From: Alex Efros <powerman@powerman.asdfGroup.com>
Subject: Re: apache2 run script
Date: Fri, 6 Oct 2006 18:37:19 +0300 [thread overview]
Message-ID: <20061006153719.GC7053@home.power> (raw)
In-Reply-To: <Pine.LNX.4.64.0610061028330.14026@e-smith.charlieb.ott.istop.com>
Hi!
On Fri, Oct 06, 2006 at 10:30:12AM -0400, Charlie Brady wrote:
> >exec env -i PATH=$PATH apache2 -DNO_DETACH -k start -DSSL
>
> As a matter of interest, why do you do "env -i PATH=$PATH"? One of the
> things that runit gives you is a guaranteed consistent environment,
> inherited from runsvdir.
>
> Do you have "env -i ..." in all your run scripts?
:-) Because I've shown here only part of my real 'exec' line to not
overcomplicate example. My ./run really is:
---cut---
#!/bin/sh
exec &>/var/log/all/.log
[[ -e .wait4dep ]] && exit
exec env -i PATH=$PATH LD_PRELOAD=libREV.so \
apache2 -DNO_DETACH -k start -DDOC -DSSL -DFASTCGI # -DPHP4
---cut---
1) /var/log/all/.log is cumulative log (FIFO) designed to be only log file
always opened for reading (tail -F) by admin and to be really readable:
usually there few lines with important information added in few hours.
It contains:
a) All 'unusual' output from all services: runsvdir's STDOUT/STDERR
for example. Here you see apache's STDOUT/STDERR redirected there
because in normal execution flow apache will not output anything
into STDOUT/STDERR, it will use own logs instead.
b) All lines from all service's logs except filtered by admin
non-interested lines. I'm using 'e' and 'E' in ./config files of
svlogd to select these lines and my ./log/run usually looks this way:
#!/bin/sh
exec &>/var/log/all/.log
exec svlogd -tt /var/log/acpid/*/
Also I've notification service which is also reading this one log file
and do some actions: modify firewall, notify me, etc. It's based on idea
from http://smarden.org/socklog/notify.html .
2) .wait4dep is my home-made service dependency system. It's fairly simple
(realization is 519 bytes of bash script) and designed mostly to make
system startup faster by avoiding starting all services at once (not to
provide 'reliable dependencies', because this is impossible).
3) libREV.so is our trick for web development. This library able to
intercept all syscalls for opening files and redirect them to different
files if needed. Looks like rootkit. ;-) This is for working with
different 'revisions' of same CGI/html file at same time.
So... because of LD_PRELOAD and libREV's nature I prefer to not export
LD_PRELOAD to processes which doesn't need it. Most safe way - provide
this variable only for apache2 process using `env` or `envdir` or `chpst -e`.
P.S. No, I don't have `env` in all my ./run scripts. ;-) I've it only in
apache's ./run script.
--
WBR, Alex.
next prev parent reply other threads:[~2006-10-06 15:37 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-10-01 9:29 Mark
2006-10-05 23:58 ` Alex Efros
2006-10-06 6:12 ` Vincent Danen
2006-10-06 14:27 ` Charlie Brady
2006-10-06 14:30 ` Charlie Brady
2006-10-06 15:37 ` Alex Efros [this message]
2006-10-06 15:46 ` Charlie Brady
2006-10-06 15:57 ` Alex Efros
2006-10-06 16:01 ` Paul Jarc
2006-10-06 16:21 ` Alex Efros
2006-10-07 0:15 ` Charlie Brady
2006-10-07 0:23 ` Alex Efros
2006-10-07 18:44 ` Paul Jarc
2006-10-05 23:59 ` Charlie Brady
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20061006153719.GC7053@home.power \
--to=powerman@powerman.asdfgroup.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).