Re: graceful restart under runit

supervision - discussion about system services, daemon supervision, init, runlevel management, and tools such as s6 and runit
 help / color / mirror / Atom feed

From: prj@po.cwru.edu (Paul Jarc)
Subject: Re: graceful restart under runit
Date: Sat, 18 Nov 2006 14:30:19 -0500	[thread overview]
Message-ID: <m3ac2oeen1.fsf@multivac.cwru.edu> (raw)
In-Reply-To: <20061118123120.GA8388@home.power> (Alex Efros's message of "Sat, 18 Nov 2006 14:31:20 +0200")

Alex Efros <powerman@powerman.asdfGroup.com> wrote:
> Yep, looks like you right. Looks like I've confused this case and case
> when process with listening socket doing fork and so result in two
> listening sockets for same ip/port in two different processes.

Now that you mention this, I think there is a way to hand off to a new
server process with no unavailability at all.  But if you can tolerate
a small outage during the switchover, you may be better off with the
simpler method of sending a signal to make the old process close its
listening socket, then forgetting the old process using Gerrit's patch
and starting a new one, which will just open a listening socket as
usual.

So, for zero-unavailability: there is a metaserver which listens on a
filesystem socket and takes care of opening other listening sockets
for other servers.  Instead of opening a listening socket directly,
another server would connect to this filesystem socket and ask the
metaserver to open it.  If there is not yet any socket open for the
requested address, the metaserver opens one, and passes the descriptor
to the requestor over the filesystem socket connection with sendmsg().
(The metaserver also keeps the listening socket open for itself, but
never calls accept() on it.)  Both sides keep the filesystem socket
connection open for as long as the requestor is accepting connections.
If the metaserver receives a request for a socket that is already
open, it notifies the previous requestor, which still holds the
listening socket, over the filesystem connection.  The old process can
then close its listening socket (new connections will only be delayed
at this point, not refused, since the metaserver still has the
listening socket open as well), close the filesystem connection,
finish servicing its current connections, and exit.  Once the
metaserver sees that the old requestor's filesystem connection has
been closed, it sends the listening socket to the new requestor.

While a server is handling connections, it would have to use
select()/poll() to notice activity on either the listening socket or
the filesystem connection; it couldn't just block on accept() in a
loop.  (Well, it could, but that would mean that when a switchover
starts, it wouldn't be completed until the next client connected.)

If the requestor exits, and no other requestors are around to pass the
listening socket to, the metaserver could close it immediately, or
could keep it open for a few seconds to see if a new requestor show
up.  So quick, non-overlapping restarts would be transparent to the
end clients.

To trigger the switchover, you wouldn't need any signals - just make
runsv forget about the old process using Gerrit's patch.  When the new
process starts up and connects to the filesystem socket, that will
trigger everything else.

paul

next prev parent reply	other threads:[~2006-11-18 19:30 UTC|newest]

Thread overview: 20+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2006-11-15 11:47 Dražen Kačar
2006-11-15 16:08 ` Alex Efros
2006-11-16 15:24   ` Dražen Kačar
2006-11-17  0:15     ` Alex Efros
2006-11-17  0:48       ` Paul Jarc
2006-11-17 13:34         ` Alex Efros
2006-11-17 14:53           ` Charlie Brady
2006-11-17 15:39             ` Gerrit Pape
2006-11-18  0:22             ` Alex Efros
2006-11-18  1:34               ` Charlie Brady
2006-11-18 12:31                 ` Alex Efros
2006-11-18 19:30                   ` Paul Jarc [this message]
2006-11-20 18:27                     ` Dražen Kačar
2006-11-20 19:32                       ` Paul Jarc
2006-11-20 19:43                         ` Paul Jarc
2006-11-22 19:25                         ` Dražen Kačar
2006-11-22 19:51                           ` Paul Jarc
2006-11-23 12:25                             ` Dražen Kačar
2006-11-24 21:22                               ` Paul Jarc
2006-11-17 13:14     ` Gerrit Pape

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=m3ac2oeen1.fsf@multivac.cwru.edu \
    --to=prj@po.cwru.edu \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).