Shoehorn provides full control over the application lifecycle in Elixir.

Shoehorn acts as a shim to the initialization sequence for your application's VM. Using Shoehorn, you can ensure that the VM will always pass initialization. This provides the running node the ability of using Elixir / Erlang to control the full application lifecycle through the exposure of new system phases. This level of control is important when the Erlang VM is fully responsible for the entire runtime including its own updates. In these situations, if the VM were to fail to start it would never be able to recover from a bad update. This is especially useful when running Nerves.

Heres how it works.

Include shoehorn into your application release plugins.

# rel/config.exs

release :simple_app do
  set version: current_version(:simple_app)
  plugin Shoehorn
end

And produce a release

$ mix release

Go to the release directory and boot your app using shoehorn

$ _build/dev/rel/simple_app/bin/simple_app console_boot shoehorn

From here we can see that the shoehorn was started, but simple_app was not.

iex(simple_app@127.0.0.1)1> Application.started_applications
[{:iex, 'iex', '1.4.0'}, {:shoehorn, 'shoehorn', '0.1.0'},
 {:elixir, 'elixir', '1.4.0'}, {:compiler, 'ERTS  CXC 138 10', '7.0.3'},
 {:stdlib, 'ERTS  CXC 138 10', '3.2'}, {:kernel, 'ERTS  CXC 138 10', '5.1.1'}]

Booting the shoehorn.boot script with zero application config will being up the Erlang VM and only run the shoehorn app.

Now lets configure shoehorn to do something more interesting by adding some minimal configuration.

# config/config.exs

config :shoehorn,
  app: :my_app,
  init: [:nerves_runtime, :nerves_init_gadget, :nerves_firmware_ssh]

Shoehorn will call Application.ensure_all_started/2 on each app in the init list, followed by the main app. In the example above, the boot sequence would be [:nerves_runtime, :nerves_init_gadget, :my_app]. The init application list should be used to prioritize OTP applications that need to be available to recover from error. In the example above, we initialize the runtime, bring up the network, and ensure we can receive new firmware updates. If my_app were to fail to start, the node would still be in a state where it can receive new firmware over the network.

You can also specify an {m, f, a} in the init list for performing simple initialization time tasks.

# config/config.exs

config :shoehorn,
  app: :my_app,
  init: [{IO, :puts, "Init"}, :nerves_runtime]

The Erlang VM will respond to application failures based off the application start permanence type specified when it was asked to start. There are three permanence types:

:permanent - if app terminates, all other applications and the entire node are also terminated.

:transient - if app terminates with :normal reason, it is reported but no other applications are terminated. If a transient application terminates abnormally, all other applications and the entire node are also terminated.

:temporary - if app terminates, it is reported but no other applications are terminated (the default).

Shoehorn will start all applications as :temporary and monitor application events by registering to the erlang kernel error_logger. Application start and exit events will attempt to execute a callback to the configured Shoehorn.Handler module. By default, the module Shoehorn.Handler.Ignore will be called. This module is configured to continue the Erlang VM if any otp application were to exit for any reason. In production, you may want to customize the action on failure so you can gather forensics or perform updates to the node. You can do this by overriding the handler in the prod env of your application config.

# config/prod.exs

config :shoehorn,
  handler: MyApp.ShoehornHandler

More advanced failure cases can be handled by providing your own module that implements the Shoehorn.Handler behaviour. For example, the erlang :ssh application is prone to exiting when undergoing a brute force attack. Instead of the default production behaviour of forcing the node to restart, we can restart the application.

defmodule Example.RestartHandler do
  use Shoehorn.Handler

  def application_exited(app, _reason, state) do
    IO.puts("Application stopped: #{inspect(app)} #{inspect(state)}")
    Application.ensure_all_started(app)
    {:continue, state}
  end

end

The application_exited/3 callback is limited in the amount of time is has to execute by setting a shutdown timer. If the callback does not return within the defined shutdown time, the node is instructed to halt. The default shutdown time is 30 seconds but this value can be changed in the application config.

# config/config.exs

config :shoehorn,
  shutdown_timer: 50_000 # 50 Seconds

Check out the example application for more info on implementing custom strategies.

Big thanks to Sonny Scroggin for coming up with the name Shoehorn <3