From mboxrd@z Thu Jan 1 00:00:00 1970 X-Msuck: nntp://news.gmane.io/gmane.comp.sysutils.supervision.general/604 Path: main.gmane.org!not-for-mail From: Vincent Danen Newsgroups: gmane.comp.sysutils.supervision.general Subject: Re: supervising postfix Date: Sat, 16 Oct 2004 17:37:21 -0600 Message-ID: <532D0697-1FCC-11D9-8DD8-000A9598BFB2@annvix.org> References: NNTP-Posting-Host: deer.gmane.org Mime-Version: 1.0 (Apple Message framework v619) Content-Type: multipart/signed; protocol="application/pgp-signature"; micalg=pgp-sha1; boundary="Apple-Mail-53--596442884" Content-Transfer-Encoding: 7bit X-Trace: sea.gmane.org 1097969858 4089 80.91.229.6 (16 Oct 2004 23:37:38 GMT) X-Complaints-To: usenet@sea.gmane.org NNTP-Posting-Date: Sat, 16 Oct 2004 23:37:38 +0000 (UTC) Cc: supervision@list.skarnet.org Original-X-From: supervision-return-843-gcsg-supervision=m.gmane.org@list.skarnet.org Sun Oct 17 01:37:26 2004 Return-path: Original-Received: from antah.skarnet.org ([212.85.147.14] ident=qmailr) by deer.gmane.org with smtp (Exim 3.35 #1 (Debian)) id 1CIy73-0007OT-00 for ; Sun, 17 Oct 2004 01:37:25 +0200 Original-Received: (qmail 6100 invoked by uid 76); 16 Oct 2004 23:37:46 -0000 Mailing-List: contact supervision-help@list.skarnet.org; run by ezmlm List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Archive: Original-Received: (qmail 6094 invoked from network); 16 Oct 2004 23:37:46 -0000 In-Reply-To: Original-To: Charlie Brady X-Pgp-Agent: GPGMail 1.0.2 X-Mailer: Apple Mail (2.619) X-SA-Exim-Connect-IP: 68.149.32.61 X-SA-Exim-Mail-From: vdanen@annvix.org X-SA-Exim-Version: 4.1 (built Mon, 20 Sep 2004 22:38:34 -0600) X-SA-Exim-Scanned: Yes (on hades.annvix.org) Xref: main.gmane.org gmane.comp.sysutils.supervision.general:604 X-Report-Spam: http://spam.gmane.org/gmane.comp.sysutils.supervision.general:604 --Apple-Mail-53--596442884 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=US-ASCII; format=flowed On 16-Oct-04, at 2:11 PM, Charlie Brady wrote: >>> You'll either need to ensure that the run script is not a process >>> group >>> leader (remove -P from runsvdir, and possibly add "chpst -P" to most >>> other >>> run scripts), or fix postfix to turn the fatal error into a warning. >> >> runsvdir doesn't run with -P. I tried using chpst -P on postfix, but >> that didn't work. I'm not too terribly interested in changing all the >> runscripts to chpst -P every other service (I haven't had the need to >> do it for any yet). > > It's a defensive measure. you can't control when or if a process will > kill > its own process group. And you don't want any of those processes taking > out all your stage 2. You won't have the need for it, until you have > the > need for it! Hmmm... so should I be running runsvdir with -P then? And if I do, do I need to run chpst -P on all the other services? Defensive measures are good, I'm just not sure of the best way to implement it. Is running runsvdir with -P sufficient, I guess is what I'm asking. >> Patching postfix is not my idea of a good time, either. I'd prefer to >> not mangle as much software as possible because it becomes a >> maintenance nuisance. > > Sure, but you already have a maintenance problem, right now. Postfix > doesn't run for you. Well, it does. Not the way that I exactly want, but I can start postfix from stage 1 and have it work. Of course, if I do it this way I have to "exec chpst -P postfix start &" which isn't elegant. I'm recompiling postfix now with the change to master.c you noted in your next email and we'll see if I can make master run under supervision and do the right thing. > If you are not using -P anywhere, then maybe you've found a bug with > postfix, and it is trying multiple times to become process group > leader or > something. Have you straced it, so you can see what is being called > when? Yeah, but most of that is greek to me. =) >> I think what I may end up doing is calling "postfix start" from stage >> 2 >> if something like /etc/sysconfig/postfix contains "START=yes" or >> something similar. Then in stage 3 I'll issue a "postfix stop". Goes >> against how I like to do things, but it seems like "master" is doing a >> bit of supervision on it's own so instead of using (on Annvix anyways) >> "srv stop postfix" one would have to issue "postfix stop". I dislike >> that it needs to be different, but at least this way I don't have to >> fall back to a traditional initscript. I could then have a runscript >> for service postfix that just checks every few seconds to make sure >> that master is still running, and if it is, sleep for another 5 >> seconds >> and then do another check. If master doesn't seem to be running, then >> just issue "postfix start" and sleep again. >> >> A bit of a compromise, but I think it might be the best solution. > > Sounds aweful :-( It's not, but not really what I want either. It works, which is something, and it still doesn't rely on clumsy initscripts. It just isn't quite the way I wanted it, but we'll see if making master warn on setsid() failure makes it work "properly". -- Annvix - Secure Linux Server: http://annvix.org/ *Please note gpg keyid FE6F2AFD has been replaced with keyid FEE30AD4* "lynx -source http://linsec.ca/vdanen.asc | gpg --import" {FEE30AD4 : 7F6C A60C 06C2 4811 FA1C A2BC 2EBC 5E32 FEE3 0AD4} --Apple-Mail-53--596442884 content-type: application/pgp-signature; x-mac-type=70674453; name=PGP.sig content-description: This is a digitally signed message part content-disposition: inline; filename=PGP.sig content-transfer-encoding: 7bit -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (Darwin) iD8DBQFBcbCxLrxeMv7jCtQRAiA4AJ9LkF/hhCCBvs9StzOjaJM7Ho5YrQCgiBZ1 IWcN0rdSgFeK20QU1onSrs0= =fkzC -----END PGP SIGNATURE----- --Apple-Mail-53--596442884--