From a354329f724d6ce913d2ccffb2be8f3327a67faa Mon Sep 17 00:00:00 2001 From: Lennart Poettering Date: Tue, 6 Jan 2015 00:26:25 +0100 Subject: core: add new logic for services to store file descriptors in PID 1 With this change it is possible to send file descriptors to PID 1, via sd_pid_notify_with_fds() which PID 1 will store individually for each service, and pass via the usual fd passing logic on next invocation. This is useful for enable daemon reload schemes where daemons serialize their state to /run, push their fds into PID 1 and terminate, restoring their state on next start from the data in /run and passed in from PID 1. The fds are kept by PID 1 as long as no POLLHUP or POLLERR is seen on them, and the service they belong to are either not dead or failed, or have a job queued. --- man/sd_listen_fds.xml | 21 +++++++-- man/sd_notify.xml | 122 +++++++++++++++++++++++++++++++++++++++++++++--- man/systemd.service.xml | 29 ++++++++++++ 3 files changed, 161 insertions(+), 11 deletions(-) (limited to 'man') diff --git a/man/sd_listen_fds.xml b/man/sd_listen_fds.xml index 6999db9804..4377745634 100644 --- a/man/sd_listen_fds.xml +++ b/man/sd_listen_fds.xml @@ -73,7 +73,7 @@ If the unset_environment parameter is non-zero, sd_listen_fds() will unset the - $LISTEN_FDS/$LISTEN_PID + $LISTEN_FDS and $LISTEN_PID environment variables before returning (regardless of whether the function call itself succeeded or not). Further calls to @@ -83,10 +83,11 @@ If a daemon receives more than one file descriptor, they will be passed in the same order as - configured in the systemd socket definition - file. Nonetheless, it is recommended to verify the - correct socket types before using them. To simplify - this checking, the functions + configured in the systemd socket unit file (see + systemd.socket5 + for details). Nonetheless, it is recommended to verify + the correct socket types before using them. To + simplify this checking, the functions sd_is_fifo3, sd_is_socket3, sd_is_socket_inet3, @@ -103,6 +104,16 @@ This function call will set the FD_CLOEXEC flag for all passed file descriptors to avoid further inheritance to children of the calling process. + + If multiple socket units activate the same + service the order of the file descriptors passed to + its main process is undefined. If additional file + descriptors have been passed to the service manager + using + sd_pid_notify_with_fds3's + FDSTORE=1 messages, these file + descriptors are passed last, in arbitrary order, and + with duplicates removed. diff --git a/man/sd_notify.xml b/man/sd_notify.xml index 35f6f71ab3..2bf3383c0d 100644 --- a/man/sd_notify.xml +++ b/man/sd_notify.xml @@ -46,6 +46,9 @@ sd_notify sd_notifyf + sd_pid_notify + sd_pid_notifyf + sd_pid_notify_with_fds Notify service manager about start-up completion and other service status changes @@ -65,6 +68,30 @@ const char *format ... + + + int sd_pid_notify + pid_t pid + int unset_environment + const char *state + + + + int sd_pid_notifyf + pid_t pid + int unset_environment + const char *format + ... + + + + int sd_pid_notify_with_fds + pid_t pid + int unset_environment + const char *state + const int *fds + unsigned n_fds + @@ -175,7 +202,7 @@ MAINPID=... - The main pid of the + The main process ID (PID) of the service, in case the service manager did not fork off the process itself. Example: @@ -185,7 +212,7 @@ WATCHDOG=1 - Tells systemd to + Tells the service manager to update the watchdog timestamp. This is the keep-alive ping that services need to issue in regular intervals if @@ -199,12 +226,53 @@ check if the the watchdog is enabled. + + + + FDSTORE=1 + + Stores additional file + descriptors in the service + manager. File descriptors sent this + way will be maintained per-service by + the service manager and be passed + again using the usual file descriptor + passing logic on the next invocation + of the service (see + sd_listen_fds3). This + is useful for implementing service + restart schemes where services + serialize their state to + /run, push their + file descriptors to the system + manager, and are then restarted, + retrieving their state again via + socket passing and + /run. Note that + the service manager will accept + messages for a service only if + FileDescriptorStoreMax= + is set to non-zero for it (defaults to + zero). See + systemd.service5 + for details. Multiple arrays of file + descriptors may be sent in seperate + messages, in which case the arrays are + combined. Note that the service + manager removes duplicate file + descriptors before passing them to the + service. Use + sd_pid_notify_with_fds() + to send messages with + FDSTORE=1, see + below. + + It is recommended to prefix variable names that - are not shown in the list above with - X_ to avoid namespace - clashes. + are not listed above with X_ to + avoid namespace clashes. Note that systemd will accept status data sent from a service only if the @@ -217,6 +285,36 @@ sd_notify() but takes a printf()-like format string plus arguments. + + sd_pid_notify() and + sd_pid_notifyf() are similar to + sd_notify() and + sd_notifyf() but take a process + ID (PID) to use as originating PID for the message as + first argument. This is useful to send notification + messages on behalf of other processes, provided the + appropriate privileges are available. If the PID + argument is specified as 0 the process ID of the + calling process is used, in which case the calls are + fully equivalent to sd_notify() + and sd_notifyf(). + + sd_pid_notify_with_fds() is + similar to sd_pid_notify() but + takes an additional array of file descriptors. These + file descriptors are sent along the notification + message to the service manager. This is particularly + useful for sending FDSTORE=1 + messages, as described above. The additional arguments + are a pointer to the file descriptor array plus the + number of file descriptors in the array. If the number + of file descriptors is passed as 0, the call is fully + equivalent to sd_pid_notify(), + i.e. no file descriptors are passed. Note that sending + file descriptors to the service manager on messages + that do not expect them (i.e. without + FDSTORE=1) they are immediately + closed on reception. @@ -295,13 +393,25 @@ Error Cause Notification - A service could send the following shortly before exiting, on failure + A service could send the following shortly before exiting, on failure: sd_notifyf(0, "STATUS=Failed to start up: %s\n" "ERRNO=%i", strerror(errno), errno); + + + Store a File Descriptor in the Service Manager + + To store an open file descriptor in the + service manager, in order to continue + operation after a service restart without + losing state use + FDSTORE=1: + + sd_pid_notify_with_fds(0, 0, "FDSTORE=1", &fd, 1); + diff --git a/man/systemd.service.xml b/man/systemd.service.xml index 0b68aa0890..4c890dfb7b 100644 --- a/man/systemd.service.xml +++ b/man/systemd.service.xml @@ -1117,6 +1117,35 @@ command. + + FileDescriptorStoreMax= + Configure how many + file descriptors may be stored in the + service manager for the service using + sd_pid_notify_with_fds3's + FDSTORE=1 + messages. This is useful for + implementing service restart schemes + where the state is serialized to + /run and the file + descriptors passed to the service + manager, to allow restarts without + losing state. Defaults to 0, i.e. no + file descriptors may be stored in the + service manager by default. All file + descriptors passed to the service + manager from a specific service are + passed back to the service's main + process on the next service + restart. Any file descriptors passed + to the service manager are + automatically closed when POLLHUP or + POLLERR is seen on them, or when the + service is fully stopped and no job + queued or being executed for + it. + + Check -- cgit v1.2.3-54-g00ecf