150 likes | 373 Views
Service invocation. Evan Miller eam@yahoo-inc.com. 10.20.11. Agenda. Unix process management, how and why we daemonize Patterns for invoking and shutting down services. Process process process Overview of Daemontools and Runit Q&A. Typical daemonization.
E N D
Service invocation Evan Miller eam@yahoo-inc.com 10.20.11
Agenda • Unix process management, how and why we daemonize • Patterns for invoking and shutting down services. Process process process • Overview of Daemontools and Runit • Q&A
Typical daemonization • Attempt to separate process from calling context • Setsid, process group, process session, disassociate controlling tty • Double fork • Reopen stdin, stdout, stderr to /dev/null • Chdir / • All because process fork from user shell • Attempt to create known starting state • Avoid holding resources • Sshd ever hang after starting a service?
Many things left for granted • Environment vars • Nice, ionice • Other filehandles • Services stop runing – now what? • Story: Admin logs in to restart a service, TZ and LANG • Impossible to enumerate all process attributes!
A better way? • Runit / daemontools • License • Minor command differences • Services start from init • No user shell • Each process gets a supervisor • Each process gets a logger • Init is always running, therefore our stuff is always running • Suite of useful helper tools • Suite of helper tools • How do you drop privileges from the commandline? Sudo/su are terrible
Daemontoolsfilesystem layout • /service/$APP/run • /service/$APP/supervise/{control,lock,ok,status} • Sockets for communication • /service/$APP/log
Daemontools helper commands • Setuidgid • Softlimit • Pgrphack • fghack • Envdir • Key is pluggable, modular commands. Unix philosophy.
Control via messaging • Svc / sv • Send signals via supervise • Svc –t /service/sshd • Svstat / sv status • Read status of running process • No parent/child relationship between invoking user’s process, and app
Requirements for the service • Must foreground • Can log via stdout for simple cases • Should clean up temporary resources before starting • Can it break? Assume it’s broken • Should kill competing services before starting • Sleep between failures to handle restart churn • Should exit gracefully on TERM • Should have documented requirements for cleanup
Startup / shutdown philosophy • Create any runtime state which is known in advance • mkdir /var/log/foo • Resource in use? aggressively reclaim. • Fuser –k –ntcp 80 • Nuke transient runtime data on startup, restore to known good state • Check_dbmy.db || rm –fmy.db • No ordering of services • Poll for resource instead