18 KiB
18 KiB
provctl Architecture
Overview
provctl is designed as a comprehensive machine orchestration platform with two integrated subsystems:
- Service Control: Local service management across multiple platforms (systemd, launchd, PID files)
- Machine Orchestration: Remote SSH-based deployments with resilience, security, and observability
The architecture emphasizes:
- Platform Abstraction: Single interface, multiple backends (service control + SSH)
- Configuration-Driven: Zero hardcoded strings (100% TOML)
- Testability: Trait-based mocking for all components
- Production-Ready: Enterprise-grade error handling, security, logging, metrics
- Resilience: Automatic failure recovery, smart retries, health monitoring
- Security: Host key verification, encryption, audit trails
- Observability: Comprehensive metrics, audit logging, health checks
Core Components
1. provctl-core
Purpose: Domain types and error handling
Key Types:
ServiceName- Validated service identifierServiceDefinition- Service configuration (binary, args, env vars)ProcessStatus- Service state (Running, NotRunning, Exited, Terminated)ProvctlError- Structured error type with context
Error Handling Pattern:
pub struct ProvctlError {
kind: ProvctlErrorKind, // Specific error type
context: String, // What was happening
source: Option<Box<dyn Error + Send + Sync>>, // Upstream error
}
This follows the M-ERRORS-CANONICAL-STRUCTS guideline.
Dependencies: None (pure domain logic)
2. provctl-config
Purpose: Configuration loading and defaults
Modules:
loader.rs- TOML file discovery and parsingmessages.rs- User-facing strings (all from TOML)defaults.rs- Operational defaults with placeholders
Key Features:
ConfigLoader- Loads messages.toml and defaults.toml- Path expansion:
{service_name},{home},{tmp} - Zero hardcoded strings (all in TOML files)
Configuration Files:
configs/
├── messages.toml # Start/stop/status messages
└── defaults.toml # Timeouts, paths, retry logic
Pattern: Provider interface via ConfigLoader::new(dir) → loads TOML → validates → returns structs
3. provctl-backend
Purpose: Service management abstraction
Architecture:
┌───────────────────────────┐
│ Backend Trait │ (Async operations)
├───────────────────────────┤
│ start() - Start service │
│ stop() - Stop service │
│ restart() - Restart │
│ status() - Get status │
│ logs() - Get service logs │
└───────────────────────────┘
▲ ▲ ▲
│ │ │
┌────┘ │ └─────┐
│ │ │
SystemdBackend LaunchdBackend PidfileBackend
(Linux) (macOS) (Universal)
Implementation Details:
systemd Backend (Linux)
- Uses
systemctlfor lifecycle management - Queries
journalctlfor logs - Generates unit files (future enhancement)
// Typical flow:
// 1. systemctl start service-name
// 2. systemctl show -p MainPID= service-name
// 3. systemctl is-active service-name
launchd Backend (macOS)
- Generates plist files automatically
- Uses
launchctl load/unload - Handles stdout/stderr redirection
// Plist structure:
// <dict>
// <key>Label</key><string>com.local.service-name</string>
// <key>ProgramArguments</key><array>...
// <key>StandardOutPath</key><string>.../stdout.log</string>
// <key>StandardErrorPath</key><string>.../stderr.log</string>
// </dict>
PID File Backend (Universal)
- Writes service PID to file:
/tmp/{service-name}.pid - Uses
kill -0 PIDto check existence - Uses
kill -15 PID(SIGTERM) to stop - Falls back to
kill -9if needed
// Process lifecycle:
// 1. spawn(binary, args) → child PID
// 2. write_pid_file(PID)
// 3. kill(PID, SIGTERM) to stop
// 4. remove_pid_file() on cleanup
Backend Selection (Auto-Detected):
// Pseudo-logic in CLI:
if cfg!(target_os = "linux") && systemctl_available() {
use SystemdBackend
} else if cfg!(target_os = "macos") {
use LaunchdBackend
} else {
use PidfileBackend // Fallback
}
4. provctl-cli
Purpose: Command-line interface
Architecture:
clap Parser
↓
Cli { command: Commands }
↓
Commands::Start { service, binary, args }
Commands::Stop { service }
Commands::Restart { service }
Commands::Status { service }
Commands::Logs { service, lines }
↓
Backend::start/stop/restart/status/logs
↓
Output (stdout/stderr)
Key Features:
- kubectl-style commands
- Async/await throughout
- Structured logging via
env_logger - Error formatting with colors/emojis
Data Flow
Start Operation
CLI Input: provctl start my-service
↓
Cli Parser: Extract args
↓
Backend::start(&ServiceDefinition)
↓
If Linux+systemd:
→ systemctl start my-service
→ systemctl show -p MainPID= my-service
→ Return PID
If macOS:
→ Generate plist file
→ launchctl load plist
→ Return PID
If Fallback:
→ spawn(binary, args)
→ write_pid_file(PID)
→ Return PID
↓
Output: "✅ Started my-service (PID: 1234)"
Stop Operation
CLI Input: provctl stop my-service
↓
Backend::stop(service_name)
↓
If Linux+systemd:
→ systemctl stop my-service
If macOS:
→ launchctl unload plist_path
→ remove plist file
If Fallback:
→ read_pid_file()
→ kill(PID, SIGTERM)
→ remove_pid_file()
↓
Output: "✅ Stopped my-service"
Configuration System
100% Configuration-Driven
messages.toml (All UI strings):
[service_start]
starting = "Starting {service_name}..."
started = "✅ Started {service_name} (PID: {pid})"
failed = "❌ Failed to start {service_name}: {error}"
defaults.toml (All operational parameters):
spawn_timeout_secs = 30 # Process startup timeout
health_check_timeout_secs = 5 # Health check max duration
pid_file_path = "/tmp/{service_name}.pid" # PID file location
log_file_path = "{home}/.local/share/provctl/logs/{service_name}.log"
Why Configuration-Driven?: ✅ No recompilation for message/timeout changes ✅ Easy localization (different languages) ✅ Environment-specific settings ✅ All values documented in TOML comments
Error Handling Model
Pattern: Result<T, ProvctlError>
pub type ProvctlResult<T> = Result<T, ProvctlError>;
// Every fallible operation returns ProvctlResult
async fn start(&self, service: &ServiceDefinition) -> ProvctlResult<u32>
Error Propagation:
// Using ? operator for clean error flow
let pid = backend.start(&service)?; // Propagates on error
let status = backend.status(name)?;
backend.stop(name)?;
Error Context:
// Structured error with context
ProvctlError {
kind: ProvctlErrorKind::SpawnError {
service: "api".to_string(),
reason: "binary not found: /usr/bin/api"
},
context: "Starting service with systemd",
source: Some(io::Error(...))
}
Testing Strategy
Unit Tests
- Error type tests
- Configuration parsing tests
- Backend logic tests (with mocks)
Mock Backend
pub struct MockBackend {
pub running_services: Arc<Mutex<HashMap<String, u32>>>,
}
impl Backend for MockBackend {
// Simulated in-memory service management
// No I/O, no subprocess execution
// Perfect for unit tests
}
Integration Tests (Future)
- Real system tests (only on appropriate platforms)
- End-to-end workflows
Key Design Patterns
1. Trait-Based Backend
Benefit: Easy to add new backends or testing
#[async_trait]
pub trait Backend: Send + Sync {
async fn start(&self, service: &ServiceDefinition) -> ProvctlResult<u32>;
async fn stop(&self, service_name: &str) -> ProvctlResult<()>;
// ...
}
2. Builder Pattern (ServiceDefinition)
let service = ServiceDefinition::new(name, binary)
.with_arg("--port")
.with_arg("3000")
.with_env("DEBUG", "1")
.with_working_dir("/opt/api");
3. Configuration Injection
// Load from TOML
let loader = ConfigLoader::new(config_dir)?;
let messages = loader.load_messages()?;
let defaults = loader.load_defaults()?;
// Use in CLI
println!("{}", messages.format(
messages.service_start.started,
&[("service_name", "api"), ("pid", "1234")]
));
4. Async/Await Throughout
All I/O operations are async:
async fn start(...) -> ProvctlResult<u32>
async fn stop(...) -> ProvctlResult<()>
async fn status(...) -> ProvctlResult<ProcessStatus>
async fn logs(...) -> ProvctlResult<Vec<String>>
This allows efficient concurrent operations.
Performance Considerations
Process Spawning
- Async spawning with tokio
- Minimal blocking operations
- Efficient I/O handling
Memory
- Stack-based errors (no heap allocation for common cases)
- No unnecessary cloning
- Connection pooling (future: for remote orchestrator)
Latency
- Direct system calls (no unnecessary wrappers)
- Efficient log file reading
- Batch operations where possible
Future Extensions
Kubernetes Backend
pub struct KubernetesBackend {
client: k8s_client,
}
impl Backend for KubernetesBackend {
// kubectl equivalent operations
}
Docker Backend
pub struct DockerBackend {
client: docker_client,
}
Provisioning Integration
pub struct ProvisioningBackend {
http_client: reqwest::Client,
orchestrator_url: String,
}
// HTTP calls to provisioning orchestrator
Dependency Graph
provctl-cli
├── provctl-core
├── provctl-config
├── provctl-backend
│ └── provctl-core
├── clap (CLI parsing)
├── tokio (async runtime)
├── log (logging)
├── env_logger (log output)
└── anyhow (error handling)
provctl-backend
├── provctl-core
├── tokio
├── log
└── async-trait
provctl-config
├── provctl-core
├── serde
├── toml
└── log
provctl-core
└── (no dependencies - pure domain logic)
Machine Orchestration Architecture
Overview
The machine orchestration subsystem enables remote SSH-based deployments with enterprise-grade resilience and observability.
Core Modules (provctl-machines)
1. ssh_async.rs - Real SSH Integration
- AsyncSshSession for real SSH command execution
- 3 authentication methods: Agent, PrivateKey, Password
- Operations: execute_command, deploy, restart_service, get_logs, get_status
- Async/await with tokio runtime
2. ssh_pool.rs - Connection Pooling (90% faster)
- SshConnectionPool with per-host connection reuse
- Configurable min/max connections, idle timeouts
- Statistics tracking (reuse_count, timeout_count, etc.)
- Non-blocking connection management
3. ssh_retry.rs - Resilience & Retry Logic
- TimeoutPolicy: granular timeouts (connect, auth, command, total)
- BackoffStrategy: Exponential, Linear, Fibonacci, Fixed
- RetryPolicy: configurable attempts, error classification
- CircuitBreaker: fault isolation for failing hosts
4. ssh_host_key.rs - Security & Verification
- HostKeyVerification: SSH known_hosts integration
- HostKeyFingerprint: SHA256/SHA1 support
- Man-in-the-middle prevention
- Fingerprint validation and auto-add
5. health_check.rs - Monitoring & Health
- HealthCheckStrategy: Command, HTTP, TCP, Custom
- HealthCheckMonitor: status transitions, recovery tracking
- Configurable failure/success thresholds
- Duration tracking for unhealthy periods
6. metrics.rs - Observability & Audit
- MetricsCollector: async-safe operation tracking
- AuditLogEntry: complete operation history
- MetricPoint: categorized metrics by operation type
- Success/failure rates and performance analytics
Deployment Strategies
Rolling Deployment
- Gradual rollout: configurable % per batch
- Good for: Gradual rollout with quick feedback
- Risk: Medium (some machines unavailable)
Blue-Green Deployment
- Zero-downtime: inactive set, swap on success
- Good for: Zero-downtime requirements
- Risk: Low (instant rollback)
Canary Deployment
- Safe testing: deploy to small % first
- Good for: Risk-averse deployments
- Risk: Very low (limited blast radius)
Architecture Diagram
┌─────────────────────────────────────────────────────────────┐
│ REST API (provctl-api) │
│ ┌────────────────────────────────────────┐ │
│ │ /api/machines, /api/deploy, etc. │ │
│ └────────────────────────────────────────┘ │
└─────────────────────────────────────────────────────────────┘
▲
│
┌─────────────────────────────────────────────────────────────┐
│ Machine Orchestration Library (provctl-machines) │
│ ┌────────────────────────────────────────────────────────┐ │
│ │ Orchestration Engine │ │
│ │ ├─ DeploymentStrategy (Rolling, Blue-Green, Canary) │ │
│ │ ├─ BatchExecutor (parallel operations) │ │
│ │ └─ RollbackStrategy (automatic recovery) │ │
│ └────────────────────────────────────────────────────────┘ │
│ ┌────────────────────────────────────────────────────────┐ │
│ │ SSH & Connection Management │ │
│ │ ├─ AsyncSshSession (real async SSH) │ │
│ │ ├─ SshConnectionPool (per-host reuse) │ │
│ │ ├─ RetryPolicy (smart retries + backoff) │ │
│ │ ├─ HostKeyVerification (SSH known_hosts) │ │
│ │ ├─ TimeoutPolicy (granular timeouts) │ │
│ │ └─ CircuitBreaker (fault isolation) │ │
│ └────────────────────────────────────────────────────────┘ │
│ ┌────────────────────────────────────────────────────────┐ │
│ │ Observability & Monitoring │ │
│ │ ├─ HealthCheckMonitor (Command/HTTP/TCP checks) │ │
│ │ ├─ MetricsCollector (async-safe collection) │ │
│ │ ├─ AuditLogEntry (complete operation history) │ │
│ │ └─ PoolStats (connection pool monitoring) │ │
│ └────────────────────────────────────────────────────────┘ │
│ ┌────────────────────────────────────────────────────────┐ │
│ │ Configuration & Discovery │ │
│ │ ├─ MachineConfig (TOML-based machine definitions) │ │
│ │ ├─ CloudProvider Discovery (AWS, DO, etc.) │ │
│ │ ├─ ProfileSet (machine grouping by environment) │ │
│ │ └─ BatchOperation (machine selection & filtering) │ │
│ └────────────────────────────────────────────────────────┘ │
└─────────────────────────────────────────────────────────────┘
│
┌─────────────────┴─────────────────┐
▼ ▼
┌────────────┐ ┌──────────────┐
│SSH Machines│ │Health Checks │
│ (multiple)│ │ (parallel) │
└────────────┘ └──────────────┘
Integration Points
- REST API: Full orchestration endpoints
- Dashboard: Leptos CSR UI for visual management
- CLI: Application-specific command wrappers
- Cloud Discovery: AWS, DigitalOcean, UpCloud, Linode, Hetzner, Vultr
Performance Characteristics
- Connection Pooling: 90% reduction in SSH overhead
- Metric Collection: <1% CPU overhead, non-blocking
- Health Checks: Parallel execution, no sequential delays
- Retry Logic: Exponential backoff prevents cascading failures
Conclusion
provctl's architecture is designed for:
- Extensibility: Easy to add new backends and features
- Reliability: Comprehensive error handling and resilience
- Maintainability: Clear separation of concerns
- Testability: Trait-based mocking and comprehensive test coverage
- Production: Enterprise-grade security, observability, performance
The configuration-driven approach ensures operators can customize behavior without rebuilding, while the async/trait architecture enables provctl to efficiently support both local service control and remote machine orchestration at scale.