* apache2 run script
@ 2006-10-01 9:29 Mark
2006-10-05 23:58 ` Alex Efros
2006-10-05 23:59 ` Charlie Brady
0 siblings, 2 replies; 14+ messages in thread
From: Mark @ 2006-10-01 9:29 UTC (permalink / raw)
Hello.
On the apache2 run script listed under
http://smarden.org/runit/runscripts.html#apache2
o recent runit-1.6.0 doesn't install '/command/pgrphack' anymore so
'/command/chpst -P' is required
o GNU/Linux too requires '/command/chpst -P' otherwise Apache comes up again
after 'sv down'.
So this is my current run script:
#!/bin/sh
exec 2>&1
exec /command/chpst -P /usr/local/apache2/bin/httpd -DNO_DETACH
Bye,
Mark
--
TOAD -- A Simple and Powerful C++ GUI Toolkit for the X Window System
/OO\ Check it out at http://www.mark13.org/toad/
__(/_--_\)__________________________ Mark-André Hopf <mhopf@mark13.org>
^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: apache2 run script
2006-10-01 9:29 apache2 run script Mark
@ 2006-10-05 23:58 ` Alex Efros
2006-10-06 6:12 ` Vincent Danen
2006-10-06 14:30 ` Charlie Brady
2006-10-05 23:59 ` Charlie Brady
1 sibling, 2 replies; 14+ messages in thread
From: Alex Efros @ 2006-10-05 23:58 UTC (permalink / raw)
Hi!
On Sun, Oct 01, 2006 at 11:29:40AM +0200, Mark wrote:
> #!/bin/sh
> exec 2>&1
> exec /command/chpst -P /usr/local/apache2/bin/httpd -DNO_DETACH
Hmm. I'm using Gentoo, and maybe it add some custom patches for apache
related to this issue, not sure. But AFAIK -DNO_DETACH is enough and no
process group hack needed anymore. My exec line in run script is:
exec env -i PATH=$PATH apache2 -DNO_DETACH -k start -DSSL
Gentoo's package name is: net-www/apache-2.0.58-r2.
--
WBR, Alex.
^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: apache2 run script
2006-10-01 9:29 apache2 run script Mark
2006-10-05 23:58 ` Alex Efros
@ 2006-10-05 23:59 ` Charlie Brady
1 sibling, 0 replies; 14+ messages in thread
From: Charlie Brady @ 2006-10-05 23:59 UTC (permalink / raw)
Cc: supervision
On Sun, 1 Oct 2006, Mark wrote:
> Hello.
>
> On the apache2 run script listed under
>
> http://smarden.org/runit/runscripts.html#apache2
>
> o recent runit-1.6.0 doesn't install '/command/pgrphack' anymore so
> '/command/chpst -P' is required
> o GNU/Linux too requires '/command/chpst -P' otherwise Apache comes up again
> after 'sv down'.
>
> So this is my current run script:
>
> #!/bin/sh
> exec 2>&1
> exec /command/chpst -P /usr/local/apache2/bin/httpd -DNO_DETACH
This is what I have:
exec 2>&1
exec chpst -P /usr/sbin/httpd -f $config -D FOREGROUND
^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: apache2 run script
2006-10-05 23:58 ` Alex Efros
@ 2006-10-06 6:12 ` Vincent Danen
2006-10-06 14:27 ` Charlie Brady
2006-10-06 14:30 ` Charlie Brady
1 sibling, 1 reply; 14+ messages in thread
From: Vincent Danen @ 2006-10-06 6:12 UTC (permalink / raw)
[-- Attachment #1: Type: text/plain, Size: 1105 bytes --]
* Alex Efros <powerman@powerman.asdfGroup.com> [2006-10-06 02:58:25 +0300]:
> On Sun, Oct 01, 2006 at 11:29:40AM +0200, Mark wrote:
> > #!/bin/sh
> > exec 2>&1
> > exec /command/chpst -P /usr/local/apache2/bin/httpd -DNO_DETACH
>
> Hmm. I'm using Gentoo, and maybe it add some custom patches for apache
> related to this issue, not sure. But AFAIK -DNO_DETACH is enough and no
> process group hack needed anymore. My exec line in run script is:
>
> exec env -i PATH=$PATH apache2 -DNO_DETACH -k start -DSSL
>
> Gentoo's package name is: net-www/apache-2.0.58-r2.
This is what I'm using in Annvix:
http://svn.annvix.org/cgi-bin/viewcvs.cgi/releases/2.0-CURRENT/httpd-conf/SOURCES/httpd.run?root=packages&view=markup
It's a little long to paste in here because we do some auto-detection
and definitions of modules for the way our configuration file is laid
out, but we haven't needed to use chpst with httpd, and we also use
-DNO_DETACH.
--
{FEE30AD4 : 7F6C A60C 06C2 4811 FA1C A2BC 2EBC 5E32 FEE3 0AD4}
mysql> SELECT * FROM users WHERE clue > 0;
Empty set (0.00sec)
[-- Attachment #2: Type: application/pgp-signature, Size: 186 bytes --]
^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: apache2 run script
2006-10-06 6:12 ` Vincent Danen
@ 2006-10-06 14:27 ` Charlie Brady
0 siblings, 0 replies; 14+ messages in thread
From: Charlie Brady @ 2006-10-06 14:27 UTC (permalink / raw)
Cc: supervision
On Fri, 6 Oct 2006, Vincent Danen wrote:
> * Alex Efros <powerman@powerman.asdfGroup.com> [2006-10-06 02:58:25 +0300]:
>
>> On Sun, Oct 01, 2006 at 11:29:40AM +0200, Mark wrote:
>>> #!/bin/sh
>>> exec 2>&1
>>> exec /command/chpst -P /usr/local/apache2/bin/httpd -DNO_DETACH
>>
>> Hmm. I'm using Gentoo, and maybe it add some custom patches for apache
>> related to this issue, not sure. But AFAIK -DNO_DETACH is enough and no
>> process group hack needed anymore. My exec line in run script is:
>>
>> exec env -i PATH=$PATH apache2 -DNO_DETACH -k start -DSSL
>>
>> Gentoo's package name is: net-www/apache-2.0.58-r2.
>
> This is what I'm using in Annvix:
>
> http://svn.annvix.org/cgi-bin/viewcvs.cgi/releases/2.0-CURRENT/httpd-conf/SOURCES/httpd.run?root=packages&view=markup
>
> It's a little long to paste in here because we do some auto-detection
> and definitions of modules for the way our configuration file is laid
> out, but we haven't needed to use chpst with httpd, and we also use
> -DNO_DETACH.
I think that "chpst -P .... -D FOREGROUND" is equivalent to "... -D
NO_DETACH"
http://mail-archives.apache.org/mod_mbox/httpd-cvs/200204.mbox/%3C20020405001814.86519.qmail@icarus.apache.org%3E
...
+ *) worker and prefork MPMs: Add -DFOREGROUND switch to cause the
+ Apache parent process to run in the foreground (similar to -DNO_DETACH
+ except that it doesn't switch session ids). [Jeff Trawick]
...
^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: apache2 run script
2006-10-05 23:58 ` Alex Efros
2006-10-06 6:12 ` Vincent Danen
@ 2006-10-06 14:30 ` Charlie Brady
2006-10-06 15:37 ` Alex Efros
1 sibling, 1 reply; 14+ messages in thread
From: Charlie Brady @ 2006-10-06 14:30 UTC (permalink / raw)
Cc: supervision
On Fri, 6 Oct 2006, Alex Efros wrote:
> Hi!
>
> On Sun, Oct 01, 2006 at 11:29:40AM +0200, Mark wrote:
>> #!/bin/sh
>> exec 2>&1
>> exec /command/chpst -P /usr/local/apache2/bin/httpd -DNO_DETACH
>
> Hmm. I'm using Gentoo, and maybe it add some custom patches for apache
> related to this issue, not sure. But AFAIK -DNO_DETACH is enough and no
> process group hack needed anymore. My exec line in run script is:
>
> exec env -i PATH=$PATH apache2 -DNO_DETACH -k start -DSSL
As a matter of interest, why do you do "env -i PATH=$PATH"? One of the
things that runit gives you is a guaranteed consistent environment,
inherited from runsvdir.
Do you have "env -i ..." in all your run scripts?
^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: apache2 run script
2006-10-06 14:30 ` Charlie Brady
@ 2006-10-06 15:37 ` Alex Efros
2006-10-06 15:46 ` Charlie Brady
0 siblings, 1 reply; 14+ messages in thread
From: Alex Efros @ 2006-10-06 15:37 UTC (permalink / raw)
Hi!
On Fri, Oct 06, 2006 at 10:30:12AM -0400, Charlie Brady wrote:
> >exec env -i PATH=$PATH apache2 -DNO_DETACH -k start -DSSL
>
> As a matter of interest, why do you do "env -i PATH=$PATH"? One of the
> things that runit gives you is a guaranteed consistent environment,
> inherited from runsvdir.
>
> Do you have "env -i ..." in all your run scripts?
:-) Because I've shown here only part of my real 'exec' line to not
overcomplicate example. My ./run really is:
---cut---
#!/bin/sh
exec &>/var/log/all/.log
[[ -e .wait4dep ]] && exit
exec env -i PATH=$PATH LD_PRELOAD=libREV.so \
apache2 -DNO_DETACH -k start -DDOC -DSSL -DFASTCGI # -DPHP4
---cut---
1) /var/log/all/.log is cumulative log (FIFO) designed to be only log file
always opened for reading (tail -F) by admin and to be really readable:
usually there few lines with important information added in few hours.
It contains:
a) All 'unusual' output from all services: runsvdir's STDOUT/STDERR
for example. Here you see apache's STDOUT/STDERR redirected there
because in normal execution flow apache will not output anything
into STDOUT/STDERR, it will use own logs instead.
b) All lines from all service's logs except filtered by admin
non-interested lines. I'm using 'e' and 'E' in ./config files of
svlogd to select these lines and my ./log/run usually looks this way:
#!/bin/sh
exec &>/var/log/all/.log
exec svlogd -tt /var/log/acpid/*/
Also I've notification service which is also reading this one log file
and do some actions: modify firewall, notify me, etc. It's based on idea
from http://smarden.org/socklog/notify.html .
2) .wait4dep is my home-made service dependency system. It's fairly simple
(realization is 519 bytes of bash script) and designed mostly to make
system startup faster by avoiding starting all services at once (not to
provide 'reliable dependencies', because this is impossible).
3) libREV.so is our trick for web development. This library able to
intercept all syscalls for opening files and redirect them to different
files if needed. Looks like rootkit. ;-) This is for working with
different 'revisions' of same CGI/html file at same time.
So... because of LD_PRELOAD and libREV's nature I prefer to not export
LD_PRELOAD to processes which doesn't need it. Most safe way - provide
this variable only for apache2 process using `env` or `envdir` or `chpst -e`.
P.S. No, I don't have `env` in all my ./run scripts. ;-) I've it only in
apache's ./run script.
--
WBR, Alex.
^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: apache2 run script
2006-10-06 15:37 ` Alex Efros
@ 2006-10-06 15:46 ` Charlie Brady
2006-10-06 15:57 ` Alex Efros
0 siblings, 1 reply; 14+ messages in thread
From: Charlie Brady @ 2006-10-06 15:46 UTC (permalink / raw)
Cc: supervision
On Fri, 6 Oct 2006, Alex Efros wrote:
> Hi!
>
> On Fri, Oct 06, 2006 at 10:30:12AM -0400, Charlie Brady wrote:
>>> exec env -i PATH=$PATH apache2 -DNO_DETACH -k start -DSSL
>>
>> As a matter of interest, why do you do "env -i PATH=$PATH"? One of the
>> things that runit gives you is a guaranteed consistent environment,
>> inherited from runsvdir.
...
> exec env -i PATH=$PATH LD_PRELOAD=libREV.so \
> apache2 -DNO_DETACH -k start -DDOC -DSSL -DFASTCGI # -DPHP4
...
> 3) libREV.so is our trick for web development. This library able to
> intercept all syscalls for opening files and redirect them to different
> files if needed. Looks like rootkit. ;-) This is for working with
> different 'revisions' of same CGI/html file at same time.
>
> So... because of LD_PRELOAD and libREV's nature I prefer to not export
> LD_PRELOAD to processes which doesn't need it. Most safe way - provide
> this variable only for apache2 process using `env` or `envdir` or `chpst -e`.
I don't see any advantage over:
export LD_PRELOAD=libREV.so
exec apache2 -DNO_DETACH -k start -DDOC -DSSL -DFASTCGI # -DPHP4
or
LD_PRELOAD=libREV.so exec apache2 -DNO_DETACH -k start \
-DDOC -DSSL -DFASTCGI # -DPHP4
^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: apache2 run script
2006-10-06 15:46 ` Charlie Brady
@ 2006-10-06 15:57 ` Alex Efros
2006-10-06 16:01 ` Paul Jarc
0 siblings, 1 reply; 14+ messages in thread
From: Alex Efros @ 2006-10-06 15:57 UTC (permalink / raw)
Hi!
On Fri, Oct 06, 2006 at 11:46:29AM -0400, Charlie Brady wrote:
> >exec env -i PATH=$PATH LD_PRELOAD=libREV.so \
> > apache2 -DNO_DETACH -k start -DDOC -DSSL -DFASTCGI # -DPHP4
> ...
>
> I don't see any advantage over:
>
> export LD_PRELOAD=libREV.so
> exec apache2 -DNO_DETACH -k start -DDOC -DSSL -DFASTCGI # -DPHP4
This way there a chance to occasionally add some commands between export
and exec lines. This may result in accessing wrong files in these commands
because of libREV.
> LD_PRELOAD=libREV.so exec apache2 -DNO_DETACH -k start \
> -DDOC -DSSL -DFASTCGI # -DPHP4
Yeah, this is acceptable, but I prefer to have 'exec' word in beginning of line
to make scripts ease to read/understand.
Anyway. Why you dislike `env -i` so much to invent all these alternatives? :)
For me `env` is good small program which doing it small task good enough:
env - run a program in a modified environment
In my ./run I need to 'run a program in a modified environment' so I've
used `env`. What's wrong with this?
--
WBR, Alex.
^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: apache2 run script
2006-10-06 15:57 ` Alex Efros
@ 2006-10-06 16:01 ` Paul Jarc
2006-10-06 16:21 ` Alex Efros
0 siblings, 1 reply; 14+ messages in thread
From: Paul Jarc @ 2006-10-06 16:01 UTC (permalink / raw)
Alex Efros <powerman@powerman.asdfGroup.com> wrote:
> Anyway. Why you dislike `env -i` so much to invent all these alternatives? :)
I think the interest is mostly in -i, not env. Do you have variables
in runsv's environment that Apache shouldn't have?
paul
^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: apache2 run script
2006-10-06 16:01 ` Paul Jarc
@ 2006-10-06 16:21 ` Alex Efros
2006-10-07 0:15 ` Charlie Brady
0 siblings, 1 reply; 14+ messages in thread
From: Alex Efros @ 2006-10-06 16:21 UTC (permalink / raw)
Hi!
On Fri, Oct 06, 2006 at 12:01:49PM -0400, Paul Jarc wrote:
> Alex Efros <powerman@powerman.asdfGroup.com> wrote:
> > Anyway. Why you dislike `env -i` so much to invent all these alternatives? :)
>
> I think the interest is mostly in -i, not env. Do you have variables
> in runsv's environment that Apache shouldn't have?
Hmm. No, I don't think -i really needed. In ./run script there about 30
variables, but most of them bash-related and I don't think some of them may
affect apache execution.
But... it just ease to use -i when starting apache than think 'is it safe'
about every from these 30 variables, check apache's documentation about used
variables, etc. Many years ago when I was a newbie sysadmin I have some
problems with apache started in unclean environment, so I always use -i
from that time... just for the case. That's called experience. ;-)
--
WBR, Alex.
^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: apache2 run script
2006-10-06 16:21 ` Alex Efros
@ 2006-10-07 0:15 ` Charlie Brady
2006-10-07 0:23 ` Alex Efros
2006-10-07 18:44 ` Paul Jarc
0 siblings, 2 replies; 14+ messages in thread
From: Charlie Brady @ 2006-10-07 0:15 UTC (permalink / raw)
Cc: supervision
On Fri, 6 Oct 2006, Alex Efros wrote:
> On Fri, Oct 06, 2006 at 12:01:49PM -0400, Paul Jarc wrote:
>> Alex Efros <powerman@powerman.asdfGroup.com> wrote:
>>> Anyway. Why you dislike `env -i` so much to invent all these alternatives? :)
>>
>> I think the interest is mostly in -i, not env. Do you have variables
>> in runsv's environment that Apache shouldn't have?
>
> Hmm. No, I don't think -i really needed. In ./run script there about 30
> variables, but most of them bash-related and I don't think some of them may
> affect apache execution.
>
> But... it just ease to use -i when starting apache than think 'is it safe'
> about every from these 30 variables, check apache's documentation about used
> variables, etc.
I'd be surprised if you have 30 variables set. I have only these:
@400000004526ef972d1a97bc SELINUX_INIT=YES
@400000004526ef972d1a9f8c CONSOLE=/dev/console
@400000004526ef972d1aa374 TERM=linux
@400000004526ef972d1aa374 INIT_VERSION=sysvinit-2.85
@400000004526ef972d1aa75c PATH=/command:/usr/local/bin:/usr/local/sbin:/bin:/sbin:/usr/bin:/usr/sbin
@400000004526ef972d1aab44 RUNLEVEL=7
@400000004526ef972d1aaf2c PWD=/var/service/mysqld
@400000004526ef972d1aaf2c PREVLEVEL=N
@400000004526ef972d1ab314 HOME=/
@400000004526ef972d1ab6fc SHLVL=1
@400000004526ef972d1ab6fc _=/bin/env
Add 'env' to one of your run scripts and you will learn what you have.
My /etc/runit/2 script is this (but with proctitle arg edited for
brevity):
===
#!/bin/sh
PATH=/command:/usr/local/bin:/usr/local/sbin:/bin:/sbin:/usr/bin:/usr/sbin
exec </dev/null
exec runsvdir -P /service 'log: ...[snip]...'
===
The environment could be smaller again if I used 'env -' in the
/etc/runit/2 script.
> Many years ago when I was a newbie sysadmin I have some
> problems with apache started in unclean environment, so I always use -i
> from that time... just for the case. That's called experience. ;-)
That was before you started to use supervision, which was designed in part
to guarantee a clean, predictable and invariant environment.
'env -' is not harmful, it's just wasted cycles.
^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: apache2 run script
2006-10-07 0:15 ` Charlie Brady
@ 2006-10-07 0:23 ` Alex Efros
2006-10-07 18:44 ` Paul Jarc
1 sibling, 0 replies; 14+ messages in thread
From: Alex Efros @ 2006-10-07 0:23 UTC (permalink / raw)
Hi!
On Fri, Oct 06, 2006 at 08:15:38PM -0400, Charlie Brady wrote:
> I'd be surprised if you have 30 variables set. I have only these:
>
> @400000004526ef972d1a97bc SELINUX_INIT=YES
> @400000004526ef972d1a9f8c CONSOLE=/dev/console
> @400000004526ef972d1aa374 TERM=linux
> @400000004526ef972d1aa374 INIT_VERSION=sysvinit-2.85
> @400000004526ef972d1aa75c
> PATH=/command:/usr/local/bin:/usr/local/sbin:/bin:/sbin:/usr/bin:/usr/sbin
> @400000004526ef972d1aab44 RUNLEVEL=7
> @400000004526ef972d1aaf2c PWD=/var/service/mysqld
> @400000004526ef972d1aaf2c PREVLEVEL=N
> @400000004526ef972d1ab314 HOME=/
> @400000004526ef972d1ab6fc SHLVL=1
> @400000004526ef972d1ab6fc _=/bin/env
>
> Add 'env' to one of your run scripts and you will learn what you have.
Hmm. I've used 'set':
BASH=/bin/sh
BASH_ARGC=()
BASH_ARGV=()
BASH_LINENO=([0]="0")
BASH_SOURCE=([0]="./run")
BASH_VERSINFO=([0]="3" [1]="1" [2]="17" [3]="1" [4]="release" [5]="i686-pc-linux-gnu")
BASH_VERSION='3.1.17(1)-release'
DIRSTACK=()
EUID=0
GROUPS=()
HOSTNAME=home
HOSTTYPE=i686
IFS='
'
MACHTYPE=i686-pc-linux-gnu
OPTERR=1
OPTIND=1
OSTYPE=linux-gnu
PATH=/command:/usr/local/bin:/usr/local/sbin:/bin:/sbin:/usr/bin:/usr/sbin:/usr/X11R6/bin
POSIXLY_CORRECT=y
PPID=19003
PS4='+ '
PWD=/service/1
SHELL=/bin/bash
SHELLOPTS=braceexpand:hashall:interactive-comments:posix
SHLVL=1
TERM=dumb
UID=0
_=/bin/sh
but this probably wrong because it also show non-exported variables.
'env' show only these:
PATH=/command:/usr/local/bin:/usr/local/sbin:/bin:/sbin:/usr/bin:/usr/sbin:/usr/X11R6/bin
PWD=/service/1
SHLVL=1
_=/bin/env
Ok then, I'll fix my ./run script. ;-D
--
WBR, Alex.
^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: apache2 run script
2006-10-07 0:15 ` Charlie Brady
2006-10-07 0:23 ` Alex Efros
@ 2006-10-07 18:44 ` Paul Jarc
1 sibling, 0 replies; 14+ messages in thread
From: Paul Jarc @ 2006-10-07 18:44 UTC (permalink / raw)
Cc: Alex Efros, supervision
Charlie Brady <charlieb-supervision@budge.apana.org.au> wrote:
> 'env -' is not harmful, it's just wasted cycles.
It also makes the correctness of the script more easily inferred by
the reader, which is not a bad thing. Cycles are cheap.
paul
^ permalink raw reply [flat|nested] 14+ messages in thread
end of thread, other threads:[~2006-10-07 18:44 UTC | newest]
Thread overview: 14+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2006-10-01 9:29 apache2 run script Mark
2006-10-05 23:58 ` Alex Efros
2006-10-06 6:12 ` Vincent Danen
2006-10-06 14:27 ` Charlie Brady
2006-10-06 14:30 ` Charlie Brady
2006-10-06 15:37 ` Alex Efros
2006-10-06 15:46 ` Charlie Brady
2006-10-06 15:57 ` Alex Efros
2006-10-06 16:01 ` Paul Jarc
2006-10-06 16:21 ` Alex Efros
2006-10-07 0:15 ` Charlie Brady
2006-10-07 0:23 ` Alex Efros
2006-10-07 18:44 ` Paul Jarc
2006-10-05 23:59 ` Charlie Brady
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).