From: Wayne Marshall <wcm@guinix.com>
To: Laurent Bercot <ska-supervision@skarnet.org>,
supervision@list.skarnet.org
Subject: Re: pidsig 0.11 - a fghack like de-daemonisation tool
Date: Fri, 4 Jun 2010 16:26:24 +0000 [thread overview]
Message-ID: <20100604162624.5a24e83c@slate.copperisle.com> (raw)
In-Reply-To: <20100603192530.GA19916@skarnet.org>
On Thu, 3 Jun 2010 21:25:30 +0200
Laurent Bercot <ska-supervision@skarnet.org> wrote:
> > These kinds of problems are not that theoretical - just
> > recently I saw svscan/svscanboot crashing on a >1y uptime
> > box, taking many of the processes with it, including most of
> > the supervise infrastructure, very likely not due to any
> > fault in them - could be oom gone wild, cosmic rays hitting
> > svscan memory, whatever).
>
> That's a typical case of "weak" supervision, as opposed to a
> "strong" supervision chain. "Strong" supervision makes sure
> that all the infrastructure is connected to init.
>
> * svscan achieves strong supervision *if* svscanboot is
> flagged as "respawn" in /etc/inittab on System V-style inits,
> in /etc/event.d/ with Upstart, or in /etc/gettys on BSD. It
> does *not* achieve it if svscanboot is started via some
> rc.local script (as the stock daemontools instructions tell
> you to do, shame on DJB! :))
> * perp is in the same boat, depending on how you start
> perpboot.
> ...
> Strong supervision makes sure that your supervisor process
> tree is *always* alive and complete, unless process 1 itself
> crashes, in which case you're doomed to reboot anyway.
>
FWIW, the perp-setup(8)/perpboot(8) utilities do indeed enable
such "strong supervision" in the default configurations on both
BSD and Linux systems. Let me know if any question.
> > Another question would be if there are more ways to reliably
> > connect to any given process detecting it being gone - but
> > all the current daemons that I run can be handled now :)
>
> Unfortunately, no; not without support from the process you
> want to monitor. There are only two ways of being notified of
> a process' death:
> - getting a SIGCHLD if you're the process' parent. That's
> what a supervisor uses (supervise, runsv, perpetrate,
> s4-supervise all work on this model).
> - getting an EOF on a pipe or socket you're listening to,
> when the monitored process is the only writer on the other
> side. That's what fghack uses (and pidsig too, I presume).
>
Also FWIW, the minit/ninit suites offer a "pidfilehack"
utility that enables the supervisor to watch for SIGCHLD from
non-progeny processes. It is clever and effective, but only
works as intended if running minit/ninit as process 1. (The
trick is based on the fact that process 1 inherits processes
without parents.)
Cheers,
Wayne
next prev parent reply other threads:[~2010-06-04 16:26 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-06-02 6:08 Janos Farkas
2010-06-02 18:46 ` Laurent Bercot
2010-06-03 16:53 ` Janos Farkas
2010-06-03 19:25 ` Laurent Bercot
2010-06-04 16:26 ` Wayne Marshall [this message]
2010-06-04 16:54 ` Charlie Brady
2010-06-04 17:17 ` Wayne Marshall
2010-06-04 17:21 ` Charlie Brady
2010-06-04 20:00 ` Wayne Marshall
2010-06-04 18:43 ` Laurent Bercot
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20100604162624.5a24e83c@slate.copperisle.com \
--to=wcm@guinix.com \
--cc=ska-supervision@skarnet.org \
--cc=supervision@list.skarnet.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).