Re: [gentoo-user] openrc->systemd command comparison - gentoo-user

From:	"Canek Peláez Valdés" <caneko@×××××.com>
To:	gentoo-user@l.g.o
Subject:	Re: [gentoo-user] openrc->systemd command comparison
Date:	Wed, 01 Apr 2015 17:15:27
Message-Id:	`CADPrc82-EpBP-B5M-_te6KACvzMo0pWH8jh2r020ixTydVH=4g@mail.gmail.com`
In Reply to:	Re: [gentoo-user] openrc->systemd command comparison by Rich Freeman

1

On Wed, Apr 1, 2015 at 8:28 AM, Rich Freeman <rich0@g.o> wrote:

2

>

3

> On Wed, Apr 1, 2015 at 4:04 AM, Canek Peláez Valdés <caneko@×××××.com>

4

wrote:

5

>

6

> > # If you have cgroups turned on in your kernel, this switch controls

7

> > # whether or not a group for each controller is mounted under

8

> > # /sys/fs/cgroup.

9

> > [...]

10

> > # Set this to YES if yu want all of the processes in a service's cgroup

11

> > # killed when the service is stopped or restarted.

12

> > # This should not be set globally because it kills all of the service's

13

> > # child processes, and most of the time this is undesirable. Please set

14

> > # it in /etc/conf.d/<service>.

15

> > # To perform this cleanup manually for a stopped service, you can

16

> > # execute cgroup_cleanup with /etc/init.d/<service> cgroup_cleanup or

17

> > # rc-service <service> cgroup_cleanup.

18

> > # rc_cgroup_cleanup="NO"

19

>

20

> As pointed out in the comments, using this feature is apparently

21

> unrecommended - probably because most init.d scripts were never

22

> written with it in mind.  A few notes that might be helpful for

23

> anybody trying this out, based on my systemd experiences (where this

24

> is standard functionality, but units are written with this in mind).

25

> Please note that I'm not 100% sure about how this is implemented in

26

> openrc, so some potential issues below may be mitigated.

27

>

28

> Also note, I'm not trying to make any value statements here (foo is

29

> better than bar) - the purpose of my email is to help educate

30

> sysadmins about some of the possible unintended consequences of using

31

> features like these.

32

>

33

> 1. As far as I'm aware, openrc still doesn't have any concept of

34

> scripts stopping/failing unless you explicitly tell it to stop them.

35

> With systemd if the main process dies, the unit stops (and possibly

36

> fails), and the child processes are killed automatically if this is

37

> not overridden.  So, don't expect the behavior to be exactly the same.

38

39

I think (I could be wrong) that most of the detection magic in systemd is

40

thanks to the use of cgroups. If that's the case, then OpenRC should be

41

able to do the same (if someone cared to code it).

42

43

> 2.  Some scripts like apache might attempt to do graceful shutdowns.

44

> I have no idea how the kill behavior of openrc interacts with this.

45

> With systemd care had to be taken in the script to ensure that kills

46

> were only sent after a suitable timeout to allow graceful shutdown a

47

> chance to complete - otherwise an apache2 graceful completes instantly

48

> and SIGTERMs get sent almost immediately afterwards.  The openrc

49

> init.d script already does its own attempts at polling/killing for a

50

> restart, so you might get issues with how these features interact.

51

>

52

> 3.  Sometimes leaving orphan processes around might be considered

53

> intended behavior.  Any screen launched from an ssh session is going

54

> to be a child of sshd and in its cgroup. If you completely kill the

55

> cgroup, then you'll kill any user sessions inside unless they were

56

> given some kind of special handling. I'm actually not 100% sure how

57

> this is done in systemd (logind may put these in a different cgroup

58

> already), but you'll certainly want to think about things like this.

59

60

As you correctly guessed, logind takes care of that:

61

62

$ systemd-cgls

63

├─1 /usr/lib/systemd/systemd --switched-root --system --deserialize 17

64

[...]

65

└─user.slice

66

  └─user-1024.slice

67

    ├─session-1395.scope

68

    │ ├─13984 sshd: canek [priv]

69

    │ ├─13989 sshd: canek@pts/0

70

    │ ├─13994 -bash

71

    │ ├─14012 systemd-cgls

72

    │ └─14013 /usr/bin/less

73

    └─user@××××.service

74

      ├─13986 /usr/lib/systemd/systemd --user

75

      └─13987 (sd-pam)

76

77

78

So OpenRC should implement something similar to logind (which would be

79

actually awesome, since GNOME, KDE and other sutff is starting to depend on

80

it) to be able to work like systemd.

81

82

> 4.  Not really an issue for openrc, but if you're running systemd

83

> timer units keep in mind that anything you fork from the main process

84

> dies when the main process dies, so be careful about a cron shell

85

> scripts that runs stuff in the background without waiting at the end.

86

>

87

> I'd think that this is a feature openrc would want to make the default

88

> at some point.  However, for that transition to be made maintainers

89

> need to take another look at their scripts to make sure they still

90

> work correctly.  That was never an issue for systemd since the

91

> behavior was there from the start.

92

>

93

> One thing I will say is that doing this sort of thing in the service

94

> manager makes a LOT more sense than doing it in individual scripts.

95

96

No argument from me here ;)

97

98

> Look at the apache2 init.d script sometime and compare it to the

99

> systemd unit.  Most of the complexity in the init.d script is just

100

> implementing stuff that systemd does natively, like graceful restarts

101

> with cleanup of orphans and all that.  I'm not criticizing the apache2

102

> script, but rather pointing out that one of the advantages of systemd

103

> is that all of its units benefit from that kind of care without the

104

> need to implement it in each script.  And, of course, killing child

105

> processes can be configured per-service or even globally (though doing

106

> it globally probably isn't advisable, since many units probably depend

107

> on systemd to just send SIGTERMs followed by SIGKILLs as its default

108

> action and stuff wouldn't stop at all without this).

109

110

Regards.

111

--

112

Canek Peláez Valdés

113

Profesor de asignatura, Facultad de Ciencias

114

Universidad Nacional Autónoma de México

1	On Wed, Apr 1, 2015 at 8:28 AM, Rich Freeman <rich0@g.o> wrote:
2	>
3	> On Wed, Apr 1, 2015 at 4:04 AM, Canek Peláez Valdés <caneko@×××××.com>
4	wrote:
5	>
6	> > # If you have cgroups turned on in your kernel, this switch controls
7	> > # whether or not a group for each controller is mounted under
8	> > # /sys/fs/cgroup.
9	> > [...]
10	> > # Set this to YES if yu want all of the processes in a service's cgroup
11	> > # killed when the service is stopped or restarted.
12	> > # This should not be set globally because it kills all of the service's
13	> > # child processes, and most of the time this is undesirable. Please set
14	> > # it in /etc/conf.d/<service>.
15	> > # To perform this cleanup manually for a stopped service, you can
16	> > # execute cgroup_cleanup with /etc/init.d/<service> cgroup_cleanup or
17	> > # rc-service <service> cgroup_cleanup.
18	> > # rc_cgroup_cleanup="NO"
19	>
20	> As pointed out in the comments, using this feature is apparently
21	> unrecommended - probably because most init.d scripts were never
22	> written with it in mind. A few notes that might be helpful for
23	> anybody trying this out, based on my systemd experiences (where this
24	> is standard functionality, but units are written with this in mind).
25	> Please note that I'm not 100% sure about how this is implemented in
26	> openrc, so some potential issues below may be mitigated.
27	>
28	> Also note, I'm not trying to make any value statements here (foo is
29	> better than bar) - the purpose of my email is to help educate
30	> sysadmins about some of the possible unintended consequences of using
31	> features like these.
32	>
33	> 1. As far as I'm aware, openrc still doesn't have any concept of
34	> scripts stopping/failing unless you explicitly tell it to stop them.
35	> With systemd if the main process dies, the unit stops (and possibly
36	> fails), and the child processes are killed automatically if this is
37	> not overridden. So, don't expect the behavior to be exactly the same.
38
39	I think (I could be wrong) that most of the detection magic in systemd is
40	thanks to the use of cgroups. If that's the case, then OpenRC should be
41	able to do the same (if someone cared to code it).
42
43	> 2. Some scripts like apache might attempt to do graceful shutdowns.
44	> I have no idea how the kill behavior of openrc interacts with this.
45	> With systemd care had to be taken in the script to ensure that kills
46	> were only sent after a suitable timeout to allow graceful shutdown a
47	> chance to complete - otherwise an apache2 graceful completes instantly
48	> and SIGTERMs get sent almost immediately afterwards. The openrc
49	> init.d script already does its own attempts at polling/killing for a
50	> restart, so you might get issues with how these features interact.
51	>
52	> 3. Sometimes leaving orphan processes around might be considered
53	> intended behavior. Any screen launched from an ssh session is going
54	> to be a child of sshd and in its cgroup. If you completely kill the
55	> cgroup, then you'll kill any user sessions inside unless they were
56	> given some kind of special handling. I'm actually not 100% sure how
57	> this is done in systemd (logind may put these in a different cgroup
58	> already), but you'll certainly want to think about things like this.
59
60	As you correctly guessed, logind takes care of that:
61
62	$ systemd-cgls
63	├─1 /usr/lib/systemd/systemd --switched-root --system --deserialize 17
64	[...]
65	└─user.slice
66	└─user-1024.slice
67	├─session-1395.scope
68	│ ├─13984 sshd: canek [priv]
69	│ ├─13989 sshd: canek@pts/0
70	│ ├─13994 -bash
71	│ ├─14012 systemd-cgls
72	│ └─14013 /usr/bin/less
73	└─user@××××.service
74	├─13986 /usr/lib/systemd/systemd --user
75	└─13987 (sd-pam)
76
77
78	So OpenRC should implement something similar to logind (which would be
79	actually awesome, since GNOME, KDE and other sutff is starting to depend on
80	it) to be able to work like systemd.
81
82	> 4. Not really an issue for openrc, but if you're running systemd
83	> timer units keep in mind that anything you fork from the main process
84	> dies when the main process dies, so be careful about a cron shell
85	> scripts that runs stuff in the background without waiting at the end.
86	>
87	> I'd think that this is a feature openrc would want to make the default
88	> at some point. However, for that transition to be made maintainers
89	> need to take another look at their scripts to make sure they still
90	> work correctly. That was never an issue for systemd since the
91	> behavior was there from the start.
92	>
93	> One thing I will say is that doing this sort of thing in the service
94	> manager makes a LOT more sense than doing it in individual scripts.
95
96	No argument from me here ;)
97
98	> Look at the apache2 init.d script sometime and compare it to the
99	> systemd unit. Most of the complexity in the init.d script is just
100	> implementing stuff that systemd does natively, like graceful restarts
101	> with cleanup of orphans and all that. I'm not criticizing the apache2
102	> script, but rather pointing out that one of the advantages of systemd
103	> is that all of its units benefit from that kind of care without the
104	> need to implement it in each script. And, of course, killing child
105	> processes can be configured per-service or even globally (though doing
106	> it globally probably isn't advisable, since many units probably depend
107	> on systemd to just send SIGTERMs followed by SIGKILLs as its default
108	> action and stuff wouldn't stop at all without this).
109
110	Regards.
111	--
112	Canek Peláez Valdés
113	Profesor de asignatura, Facultad de Ciencias
114	Universidad Nacional Autónoma de México

Gentoo Archives: gentoo-user