Re: pidsig 0.11 - a fghack like de-daemonisation tool

supervision - discussion about system services, daemon supervision, init, runlevel management, and tools such as s6 and runit
 help / color / mirror / Atom feed

From: Wayne Marshall <wcm@guinix.com>
To: Laurent Bercot <ska-supervision@skarnet.org>,
	supervision@list.skarnet.org
Subject: Re: pidsig 0.11 - a fghack like de-daemonisation tool
Date: Fri, 4 Jun 2010 16:26:24 +0000	[thread overview]
Message-ID: <20100604162624.5a24e83c@slate.copperisle.com> (raw)
In-Reply-To: <20100603192530.GA19916@skarnet.org>

On Thu, 3 Jun 2010 21:25:30 +0200
Laurent Bercot <ska-supervision@skarnet.org> wrote:

> > These kinds of problems are not that theoretical - just
> > recently I saw svscan/svscanboot crashing on a >1y uptime
> > box, taking many of the processes with it, including most of
> > the supervise infrastructure, very likely not due to any
> > fault in them - could be oom gone wild, cosmic rays hitting
> > svscan memory, whatever).
> 
>  That's a typical case of "weak" supervision, as opposed to a
> "strong" supervision chain. "Strong" supervision makes sure
> that all the infrastructure is connected to init.
> 
>  * svscan achieves strong supervision *if* svscanboot is
> flagged as "respawn" in /etc/inittab on System V-style inits,
> in /etc/event.d/ with Upstart, or in /etc/gettys on BSD. It
> does *not* achieve it if svscanboot is started via some
> rc.local script (as the stock daemontools instructions tell
> you to do, shame on DJB! :))
>  * perp is in the same boat, depending on how you start
> perpboot.
> ...
> Strong supervision makes sure that your supervisor process
> tree is *always* alive and complete, unless process 1 itself
> crashes, in which case you're doomed to reboot anyway.
>

FWIW, the perp-setup(8)/perpboot(8) utilities do indeed enable
such "strong supervision" in the default configurations on both
BSD and Linux systems.  Let me know if any question.

> > Another question would be if there are more ways to reliably
> > connect to any given process detecting it being gone - but
> > all the current daemons that I run can be handled now :)
> 
>  Unfortunately, no; not without support from the process you
> want to monitor. There are only two ways of being notified of
> a process' death:
>  - getting a SIGCHLD if you're the process' parent. That's
> what a supervisor uses (supervise, runsv, perpetrate,
> s4-supervise all work on this model).
>  - getting an EOF on a pipe or socket you're listening to,
> when the monitored process is the only writer on the other
> side. That's what fghack uses (and pidsig too, I presume).
>

Also FWIW, the minit/ninit suites offer a "pidfilehack"
utility that enables the supervisor to watch for SIGCHLD from
non-progeny processes.  It is clever and effective, but only
works as intended if running minit/ninit as process 1.  (The
trick is based on the fact that process 1 inherits processes
without parents.)

Cheers,

Wayne

next prev parent reply	other threads:[~2010-06-04 16:26 UTC|newest]

Thread overview: 10+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2010-06-02  6:08 Janos Farkas
2010-06-02 18:46 ` Laurent Bercot
2010-06-03 16:53   ` Janos Farkas
2010-06-03 19:25     ` Laurent Bercot
2010-06-04 16:26       ` Wayne Marshall [this message]
2010-06-04 16:54         ` Charlie Brady
2010-06-04 17:17           ` Wayne Marshall
2010-06-04 17:21             ` Charlie Brady
2010-06-04 20:00               ` Wayne Marshall
2010-06-04 18:43           ` Laurent Bercot

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20100604162624.5a24e83c@slate.copperisle.com \
    --to=wcm@guinix.com \
    --cc=ska-supervision@skarnet.org \
    --cc=supervision@list.skarnet.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).