Uniter can hang while trying to restart

Just changing the code to not block during TearDown causes problems in the test suite because it loses the synchronous nature. We use a hand-crafted mock/stub, and issue a request and then a Kill, and that request should trigger 2 calls. But since our Kill() *should* kill things in flight, it wasn't a great test to begin with.

There were 2 ways that the test TestOnLeaderFailure can fail

1) We get to the BlockUntilLeadership call, and then we start shutting down. That would cause BlockUntilLeadershipReleased to return ErrBlockCancelled (because the leadershipClaimer isn't running over the API and would notice that tomb.Dying() is returning)

With my patch, we no longer block on the send to claimLease. Which means we eventually close the claimLease channel as the goroutine exits.

In this case, you see 3 calls, Claim + Block + Claim.

The main loop then sees the closed claimLease channel *before* it sees tomb.Dying() itself. Which had an unconditional "if claimLease returns, and it isn't leadership.ErrBlockCancelled (and a closed channel returns nil error), then it would try to make another claim". That can be fixed by noticing the channel was closed and treating that as block cancelled.

2) The other way it could fail is that the main loop *does* notice tomb.Dying while the setMinion goroutine is running. The goroutine does eventually call BlockUntilLeadershipCancelled, but the main loop has already exited and since it doesn't wait for the Cancelled to return/close the channel, the test moves forward and doesn't see the request.

In this case you see 1 call, just to Claim.

https://github.com/juju/juju/pull/10622

So that patch has landed, I'm still putting together a proper Wrench setup to test it. It seems to shut down correctly now, but doesn't get restarted as we would expect.

I'll attach a goroutine report and an engine report.

Having done the wrench work, it appears that LeadershipTracker is stopping, but in such a way that it doesn't get restarted, and the Uniter depends on the LeadershipTracker to be running.

To deal with lifetimes of CAAS objects, commit 36b4353d50430c8ca31b7a66d8a853e6db5cc5cc introduced killing the Leadership Tracker if the Uniter dies. However, it does so with a Worker.Kill() which kills the worker with no error, which the DependencyEngine then treats as "don't restart because I'm done". But the Uniter has a dependency on it, so the Uniter is unable to be restarted.

We should decouple restarting the workers.

If we just removed the catacomb.Init here:
https://github.com/juju/juju/blob/4530b4ddf5be45df371438fb7f20ef12b80a7d67/worker/uniter/uniter.go#L207

Then it would regress this PR:
https://github.com/juju/juju/pull/10087

Where unit '3' of a CAAS application might go away, but wouldn't stop the Leadership Tracker, which meant unit 4 couldn't become a leader. This doesn't happen in IAAS because we run a separate agent, and that agent dies when the unit is removed (vs in CAAS where we run all unit agents as a dependency from the application).

https://github.com/juju/juju/pull/10637

should fix this properly for IAAS models, at least.