From mboxrd@z Thu Jan 1 00:00:00 1970 X-Msuck: nntp://news.gmane.io/gmane.comp.sysutils.supervision.general/1266 Path: news.gmane.org!not-for-mail From: Alex Efros Newsgroups: gmane.comp.sysutils.supervision.general Subject: Re: apache2 run script Date: Fri, 6 Oct 2006 18:37:19 +0300 Organization: asdfGroup Inc., http://powerman.asdfGroup.com/ Message-ID: <20061006153719.GC7053@home.power> References: <20061001092939.GA1057@heinlein.local> <20061005235825.GB7053@home.power> NNTP-Posting-Host: main.gmane.org Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Trace: sea.gmane.org 1160149065 15252 80.91.229.2 (6 Oct 2006 15:37:45 GMT) X-Complaints-To: usenet@sea.gmane.org NNTP-Posting-Date: Fri, 6 Oct 2006 15:37:45 +0000 (UTC) Original-X-From: supervision-return-1502-gcsg-supervision=m.gmane.org@list.skarnet.org Fri Oct 06 17:37:41 2006 Return-path: Envelope-to: gcsg-supervision@gmane.org Original-Received: from antah.skarnet.org ([212.85.147.14]) by ciao.gmane.org with smtp (Exim 4.43) id 1GVrlF-00039I-3N for gcsg-supervision@gmane.org; Fri, 06 Oct 2006 17:37:17 +0200 Original-Received: (qmail 19083 invoked by uid 76); 6 Oct 2006 15:37:38 -0000 Mailing-List: contact supervision-help@list.skarnet.org; run by ezmlm List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Archive: Original-Received: (qmail 19077 invoked from network); 6 Oct 2006 15:37:38 -0000 Original-To: supervision@list.skarnet.org Mail-Followup-To: supervision@list.skarnet.org Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.11 Xref: news.gmane.org gmane.comp.sysutils.supervision.general:1266 Archived-At: Hi! On Fri, Oct 06, 2006 at 10:30:12AM -0400, Charlie Brady wrote: > >exec env -i PATH=$PATH apache2 -DNO_DETACH -k start -DSSL > > As a matter of interest, why do you do "env -i PATH=$PATH"? One of the > things that runit gives you is a guaranteed consistent environment, > inherited from runsvdir. > > Do you have "env -i ..." in all your run scripts? :-) Because I've shown here only part of my real 'exec' line to not overcomplicate example. My ./run really is: ---cut--- #!/bin/sh exec &>/var/log/all/.log [[ -e .wait4dep ]] && exit exec env -i PATH=$PATH LD_PRELOAD=libREV.so \ apache2 -DNO_DETACH -k start -DDOC -DSSL -DFASTCGI # -DPHP4 ---cut--- 1) /var/log/all/.log is cumulative log (FIFO) designed to be only log file always opened for reading (tail -F) by admin and to be really readable: usually there few lines with important information added in few hours. It contains: a) All 'unusual' output from all services: runsvdir's STDOUT/STDERR for example. Here you see apache's STDOUT/STDERR redirected there because in normal execution flow apache will not output anything into STDOUT/STDERR, it will use own logs instead. b) All lines from all service's logs except filtered by admin non-interested lines. I'm using 'e' and 'E' in ./config files of svlogd to select these lines and my ./log/run usually looks this way: #!/bin/sh exec &>/var/log/all/.log exec svlogd -tt /var/log/acpid/*/ Also I've notification service which is also reading this one log file and do some actions: modify firewall, notify me, etc. It's based on idea from http://smarden.org/socklog/notify.html . 2) .wait4dep is my home-made service dependency system. It's fairly simple (realization is 519 bytes of bash script) and designed mostly to make system startup faster by avoiding starting all services at once (not to provide 'reliable dependencies', because this is impossible). 3) libREV.so is our trick for web development. This library able to intercept all syscalls for opening files and redirect them to different files if needed. Looks like rootkit. ;-) This is for working with different 'revisions' of same CGI/html file at same time. So... because of LD_PRELOAD and libREV's nature I prefer to not export LD_PRELOAD to processes which doesn't need it. Most safe way - provide this variable only for apache2 process using `env` or `envdir` or `chpst -e`. P.S. No, I don't have `env` in all my ./run scripts. ;-) I've it only in apache's ./run script. -- WBR, Alex.