Re: logging services with shell interaction

supervision - discussion about system services, daemon supervision, init, runlevel management, and tools such as s6 and runit
 help / color / mirror / Atom feed

From: Ben Franksen <ben.franksen@online.de>
To: supervision@list.skarnet.org
Subject: Re: logging services with shell interaction
Date: Sun, 24 Oct 2021 22:36:06 +0200	[thread overview]
Message-ID: <sl4g3n$10oj$1@ciao.gmane.io> (raw)
In-Reply-To: <YXQ66sbHJ/FqdAIR@CasperVector>

Am 23.10.21 um 18:40 schrieb Casper Ti. Vector:
> On Sat, Oct 23, 2021 at 05:48:23PM +0200, Ben Franksen wrote:
>> I agree. BTW, another detail is the special handling of certain control
>> characters by procServ: ^X to restart the child, ^T to toggle auto-restart,
>> and the possibility to disable some others like ^C and especially ^D; which
>> is not only convenient but also avoids accidental restarts (people are used
>> to ^D meaning "exit the shell").
> 
> These functionalities would need to be (and would perhaps have better
> been) done outside of the `socat'/`recordio' pair, as separate commands
> (like `s6-svc -k ...' or `touch .../down') or wrappers.  `socat' simply
> exits upon ^D/^C by default, so the IOC would not be hurt; I find this
> enough to prevent most user errors, therefore more filtering of control
> characters seems unnecessary.

Sure, there may be other solutions, it's just another one of those 
details that need to be taken care of somehow.

>> Our approach uses a somewhat hybrid mixture of several components. Since the
>> OS is Debian we use systemd service units, one for each IOC. They are
>> executing `/usr/bin/unshare -u sethostname %i runuser -u ioc -- softIOC-run
>> %i` which fakes the host name to trick EPICS' Channel Access "Security" into
>> the proper behavior, and then drops privileges. softIOC-run is the script of
>> which I posted a simplified version, with the pipeline between procServ and
>> multilog. Despite the disadvantages explained by Laurent, so far this works
>> pretty well (I have never yet observed multilog to crash or otherwise
>> misbehave). Finally, the configuration for all IOCs (name, which host do
>> they run on, path to the startup script) all reside in a small database and
>> there are scripts to automatically install everything, including automatic
>> enabling and disabling of the service units.
> 
> Frankly I find the above a little over-complicated, even discounting the
> part about CA security which we do not yet involve.  I think you might
> be going to find our paper (after publication; it is to be submitted the
> next week) interesting in simplifying IOC management.

I am looking forward to it. You may want to post a link when it's done, 
here or on the EPICS mailing list.

Cheers
Ben
-- 
I would rather have questions that cannot be answered, than answers that
cannot be questioned.  -- Richard Feynman

next prev parent reply	other threads:[~2021-10-24 20:36 UTC|newest]

Thread overview: 11+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-10-19  8:59 Ben Franksen
2021-10-19 23:27 ` Laurent Bercot
2021-10-20  7:53   ` Ben Franksen
2021-10-20 18:01     ` Casper Ti. Vector
2021-10-23 15:48       ` Ben Franksen
2021-10-23 16:40         ` Casper Ti. Vector
2021-10-24 20:36           ` Ben Franksen [this message]
2022-04-22 10:40             ` Casper Ti. Vector
2023-06-22 17:16       ` Casper Ti. Vector
2023-06-23 11:48         ` Ben Franksen
2023-06-23 12:30           ` Casper Ti. Vector

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to='sl4g3n$10oj$1@ciao.gmane.io' \
    --to=ben.franksen@online.de \
    --cc=supervision@list.skarnet.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).