Aspnetcore: Don't swallow IHostedService.StartAsync exceptions

Created on 31 Jul 2017  路  20Comments  路  Source: dotnet/aspnetcore

As discussed briefly in https://github.com/aspnet/Hosting/issues/1085#issuecomment-305717425 I propose that the HostedServiceExecutor should not catch exceptions in StartAsync.

By swallowing exceptions, the hosting-layer forces all services to be optional which is undesired IMO. By not swallowing exceptions we give services the option to decide this on its own. If a service is truly optional, it can swallow exceptions in its own StartAsync code.

I also think that StartAsync-exceptions should not be combined into an AggregateException. Instead it should just stop on the first exception.

One thing to consider is that right now this code is executed AFTER the server has been started. Not sure what effects this has when exceptions are no longer caught?!

I still hold the opinion that hosted services should be started before the server is started (a service could always decide to kick off another task in its StartAsync if it wants to be delayed) but this has also been discussed briefly in #1085 and declined.

area-hosting breaking-change help wanted
Source
picture cwe1ss
👍1

Most helpful comment

I'll take this one for 3.0

picture davidfowl on 9 Jan 2019
👍3

All 20 comments

@cwe1ss Would you like to send a PR? If so, we should discuss the approach here. cc @Tratcher

muratg picture muratg on 8 Aug 2017

This would be a breaking change in 2.x. Our new feature, GenericHost does this already. We expect that WebHost implementation would be build on top of GenericHost by 3.0.0.

muratg picture muratg on 7 Nov 2017
👍1

@muratg could you please elaborate more on how is this a breaking change ?

sirajmansour picture sirajmansour on 27 Apr 2018

@sirajmansour If we take this in, some application that were functional before could stop being so due to a new exception raised.

muratg picture muratg on 27 Apr 2018

Hmm, i thought this kind of change could be accepted since 2.1 is in preview, fair enough.

sirajmansour picture sirajmansour on 30 Apr 2018

Maybe allow to configure options for HostedServiceExecutor to allow to propagate exceptions, which would override the current behaviour that would remain as default ? That would be non-breaking and not so complex.

sirajmansour picture sirajmansour on 30 Apr 2018

@sirajmansour We do not make breaking changes in minor releases (with some very rare exceptions).

We are not planning to add more features (such as configuration for this) to 2.1. I think in 3.0.0 we'll likely make this default though.

Do you have a really compelling scenario that you'd like to enable with this? Perhaps it can be achieved in some other way?

muratg picture muratg on 30 Apr 2018
👍1

Not really, it just seemed odd that it is swallowed. 3.0 it then 馃憤

sirajmansour picture sirajmansour on 30 Apr 2018
👍1

In my case I use an hosted service for doing some initialization of the application (like loading some resources from other services), so actually the fact that an exception allows the application to keep going is not ok. Could you confirm there's nothing planned before 3.0? Thanks

matteocontrini picture matteocontrini on 1 Nov 2018

Correct.

Tratcher picture Tratcher on 1 Nov 2018

This is unfortunate to see. As a work around to this i'm going to do something like

```c#
public abstract class CriticalService : IHostedService
{
protected IServiceProvider Provider { get; }

protected CriticalProcess(IServiceProvider provider)
{
    Provider = provider;
}
public virtual LogDescription FatalEvent => LogDescription.FailedToStartWorker;
public virtual string FatalMessage => $"failed to construct {GetType()}";

public async Task StartAsync(CancellationToken cancellationToken)
{
    try
    {
       await StartAsync(cancellationToken, FatalEvent);
    }
    catch (Exception e)
    {
        FatalExit(e);
        throw;
    }
}

public abstract Task StartAsync(CancellationToken cancellationToken, LogDescription? @event);

public abstract Task StopAsync(CancellationToken cancellationToken);

protected void FatalExit(Exception ex)
{
    //TODO SMTP out a message or something
    Console.WriteLine($"Fatal, {FatalMessage}");
    Console.WriteLine(ex);

    int exitCode = (int)FatalEvent;

    Console.WriteLine($"Process exiting {-exitCode}, {FatalEvent}");

    Environment.ExitCode = -exitCode;
    //Environment.Exit(-exitCode);
    ((IApplicationLifetime) Provider.GetService(typeof(IApplicationLifetime)))
                                    .StopApplication();         
}

}

```

dotnetchris picture dotnetchris on 1 Nov 2018
👍1

Wouldn't it be better to request shutdown with IApplicationLifetime.StopApplication?

smbecker picture smbecker on 2 Nov 2018

@smbecker that would probably be more friendly, and maybe allow more time to collection additional error information (assuming if config is wrong to cause a critical failure, there's probably more config missing/wrong for other places too)

And i can still set the ExitCode to be negative

dotnetchris picture dotnetchris on 2 Nov 2018

@davidfowl would you be OK getting a breaking change here in 3.0?

Folks, we may accept PRs for this. If you're interested please let me know!

muratg picture muratg on 9 Jan 2019

I'll take this one for 3.0

davidfowl picture davidfowl on 9 Jan 2019
👍3

Thank you very much, David!

cwe1ss picture cwe1ss on 10 Jan 2019

Workaround for the 2.x version

    public static class ServiceCollectionUtils
    {
        public static void AddCriticalHostedService<TService, TImplementation>(this IServiceCollection services)
            where TService : class
            where TImplementation : class, IHostedService, TService
        {
            services.AddSingleton<TService, TImplementation>();
            services.AddHostedService<CriticalHostedServiceWrapper<TService>>();
        }

        private class CriticalHostedServiceWrapper<TService> : IHostedService
        {
            private readonly IHostedService _hostedService;
            private readonly ILogger _logger;

            public CriticalHostedServiceWrapper(TService hostedService, ILoggerFactory loggerFactory)
            {
                _hostedService = (IHostedService)hostedService;
                _logger = loggerFactory.CreateLogger(_hostedService.GetType());
            }

            public async Task StartAsync(CancellationToken cancellationToken)
            {
                try
                {
                    await _hostedService.StartAsync(cancellationToken);
                }
                catch (Exception e)
                {
                    _logger.LogCritical(e, "Cannot start critical service. The application will exit.");
                    Environment.Exit(1);
                }
            }

            public Task StopAsync(CancellationToken cancellationToken)
            {
                return _hostedService.StopAsync(cancellationToken);
            }
        }
    }
srollinet picture srollinet on 18 Sep 2019

Looks like behavior still the same in 3.0.

AsValeO picture AsValeO on 26 Sep 2019

Update to use the generic host?

davidfowl picture davidfowl on 26 Sep 2019
👍1

It works with generic host. Damn, I'm so far behind..

AsValeO picture AsValeO on 26 Sep 2019
Was this page helpful?
0 / 5 - 0 ratings

Related issues

aurokk picture aurokk  路  3Comments
BrennanConroy picture BrennanConroy  路  3Comments
rbanks54 picture rbanks54  路  3Comments
mj1856 picture mj1856  路  3Comments
bgribaudo picture bgribaudo  路  3Comments