From: Charlie Brady <charlieb-supervision@budge.apana.org.au>
Cc: supervision@list.skarnet.org
Subject: Re: Respawn limit for runsv?
Date: Sun, 13 Feb 2005 13:42:23 -0500 (EST) [thread overview]
Message-ID: <Pine.LNX.4.44.0502131334070.30064-100000@e-smith.charlieb.ott.istop.com> (raw)
In-Reply-To: <lars-D190CB.08045912022005@sea.gmane.org>
On Sat, 12 Feb 2005, Lars Kellogg-Stedman wrote:
> > > There is no general class of problem unless you can provide a single
> > > instance.
>
> Seriously, I would like to live in your perfect world, but in the past
> couple of decades I've seen a variety of situations that would have been
> easier to deal with (or that, in fact, *were* easier to deal with)
> because of a limiter.
I only asked for one :-)
> Let's make up some examples:
I didn't want made up examples :-)
> - A piece of hardware on which a program depends goes bad, causing the
> program to exit immediately upon startup. Suppose that this program has
> a high initial startup cost -- so not only is it respawning pointlessly,
> but it's driving up system load.
>
> - The disk fills up, causing your X startup to fail. But because of the
> continuous respawning, you can't log in on the console!
OK, I'm convinced.
> Exponential back-off would probably be just fine, and represents a
> fairly common solution to this class of problem. SysV init simply
> pauses for a few minutes if the respawn rate exceeds a certain
> threshold, and then tries again.
>
> Either behavior would be helpful.
But perhaps both are unnecessarily complicated. Would it not be sufficient
for runsv to have a configurable "dead time" after starting the supervised
process before it was again prepared to respawn the child? We want it to
start a new child quickly, but we don't want it to do so often. So how
about "within one second", but "at most every ten seconds".
It would also be useful to have a mechanism to distinguish between a
process dying in reponse to a request from runsv, and a program dying
unexpectedly. Perhaps have "finish" and "unexpected_finish" scripts. I'd
certainly like to have a mechanism to run a finish script if a service is
taken down, but not if it just died unexpecedly. The "unexpected_finish"
script could introduce the programmed delay you want, notify the admin,
preserve any essential logs, etc.
---
Charlie
next prev parent reply other threads:[~2005-02-13 18:42 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-02-11 12:56 Lars Kellogg-Stedman
2005-02-12 0:14 ` Charlie Brady
2005-02-12 1:14 ` Lars Kellogg-Stedman
2005-02-12 3:13 ` Charlie Brady
2005-02-12 5:21 ` Charles Duffy
2005-02-12 13:04 ` Lars Kellogg-Stedman
2005-02-13 18:42 ` Charlie Brady [this message]
2005-02-13 21:21 ` Thomas Schwinge
2005-02-13 13:48 ` Gerrit Pape
2005-02-13 18:19 ` Lars Kellogg-Stedman
2005-02-14 16:23 ` Clemens Fischer
2005-02-13 3:59 ` Lars Kellogg-Stedman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Pine.LNX.4.44.0502131334070.30064-100000@e-smith.charlieb.ott.istop.com \
--to=charlieb-supervision@budge.apana.org.au \
--cc=supervision@list.skarnet.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).