluster/ServerState.h"
 #include "Rest/CommonDefines.h"
 
 #include <velocypack/Builder.h>
 #include <velocypack/Slice.h>
 
+#include <atomic>
+#include <mutex>
+#include <string>
+#include <unordered_map>
+
 namespace arangodb {
 namespace auth {
 class UserManager;
@@ -53,18 +59,20 @@ class TokenCache {
     friend class auth::TokenCache;
 
    public:
-    explicit Entry(std::string const& username, bool a, double t)
-        : _username(username), _expiry(t), _authenticated(a) {}
+    explicit Entry(std::string username, bool a, double t)
+        : _username(std::move(username)), _expiry(t), _authenticated(a) {}
 
     static Entry Unauthenticated() { return Entry("", false, 0); }
     static Entry Superuser() { return Entry("", true, 0); }
 
-    std::string const& username() const { return _username; }
-    bool authenticated() const { return _authenticated; }
-    void authenticated(bool value) { _authenticated = value; }
-    void setExpiry(double expiry) { _expiry = expiry; }
+    std::string const& username() const noexcept { return _username; }
+    bool authenticated() const noexcept { return _authenticated; }
+    void authenticated(bool value) noexcept { _authenticated = value; }
+    void setExpiry(double expiry) noexcept { _expiry = expiry; }
     double expiry() const noexcept { return _expiry; }
-    bool expired() const { return _expiry != 0 && _expiry < TRI_microtime(); }
+    bool expired() const noexcept {
+      return _expiry != 0 && _expiry < TRI_microtime();
+    }
     std::vector<std::string> const& allowedPaths() const {
       return _allowedPaths;
     }
@@ -81,8 +89,9 @@ class TokenCache {
   };
 
  public:
-  TokenCache::Entry checkAuthentication(
-      arangodb::rest::AuthenticationMethod authType, std::string const& secret);
+  TokenCache::Entry checkAuthentication(rest::AuthenticationMethod authType,
+                                        ServerState::Mode mode,
+                                        std::string const& secret);
 
   /// Clear the cache of username / password auth
   void invalidateBasicCache();
 
@@ -342,7 +342,7 @@ void HeartbeatThread::run() {
   // which fails when it is still in maintenance mode
   auto server = ServerState::instance();
   if (!server->isCoordinator(role)) {
-    while (server->isMaintenance()) {
+    while (server->isStartupOrMaintenance()) {
       if (isStopping()) {
         // startup aborted
         return;